compliance_matrix // regulatory_status

compliance
matrix.

our adherence to global regulatory frameworks. fully auditable — we list partial compliance honestly.

fully_compliant
3
partial_compliance
1
in_progress
1

FERPA

compliant
Family Educational Rights & Privacy Act // United States
95%

Student records are accessible only to authorized institutional actors. Parents of minor students retain access rights.

GDPR

compliant
General Data Protection Regulation // European Union
92%

Right to erasure, data portability, and processing transparency are all honored. DPA contracts in place with all sub-processors.

POPIA

compliant
Protection of Personal Information Act // South Africa
98%

Primary jurisdiction. All processing activities are aligned with POPIA conditions, including lawful basis and consent frameworks.

HIPAA

partial
Health Insurance Portability & Accountability Act // United States
60%

Applicable only where health/disability data is recorded. Relevant encrypted fields and access controls are in place.

SOC2

in progress
System & Organization Controls 2 // Global
75%

SOC2 Type II audit is scheduled for Q3 2026. Current practices meet Type I requirements across all five trust pillars.

audit_transparency_note

we deliberately list partial and in-progress compliance statuses. we believe institutional transparency builds more trust than overclaiming full compliance across frameworks where our coverage is still maturing.