Icon

Security

Our Security

Our Security page explains how CampusAI protects university data through tenant isolation, encryption, identity controls, private service architecture, monitoring, and vulnerability reporting. It outlines the safeguards we use to secure the platform and support FERPA-aligned data handling.

Icon

Security

Our Security

Our Security page explains how CampusAI protects university data through tenant isolation, encryption, identity controls, private service architecture, monitoring, and vulnerability reporting. It outlines the safeguards we use to secure the platform and support FERPA-aligned data handling.

Icon

Last Updated on June, 29, 2026

CampusAI Security

University AI builds an AI-powered campus companion for universities. Below is how we think about and operate security.

Architecture

CampusAI runs on AWS in us-east-1. The platform is split across six microservices (web frontend, dumb-router backend, AI agents, university adapters, control plane, batch workers) behind a single public ALB. All cross-service traffic is private; the browser only talks to the frontend, which fans out internally.

Tenant Isolation

Every university is a separate tenant with its own Cognito user pool and per-tenant data partitions. Isolation is enforced at four independent layers — DynamoDB partition keys, IAM dynamodb:LeadingKeys, middleware JWT-tenant binding, and per-record assertions in FERPA-sensitive connectors. No single bug in any one layer can leak data across tenants.

Encryption

Data in transit uses TLS 1.2 or higher. Data at rest is encrypted with AWS KMS. Secrets live in AWS Secrets Manager and are delivered to services at runtime — never committed to source, never written to .env files in production.

Identity

Employees authenticate via Google Workspace SSO with MFA. End users authenticate via their university's identity provider, federated into a per-tenant Cognito pool. Tokens are verified against the resolving tenant's JWKS endpoint.

Detection

We use AWS GuardDuty for threat detection, AWS Inspector v2 for continuous container image scanning, AWS CloudTrail for management-plane audit, AWS CloudWatch for application logs and metrics, and AWS Config for compliance drift.

Compliance

SOC 2 Type I — audit in progress (audit window May–June 2026)

FERPA — CampusAI treats education records as restricted-class data. Tenant isolation, encryption, and access controls are tuned to FERPA requirements.

Reporting a Vulnerability

Email security@campusai.app with a description of the issue and steps to reproduce. We acknowledge within 3 business days. We do not currently run a public bug bounty.

Reporting a Privacy Concern

Email privacy@campusai.app.

Approved by: Aiden Polinsky, Founder & CEO

UniversityAI, Inc.

Signature: __________________________ Date: 2026-06-29