What we hold
The minimum needed to run cohorts: name, email, mission submissions, mentor feedback, and (when you ask for one) a payment record. We do not sell or rent data, ever.
How we hold it
- Encryption in transit (TLS 1.3) and at rest (AES-256).
- Row-Level Security on every public table; least-privilege role grants.
- Service-role keys never reach the browser.
- Daily encrypted backups with point-in-time recovery.
- 2FA on every internal account; SSO with hardware keys for staff.
How we ship
- All changes peer-reviewed, audited dependency tree (weekly scans).
- Webhooks signature-verified, secrets rotated quarterly.
- Public log of platform changes: /changelog.
Responsible disclosure
Found something? Email security@smarteruni.com with steps to reproduce. We'll acknowledge within 48 hours, fix within 30 days for high/critical, and credit you on this page if you want.
Hall of fame
Be the first.
More
See also Trust & Safety, Privacy, and our live Status page.