Enterprise-grade security, by default.

Permissions and Authentication: Role-based access control (RBAC) is enforced across the platform. Only authorized users can access relevant resources based on their assigned roles.

Password and Credential Storage: Passwords are stored securely using bcrypt, and we enforce strong password policies across the platform.

Uptime: We maintain over 99.9% uptime, monitored via third-party services. Our systems are designed for reliability and availability at scale.

Two-Factor Authentication (2FA): Users can enable two-factor authentication for an additional layer of protection. 2FA is available for all roles and can be enforced at the organization level.

IP Blocking & Sanctions: Administrators can block specific IP addresses or ranges to restrict access from untrusted networks. Sanctioned IPs are denied access across the entire platform.

Threat Mitigation by Design: Our systems use firewall protections, payload and rate limits to detect and block suspicious activity early. Sensitive actions require repeated authorization to prevent unauthorized behavior.

Data Hosting and Storage: Our infrastructure runs on secure DigitalOcean servers. All data is stored with enterprise-grade security standards and protected through hardened configurations and access controls.

High-Availability Architecture: All traffic to our application is routed through a secure load balancer, which helps mitigate DDoS attacks and distributes requests to ensure high availability and performance under load.

Encryption: All data is encrypted in transit using TLS 1.2+ and at rest with AES-256 encryption. Sensitive information is safeguarded following industry-recognized security practices.

Backups and Monitoring: Daily backups are automatically stored on encrypted, redundant infrastructure. We continuously monitor systems for uptime, anomalies, and performance metrics to ensure operational reliability.

Security Testing & Monitoring: We perform internal security assessments and work with external partners for penetration testing. Vulnerability scans help us identify and address potential risks across our systems.

Incident Response & Recovery: We maintain an internal incident response process and are equipped with rapid recovery capabilities to restore availability or data access in case of failure.

Internal Policies: We maintain policies covering key areas like incident response, access control, vendor risk, and secure development practices. These are reviewed and updated as needed.

Team Commitments: Every team member signs a confidentiality agreement during onboarding and receives training on data protection and security awareness.

Authentication & Identity Management: We use secure authentication for internal tools and apply strict permissions to control infrastructure access.

Payment Security: Payments are handled through Stripe, a certified PCI-DSS Level 1 provider. Teachfloor does not store any credit card information.

Employee Access Restrictions: Only authorized personnel have access to production systems. Access is role-based, audited, and tightly scoped. Confidentiality agreements and periodic training reinforce secure data handling practices.