← Security Hub

Security & Compliance at ThinkKits

Your single source for security documentation, certifications, and compliance information. Built for district procurement teams.

Certifications & Compliance

SOC 2 Aligned

SOC 2 Aligned

Infrastructure and vendors (Railway, Clerk, Supabase, Pinecone) maintain SOC 2 Aligned practices.

FERPA Compliant

FERPA Compliant

We process only publicly available federal education data. No student PII collected, stored, or processed.

Section 508

Section 508

Accessibility compliance in progress. WCAG 2.1 AA alignment and audit planned for 2026.

SDPC Member

SDPC Member

Student Data Privacy Consortium National DPA framework supported. State-specific templates available.

Documentation

Download or review our security and compliance documents. All documents are available for procurement review.

Security Overview

Comprehensive overview of our security architecture, controls, and practices.

View document →

Incident Response Plan

Our IRP including severity levels, response phases, and 72-hour breach notification commitment.

View document →

SDPC NDPA v2.1 Alignment

National Data Privacy Agreement checklist (29/32 met), co-signature process, and district request steps.

View alignment →

State DPA Templates

Data Privacy Agreement templates for California, Texas, New York, Florida, and 8+ states.

View library →

Service Level Agreement

99.9% uptime commitment, support tiers, and credit policy.

View SLA →

Privacy Policy

How we collect, use, and protect your data.

View policy →

Acceptable Use Policy

Terms governing acceptable use of ThinkKits platform and services.

View policy →

FERPA Compliance

How ThinkKits handles education data under FERPA. Data model, parent rights FAQ, and breach notification.

View document →

COPPA Compliance

ThinkKits serves school administrators, not children. Our COPPA position and age verification practices.

View document →

Procurement Quick-Start

How to buy ThinkKits using federal funds. Step-by-step guide with per-pupil cost examples.

View guide →

Data Quality & Validation

How we verify every data point — universe validation, completeness, and accuracy cross-checks against NCES.

View report →

Subprocessor List

ThinkKits uses the following subprocessors to deliver our platform. All vendors maintain SOC 2 Aligned or equivalent certifications and have data processing agreements in place.

Subprocessor Purpose Location
SupabaseDatabase (Postgres)US
ClerkAuthenticationUS
StripeBilling & paymentsUS
PineconeVector store (embeddings)US (AWS)
Neo4jGraph databaseUS (GCP)
RailwayHosting & computeUS
SentryError monitoringUS
CloudflareCDN & DDoS protectionGlobal (US primary)

Data Residency

All ThinkKits infrastructure is US-based. Production databases (Supabase, Neo4j, Pinecone), application hosting (Railway), and authentication (Clerk) operate in US regions. No customer data is stored or processed outside the United States.

Contact

Security & Compliance Inquiries

For security questionnaires, DPAs, and procurement requests:

security@thinkkits.com

(267) 936-0332