Compliance portal
Security and privacy information for institutional review
This portal collects VerbalCheck security, data handling, legal compliance, technical control, governance, and SOC 2 roadmap information for schools, districts, colleges, and universities evaluating the platform.
Published documents
These are the currently published legal and vendor artifacts. The document cards below link to additional compliance pages for institutional review.
Certification status
VerbalCheck is not currently SOC 2 certified. The roadmap section states the intended path toward SOC 2 Type I and Type II readiness as the business matures.
1. Security Overview
A practical trust summary for institutional review
Audience
Leadership, principals, department heads, and institutional buyers
VerbalCheck is designed for academic environments where student submissions, interview responses, instructor review, and LMS-connected workflows must be handled with care.
2. Data Handling
Where data lives, how it is protected, and how long it is kept
Audience
IT directors, compliance officers, privacy reviewers, and procurement teams
VerbalCheck documents the categories of data it processes and applies retention, deletion, and access controls appropriate for student academic records.
Documents and artifacts
Data Retention & Deletion Policy
Submissions, transcripts, AI review, and scoring reports are retained according to the applicable course, pilot, assignment review period, and institutional instructions.
Open document
Data Storage Location Statement
Hosting and storage providers are identified; region-specific commitments should be confirmed in the customer agreement before signature.
Open document
AI Data Use Statement
Documents how student content, transcripts, and analysis data are used to provide VerbalCheck functionality and how AI subprocessors are constrained.
Open document
Backup & Recovery Overview
Operational summary of backup, recovery, and continuity practices.
Open document
3. Privacy & Legal Compliance
Legal artifacts for school and institutional review
Audience
Legal counsel, administrators, privacy officers, and contract reviewers
The public legal documents give institutions the baseline materials needed to review privacy, contract, data processing, and student-record obligations.
Documents and artifacts
FERPA Compliance Statement
VerbalCheck is positioned to support FERPA-sensitive academic workflows through access control, protected storage, and secure transmission.
Open document
GDPR Compliance Statement
For EU/UK processing, institution-specific data roles, subprocessors, transfer terms, and rights workflows should be documented in the DPA.
Open document
COPPA / Student Privacy Statement
For K-12 or minor users, implementation should be reviewed against the institution age range, consent model, and account provisioning process.
Open document
Data Processing Addendum Template
Template DPA for institutional data processing review.
Open document
Privacy Policy
Current public privacy policy.
Open document
Terms of Service
Current public terms governing use of VerbalCheck.
Open document
4. Technical Security
Controls IT teams can evaluate
Audience
IT directors, CIOs, CISOs, security reviewers, and implementation teams
VerbalCheck uses layered application, session, authorization, storage, and integration controls to protect student and institutional data.
Documents and artifacts
Technical Security White Paper
Architecture-level overview of authentication, authorization, storage, LMS integration, and monitoring controls.
Open document
Encryption Overview
Documents encryption in transit and provider-backed encryption at rest expectations.
Open document
Access Control & RBAC Overview
Explains student, instructor, admin, and system access boundaries.
Open document
Audit Logging Overview
Summarizes audit events, policy views, session events, and administrative activity logging.
Open document
Secure Development Practices Summary
Preview-first deployment, smoke validation, dependency scanning, secret handling, and hardening practices.
Open document
5. Governance & Operations
Operational practices for institutional accountability
Audience
Institutional buyers, IT operations, compliance officers, and vendor management teams
VerbalCheck publishes the operational information institutions need to understand vendor oversight, incident handling, and continuity expectations.
Documents and artifacts
Incident Response Plan Overview
Overview of intake, triage, containment, remediation, notification, and post-incident review steps.
Open document
Subprocessor List
Current public register of active, optional, and planned subprocessors.
Open document
Business Continuity & Disaster Recovery Overview
Summary of continuity responsibilities across application hosting, database hosting, and operational recovery.
Open document
Vulnerability Disclosure Policy
Security reporting instructions and expected response window.
Open document
Security Contact & Escalation Policy
Documents privacy, security, and customer support escalation paths.
Open document
6. SOC 2 Roadmap
Transparent path toward third-party assurance
Audience
CIOs, CISOs, procurement teams, and compliance officers
VerbalCheck is not currently SOC 2 certified. The roadmap below states the intended direction without presenting an audit as complete.
SOC 2 intention statement
Roadmap wording for procurement and IT teams
VerbalCheck is not currently SOC 2 certified. As our institutional customer base grows and our business matures, we intend to pursue SOC 2 Type I and SOC 2 Type II examinations.
In the meantime, we are aligning internal security, privacy, availability, and confidentiality practices with principles commonly evaluated under the SOC 2 Trust Services Criteria. This includes documented access controls, data handling policies, incident response procedures, vendor oversight, encryption practices, and operational security reviews.
Our goal is to establish a practical compliance foundation now, then move toward formal third-party audit readiness as customer demand, operational scale, and infrastructure maturity warrant it.
Vendor review support
Need a questionnaire completed?
Institutional security and procurement teams can use this portal as the starting point. For additional review questions, contact VerbalCheck support or route security matters to security@verbalcheck.com.