MyEdMentor

Trust Center

How we protect data, govern AI, and support institutional due diligence. Universities are the data Controller; MyEdMentor acts as Processor.

DRAFT — pending legal review. Not a contractual representation.

Security

DRAFT — technical and organisational measures, pending legal review. This page summarises the controls protecting personal data processed on behalf of institutions. It is provided for due diligence and is not a contractual representation.

Tenant isolation

Every product record is scoped to an organisation. Access is confined two ways: an application-layer organisation resolver (the primary control) and PostgreSQL row-level security policies (a database-level backstop). The isolation model is independently exercised by an automated cross-organisation test that asserts one institution cannot read or write another’s data.

Encryption

Data is encrypted in transit using TLS. Data at rest is encrypted by the managed database and object-storage provider. Uploaded files are held in a private bucket and are never publicly addressable.

Access control

Role-based access spans owner, organisation admin, tutor, moderator, external examiner, student, support admin and platform admin. Support access to an institution’s data is not standing: it requires an explicit, time-boxed, reason-logged grant that expires automatically.

Auditability

Privileged actions (content create/update/publish, enrolment assignment, data-rights actions, configuration changes) are written to an append-only audit log that is immutable by database trigger and policy — entries cannot be edited or deleted, including by administrators. Authorised admins can view and export the log.

File handling

Uploads are validated at the boundary (file-type allow-list and size ceiling) before storage. Stored files are retrievable only through short-lived signed URLs minted server-side after an access check; each access is logged. There are no permanent public file links.

AI processing

Identifiable personal data is pseudonymised before any text is sent to an AI provider. Only processing metadata is logged — never prompts, responses, or personal data. See AI Governance.

Backups & change management

The production database has managed daily backups; point-in-time recovery is planned. Schema changes are additive, validated on a staging project, and gated by a verified-backup procedure before any production application — destructive operations are deferred.

Roadmap

A downloadable University Security Pack and DPIA support material consolidate the full control set — see Security Pack. Penetration-testing readiness and an enforced Content-Security-Policy are tracked follow-ups.