> ## Documentation Index
> Fetch the complete documentation index at: https://docs.gpa.coach/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Privacy

> How GPA Coach protects your credentials and student data.

Trust is the foundation of GPA Coach. Because this service handles sensitive academic data and school portal credentials, the architecture is designed with a "Security First" mindset using industry-leading infrastructure.

Here is exactly how your data is handled, stored, and protected.

## 1. Credential Storage (The Vault)

Your school passwords are **never** stored in plain text.

* **Tokenization:** When you link a school account, GPA Coach stores only your username and a secure "reference token."
* **The Vault:** The actual password is encrypted and stored in a dedicated **Enterprise Secret Vault**.
* **Certified Security:** Our vault provider is **SOC 2 Type II compliant** and **FIPS 140-3 certified** (the standard required for government-grade security). They undergo regular third-party penetration testing to ensure your credentials are safe.
* **Isolation:** The database that manages your schedule and students does not hold your passwords. It only holds the token that unlocks the vault momentarily when a report is running.

## 2. Data Minimization & Retention

GPA Coach operates on a **"Read, Report, Delete"** model.

* **No Long-Term Storage:** We do not build a historical database of every grade or assignment your student has ever received.
* **On-the-Fly Processing:** When your scheduled report runs, the system connects to the school, analyzes the current data, generates the email, and sends it.
* **Immediate Deletion:** Once the email is sent, the detailed academic data retrieved from the portal is discarded from the processing memory.

## 3. Trusted Infrastructure

We do not host your data on private servers. The platform is built entirely on top of world-class, SOC 2 compliant providers to ensure reliability and security.

| Component          | Security Standards                                                                                                                                |
| :----------------- | :------------------------------------------------------------------------------------------------------------------------------------------------ |
| **Authentication** | Managed by a specialized identity provider ensuring secure sessions and abuse protection.                                                         |
| **Cloud Hosting**  | Hosted on **SOC 2 Type II** and **ISO 27001** certified serverless infrastructure.                                                                |
| **Database**       | Data is encrypted at rest and in transit (TLS 1.2+).                                                                                              |
| **AI Processing**  | We utilize top-tier commercial LLMs (e.g., OpenAI, Anthropic, Gemini) via their enterprise APIs. **Your data is not used to train their models.** |

## 4. Operational Privacy

* **Automated Systems:** The generation of reports is entirely automated.
* **Restricted Access:** Human access to data is strictly limited. Engineering staff access system logs only for the purposes of platform reliability, debugging errors, or resolving specific support tickets you initiate.

## 5. Third-Party Connections

GPA Coach uses custom-built connectors to communicate with school portals. This means your credentials are not passed through unnecessary "middle-man" data aggregators—they stay within our secure ecosystem until they reach your school's login page.

<Card title="Have more questions?" icon="envelope" href="mailto:support@gpa.coach">
  If you have specific concerns about security or privacy, please email our support team.
</Card>
