School districts across the nation rely on Clever to sync roster data with their applications, in part because security is a top priority. Clever keeps student information safe by ensuring:
- Full district control over data access rights at all times;
- Protection through a tested and secure infrastructure.
Full District Control
Districts control data access at all points in the process, from signup all the way through account provisioning. Districts determine:
- What data Clever can access (always read-only);
- How often they sync data with Clever;
- Which applications can access data; and
- How much data each application can access (via data sharing permissions).
Districts can fine-tune these settings at any time through the Clever Dashboard. If a district chooses to discontinue their Clever sync, they can do so at any time. Clever will delete their account and remove any residual data immediately upon request.
Student Data Privacy at Clever
Clever syncs basic information to manage user accounts in online learning applications, such as student and teacher identifiers, section names, and enrollment information.
All rostering data that is synced with Clever is protected by industry-leading infrastructure (see below). Clever will never use or sell student information for marketing or other purposes.
Additionally, Clever maintains FERPA compliance under the FTC's School Officials Exemption, meaning Clever provides a service on behalf of schools that the schools themselves would usually provide. Furthermore, all Clever-supported applications agree to adhere to FERPA requirements in the terms of our partnership.
Clever has spent years developing one of the best security infrastructures in K-12 education. Key features of Clever's industry-leading infrastructure are:
- AES256 data encryption for data at rest;
- TLS with strong ciphers, with a preference for those with perfect-forward secrecy, for data in transit;
- Multiple factor authentication;
- Third-party security audits and code reviews;
- Responsible disclosure (“bug bounty”) program;
- Full-time security administrator; and
- Employee background checks.
The syncing process is encrypted at all times using 256-bit encryption, which is double the standard used by the consumer banking industry. In addition, Clever's production environment is completely isolated from the internet, and all access is logged and secured using multiple factor authentication.
Clever has a full-time security administrator and invests in regular third-party audits in order to ensure continual improvement of security protocols.