Skip to main content
Trust is the foundation of GPA Coach. Because this service handles sensitive academic data and school portal credentials, the architecture is designed with a “Security First” mindset using industry-leading infrastructure. Here is exactly how your data is handled, stored, and protected.

1. Credential Storage (The Vault)

Your school passwords are never stored in plain text.
  • Tokenization: When you link a school account, GPA Coach stores only your username and a secure “reference token.”
  • The Vault: The actual password is encrypted and stored in a dedicated Enterprise Secret Vault.
  • Certified Security: Our vault provider is SOC 2 Type II compliant and FIPS 140-3 certified (the standard required for government-grade security). They undergo regular third-party penetration testing to ensure your credentials are safe.
  • Isolation: The database that manages your schedule and students does not hold your passwords. It only holds the token that unlocks the vault momentarily when a report is running.

2. Data Minimization & Retention

GPA Coach operates on a “Read, Report, Delete” model.
  • No Long-Term Storage: We do not build a historical database of every grade or assignment your student has ever received.
  • On-the-Fly Processing: When your scheduled report runs, the system connects to the school, analyzes the current data, generates the email, and sends it.
  • Immediate Deletion: Once the email is sent, the detailed academic data retrieved from the portal is discarded from the processing memory.

3. Trusted Infrastructure

We do not host your data on private servers. The platform is built entirely on top of world-class, SOC 2 compliant providers to ensure reliability and security.
ComponentSecurity Standards
AuthenticationManaged by a specialized identity provider ensuring secure sessions and abuse protection.
Cloud HostingHosted on SOC 2 Type II and ISO 27001 certified serverless infrastructure.
DatabaseData is encrypted at rest and in transit (TLS 1.2+).
AI ProcessingWe utilize top-tier commercial LLMs (e.g., OpenAI, Anthropic, Gemini) via their enterprise APIs. Your data is not used to train their models.

4. Operational Privacy

  • Automated Systems: The generation of reports is entirely automated.
  • Restricted Access: Human access to data is strictly limited. Engineering staff access system logs only for the purposes of platform reliability, debugging errors, or resolving specific support tickets you initiate.

5. Third-Party Connections

GPA Coach uses custom-built connectors to communicate with school portals. This means your credentials are not passed through unnecessary “middle-man” data aggregators—they stay within our secure ecosystem until they reach your school’s login page.

Have more questions?

If you have specific concerns about security or privacy, please email our support team.