How Edura protects data today, and where formal compliance claims still require review.
This page summarizes current security practices for Edura. It is informational and should be read with our Privacy Policy, Data Processing Agreement, and Subprocessors page.
| Framework | Current Edura status |
|---|---|
| SOC 2 | Not currently certified. Security practices may be reviewed against SOC 2 expectations, but Edura does not claim SOC 2 compliance. |
| HIPAA | No default HIPAA or BAA coverage. Users should not enter PHI unless Edura has explicitly agreed to a covered workflow in writing. |
| FERPA | No default FERPA school-official claim. Schools should complete DPA and education-record scope review before using Edura with FERPA-covered records. |
| GDPR | Privacy Policy and DPA are intended to support GDPR workflows, subject to organization review and counsel approval. |
If we become aware of a personal data breach affecting organization customer data, we will notify the affected controller without undue delay and provide information reasonably needed for legal notice obligations, as described in the DPA.
Security issues can be reported to support@getedura.com. Please include the affected URL, steps to reproduce, impact, and your contact information. Do not access, modify, delete, or disclose data that does not belong to you.
Schools, counselors, and organizations can start with the self-serve DPA request and include any security questionnaire requirements in the request.