Trust CenterSecurity FAQ

Thirty questions, answered.

Every institutional security review asks roughly the same thirty questions. They're grouped below by concern: encryption, identity and access, network isolation, data handling, AI safety, vulnerability management, and compliance. The answers are calibrated and code-traceable.

For procurement-grade documentation under NDA (SOC 2 readiness summary, penetration testing reports, full subprocessor list, Data Processing Agreement), talk to our team.

Encryption

  1. Is data encrypted at rest?

    Yes. AES-256 encryption at rest is enforced across Azure Blob Storage, Cosmos DB, and Azure Database for PostgreSQL. Customer-managed keys (CMK) are available for institutional deployments where required by procurement, with documented key rotation cadence.

  2. Is data encrypted in transit?

    Yes. TLS 1.2+ is required for every external connection. The Web Application Firewall on Azure Front Door Premium enforces TLS termination at the edge with modern cipher suites; legacy TLS versions are disabled.

  3. How are encryption keys managed?

    All secrets are stored in Azure Key Vault with role-based access control, soft delete, network ACLs, and a private endpoint isolating the data plane from the public network. Key material is never embedded in code or configuration. Standing privileged access is not the norm; just-in-time elevation is required for key-vault administrative operations.

  4. Are customer-managed keys supported?

    Yes, on request for institutional deployments. CMK is implemented through Azure Key Vault customer-managed keys with documented rotation cadence and a clear scope of which encryption boundary the customer key controls.

Identity and access

  1. What single sign-on (SSO) providers are supported?

    Microsoft Entra ID for institutional federation. SAML 2.0 and OpenID Connect are supported through Entra. Federation with a customer’s Entra tenant is the default for institutional onboarding.

  2. Is multi-factor authentication enforced?

    MFA is enforced at the institutional layer through Microsoft Entra ID. The institution configures conditional-access policies on its Entra tenant; ArthurAI™ inherits the policy through SSO. Direct password login (where used) supports MFA via authenticator app.

  3. How does role-based access control (RBAC) work?

    Five canonical profile types: student, teacher, institution_admin, sub_admin, platform_admin. Each route is guarded by an explicit @Roles decorator. Sub-admins receive granular permission flags (manage teachers, manage students, manage courses, view analytics, manage announcements, manage billing, manage settings) for delegated administration.

  4. Is there standing administrative access?

    No. Platform-administrator access is just-in-time. There is no shared administrative account. Every privileged operation is audit-logged with actor identity and timestamp.

  5. How is session management handled?

    Authentication is JWT-based with bearer-token authentication on the API. Session length is configurable. Tokens carry profile-type and institution-scope claims so the API can enforce both role-based and tenant-based access on every request.

Network isolation

  1. Is the production environment network-isolated?

    Yes. The production environment runs in an Azure Virtual Network (VNet) with four subnets (compute, private endpoints, function integration, bastion). Private endpoints terminate connections to Azure Key Vault, Cosmos DB, and Azure Functions on the private network. Public network access is disabled by default on the data plane.

  2. Is the platform protected by a Web Application Firewall (WAF)?

    Yes. Azure Front Door Premium fronts every public surface with the integrated Azure WAF. Rule sets include OWASP Core Rule Set protections, bot management, and rate limiting. Custom rules are added per deployment.

  3. Is there DDoS protection?

    Yes. Azure Front Door Premium includes Azure DDoS Standard protection at the edge. Volumetric and protocol-layer DDoS attacks are mitigated globally before reaching origin services.

  4. Is administrative access to virtual machines exposed publicly?

    No. Administrative access (DevOps agent, database-migration VM) is brokered through Azure Bastion. There is no public RDP or SSH port open. Outbound egress is controlled through an Azure NAT Gateway with documented IP scope.

Data handling

  1. Where is customer data stored (data residency)?

    Production deployments are hosted in U.S. Azure regions by default (East US for production, West US 2 for the ULE deployment). EU/EEA, African, and Asian institutional deployments use the closest applicable Azure geography on request, with Standard Contractual Clauses for cross-border transfer where applicable.

  2. How is multi-tenant isolation enforced?

    Five-layer isolation. (1) Database: every query filters by institutionId. (2) API: institutionId is extracted from the JWT, never from user input. (3) File storage: tenant-scoped Blob containers (tenant-{institutionId}-documents). (4) Cache: cache keys include institutionId. (5) Frontend: every API call carries institutionId from the auth context. Isolation boundaries are tested in the integration suite.

  3. How is backup and restore handled?

    Automated backups run on documented cadence for Cosmos DB, PostgreSQL, and Blob Storage. Recovery point objective (RPO) and recovery time objective (RTO) are documented at institutional onboarding and tested as part of business-continuity exercises.

  4. What happens to data on offboarding?

    Offboarding triggers a full export (FERPA-aligned for U.S. institutional deployments) followed by coordinated deletion across the database, blob storage, and cache layers, with audit-log writes. The institution receives written confirmation of deletion. Audit logs are retained per the contracted retention period.

  5. How long are logs retained?

    Operational logs (Azure Log Analytics) default to 30-day retention, configurable per institution. FERPA-relevant audit logs are retention-aligned to the institution’s record-retention policy with a 7-year design target for FERPA-covered deployments. Logs are tamper-evident and never contain AI conversation content.

AI safety

  1. How are AI hallucinations mitigated?

    Pre-LLM guardrails filter inputs (rate limits, prompt-injection patterns, cost checks). Post-LLM guardrails validate outputs (schema validation, content safety, citation discipline). Lesson-content generation uses lesson-scope grounding and post-generation sanitization (KaTeX math validation, Mermaid diagram repair). Where applicable, the AI tutor uses retrieval-augmented answers with citations to lesson source.

  2. Is there protection against prompt injection?

    Yes. Pre-LLM input filtering blocks known prompt-injection patterns. System prompts are stored in the database with explicit guardrails (educator-decides posture, no autonomous progression decisions). Post-LLM schema validation rejects responses that don’t match expected output structure.

  3. What is logged in AI interactions?

    Strictly: model name, token count, cost, latency, user ID, institution ID, correlation ID. Strictly never: AI prompts, AI responses, or conversation content. This is a firm logging-discipline rule, not a configuration option.

  4. Is customer data used to train AI models?

    No. Customer data is never used for AI model training. ArthurAI™’s reasoning capability is built on Eve-Genesis™ synthetic data, not on data from the institutions we serve. This is contractual, not just policy.

  5. How are AI models selected and rotated?

    A documented model panel (GPT-4o, GPT-4o-mini, Llama-4-Maverick, DeepSeek-R1, Mistral-Large-3, o1-mini, Phi-4, Llama-3.2-90B-Vision, Cohere embed-v-4-0) is composed in the Eve-Education™ Fusion v5 architecture. Selection rules are scenario-based (default, streaming, complex reasoning, cost-sensitive, multilingual, vision, embeddings). Where an institution or jurisdiction prohibits a specific provider, that provider is swapped without rebuilding the agent.

Vulnerability management

  1. Is the platform penetration-tested?

    Yes. Penetration testing runs on a documented cadence (annual minimum, plus on major architectural changes). Reports are provided under NDA to institutional buyers on request as part of procurement diligence.

  2. What is the patch cadence?

    High-severity advisories are patched within commercially reasonable timelines (Critical: as soon as practicable; High: within standard maintenance windows). Continuous dependency scanning runs in CI; flagged vulnerabilities trigger remediation tickets with severity-based SLAs.

  3. Is static and dynamic security testing in CI?

    Yes. Static analysis (SAST) runs on every pull request through CodeQL-equivalent tooling. Dynamic application security testing (DAST) runs against staging on documented cadence. Findings are tracked through the same engineering ticket system as functional defects.

Compliance

  1. What is the SOC 2 status?

    ArthurAI™ ships with a SOC 2 Type 2 readiness posture: control narratives drafted, evidence-collection automated, and a defined audit window planned. Type 2 attestation timing is announced when the audit window completes and the report is finalized. Institutional buyers can request the current readiness summary under NDA.

  2. How does ArthurAI handle FERPA?

    For deployments inside FERPA-covered institutions, Eve-Education, LLC operates as a school official under FERPA. Education records are processed under direction from the institution; redisclosure to third parties requires institutional authorization. Data Privacy Agreements are executed at onboarding. Audit trails are retention-aligned and tamper-evident.

  3. How does ArthurAI handle COPPA?

    For SLE deployments serving children under 13, the school-as-agent model permitted by the Federal Trade Commission applies — the school provides verifiable parental consent on the parent’s behalf for educational purposes. No personal information collected from a child is used for behavioral advertising, profile-building outside the educational context, or third-party marketing.

  4. Is the platform accessible (WCAG / Section 504 / Section 508)?

    WCAG 2.1 AA is the conformance target across every shipping surface. Accessibility is a launch criterion, not a roadmap item. Conformance is verified at build time via automated checks (axe-core in CI) and at release time via manual review across keyboard navigation, screen-reader behavior, color contrast, focus management, and text alternatives. A Voluntary Product Accessibility Template (VPAT) is available on request.

See also: full compliance posture · security pillars · data-handling policy · subprocessor list · responsible AI.