Trust Center
Security & privacy documentation for districts
Everything your technology and data-privacy team needs to evaluate Impact Suite — our security program, subprocessors, AI data handling, and data-protection practices. Self-serve the public documents below, or request access to items shared under NDA.
Documentation
Freely available — no login or request required.
Security Overview
Our security program, encryption standards, hosting, and access controls at a glance.
Read → PrivacyWhat Data We Collect
A complete inventory of the data elements we collect, why, and how they're protected.
Read → PrivacyPrivacy & Regulatory Compliance
Our compliance posture across FERPA, HIPAA, COPPA, and state student-privacy laws.
Read → LegalSubprocessors
The third-party services we use to deliver the platform, what they process, and where.
Read → LegalThird-Party Management
How we vet, contract with, and monitor the vendors that process educational data.
Read → AIAI Data Handling (AskImpact)
How AskImpact uses AI — no model training on student data, U.S. processing, human oversight.
Read → SecurityData Flow
How student data enters, is stored, and is processed — all within a U.S. AWS boundary.
Read → PrivacyData Transition
How educational agencies export their data — and what happens when services end.
Read → PrivacySecure Deletion
Our NIST 800-88–aligned data destruction process, with certification provided to agencies.
Read → SecurityIncident Response
How we detect, contain, investigate, and communicate security incidents — with a 72-hour notification commitment.
Read → SecurityTraining & Awareness
How our personnel are trained to protect student data.
Read → AccessibilityAccessibility (VPAT)
Our WCAG 2.1 AA conformance approach and how to request the current VPAT.
Read → LegalCustomization & Alignment
How we align our data-privacy and security practices to your district's specific policies and state requirements.
Read →Available on request
Sensitive artifacts shared with reviewers under a mutual NDA. Request access →
SOC 2
SOC 2 Type II program status and roadmap. Report available under NDA.
Request access → SecurityPenetration Testing
Third-party penetration testing summary. Full report available under NDA.
Request access → LegalInsurance Coverage
Cyber and general liability coverage. Certificate of insurance available on request.
Request access →For current districts
Current districts receive advance notice of subprocessor changes under their Data Processing Agreement, and can request a copy of their executed DPA, a data export, or a certificate of destruction through their account team at support@impactsuite.com.
Talk to our compliance team
Questions about our security program, a specific document, or a district-specific requirement?