At Capti, our team is committed to upholding strict security and privacy standards to safeguard your data. We ensure full compliance with applicable laws, regulations, and industry best practices, while simultaneously delivering exceptional service.
Our security policies are structured around strict access control and consistent application of security controls. We enforce least privilege and need-to-know principles. Our security posture is dynamic, with continuous improvement embedded into our operational model, ensuring resilience against emerging threats.
Our product security strategy encompasses regular audits, rigorous vulnerability scanning and deep code analysis to identify and mitigate risks. We use services of a PCI-approved scanning vendor Sysnet Global Solutions for comprehensive assessments, ensuring Capti fortified against known and emerging vulnerabilities.
To prevent unauthorized access we encrypt data at rest and in transit. We use TLS 1.2 or higher everywhere data is transmitted. Our encryption keys are managed via AWS Key Management System (KMS).
We maintain regulatory compliance with relevant data protection laws and frameworks, including FERPA, through comprehensive data governance practices. Our Privacy Policy is crafted with transparency in mind, detailing our data processing activities and the controls available to our users to manage their personal information.
We provide detailed compliance and security reports, including VPAT, HECVAT, and 1EdTech Data Privacy Certificate, upon request. These documents offer insights into our security infrastructure and compliance posture, underscoring our commitment to transparency.
Our dedication to maintaining robust security and privacy standards has garnered trust with our customers that include K-12 and higher education institutions, as well as literacy research groups.
Capti has successfully completed conformance testing for 1EdTech Data Privacy certification.
Registration Number: IMSP1ci2024W1