|
    LinkEdu.AI
    Connecting Universities and Students Through AI
    Security Overview

    Security & Platform Overview

    A technical summary of LinkEdu.AI's security architecture, access controls, data handling, and compliance posture — prepared for institutional security reviewers and procurement teams.

    Request Security ReviewTrust Center

    Security Principles

    Least privilege access across all systems
    Encryption by default — data in transit and at rest
    Strict separation of data across user roles (student, university, admin)
    Continuous monitoring and logging of system activity
    Privacy-first architecture with consent-aware workflows

    Infrastructure & Hosting

    • Hosted on secure cloud infrastructure (AWS regions in the United States)
    • Data stored in managed, secure environments with access restrictions
    • Network-level protections and encrypted communication (TLS 1.2+)
    • Separation between application, database, and storage layers
    • Infrastructure provisioned and managed using established cloud services with security compliance track records

    Access Control & Authentication

    • Role-Based Access Control (RBAC) enforced across all platform layers
    • Strict separation between student, university, and administrative data and permissions
    • Secure authentication handled via trusted identity providers (credentials are not stored directly)
    • Session management with expiration and protection against unauthorized access
    • Administrative actions follow least-privilege enforcement and are logged for audit purposes

    Data Protection & Handling

    • Data encrypted in transit (TLS 1.2+) and at rest
    • Uploaded documents stored securely with controlled access permissions
    • Access to sensitive data restricted to authorized systems and personnel only
    • Data retention aligned with operational and legal requirements
    • No sale of personal data to third parties
    • Payment data processed by Stripe — full card details are not stored on LinkEdu.AI servers

    Application Security

    • Input validation and secure coding practices applied across the application
    • Protection against common vulnerabilities (OWASP Top 10 awareness)
    • Controlled API access with authentication and authorization enforcement
    • Internal access logging and audit trails for administrative operations
    • Regular system updates and dependency patching

    AI Responsibility

    • AI features are assistive, not authoritative — outputs support decision-making, not replace it
    • AI-generated outputs are probabilistic and do not guarantee admission, visa, or enrollment outcomes
    • Disclaimers and acknowledgment prompts are presented before AI feature usage
    • AI interaction data is not used to train third-party models
    • Full AI use policy publicly available

    Full framework: AI Use Policy

    Privacy & Consent

    • Consent captured at signup, subscription, document upload, and AI feature usage
    • Policy versioning tracks re-consent requirements when policies are updated
    • Role-based data visibility ensures users access only information relevant to their role
    • Privacy rights requests supported for U.S. and international users
    • All privacy policies publicly accessible without authentication

    Full details: Privacy Policy

    Legal Framework

    • Governing law and jurisdiction: Commonwealth of Virginia, United States
    • All platform policies publicly available and accessible without authentication
    • Data Processing Addendum (DPA) available for institutional customers upon request
    • Subprocessor list maintained and publicly disclosed
    • Designed to support GDPR-aligned data processing practices

    Incident Response

    • Security incidents are monitored and investigated promptly
    • Access and activity logs support incident analysis and forensic review
    • Affected parties are notified in accordance with applicable legal and contractual requirements

    Compliance Position

    LinkEdu.AI does not currently hold formal certifications such as SOC 2 or ISO 27001. However, the platform is designed following industry-standard security and privacy practices and is prepared to support institutional security reviews and compliance requirements. For specific compliance inquiries, submit a Security Review request or contact security@linkedu.ai.

    Security Requests & Documentation

    Institutions may request the following for procurement and compliance review:

    • Vendor security questionnaire responses
    • Architecture and data flow documentation
    • Data Processing Addendum (DPA)
    • Subprocessor disclosures

    Submit requests via the Security Review form or email security@linkedu.ai.

    Trust Center Privacy Policy AI Policy Subprocessors DPA Request

    Security & Compliance Requests

    Submit vendor questionnaires, request documentation, or connect with our security team.

    Request Security ReviewVendor QuestionnaireRequest DPAContact Security Team
    © 2026 LinkEdu.AI. All rights reserved.