Security

Security philosophy

Security is treated as a product responsibility, not a later compliance layer. Access, integrations, support activity, exports, and sensitive actions should be limited, reviewable, and attributable.

Role-based access direction

• ✓Least-privilege access based on identity, role, permission, relationship, and scope
• ✓Public information separated from assigned workspaces
• ✓District tenant isolation and school-level visibility boundaries
• ✓Human review required for sensitive actions

Public/private route boundary

Public pages explain HomeRoomHUB. Login is the platform entry point, and workspace routes require a signed-in session. Production authentication and authorization remain future foundation work.

Tenant isolation and audit direction

District is the primary tenant direction. Access, reviews, exports, support activity, and integration actions are designed to carry an accountable record and stay inside the appropriate district boundary.

Support access controls

Support access is designed to be approved, limited, and recorded. Broad standing access to district data is not the product direction.

Incident and credential readiness

The platform direction includes incident response planning, customer communication, credential rotation, integration inventory, backup and restore planning, and data portability.

Responsible disclosure

If you believe you have found a security issue, use Contact and choose Security/privacy inquiry so it can be routed for review. Please do not share sensitive details publicly.

Current scope

This page describes the security direction and operating principles. It does not assert external security or compliance certification.