Security & Privacy

Your Data Security is Our Priority

eFit Software is built with enterprise-grade security to protect student and faculty data. We meet the highest standards for educational technology.

FERPA Compliant

256-bit SSL

SSAE-16 Certified

ADA Compliant

Data Protection

We implement multiple layers of security to ensure your data is protected at every stage.

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3 with 256-bit AES encryption. We enforce HTTPS on all connections.

Encryption at Rest

All stored data is encrypted using AES-256 encryption. Database backups are also encrypted and stored in geographically separate locations.

Access Controls

Role-based access controls ensure users only see data they're authorized to access. Faculty see their students; students see only their own data.

Infrastructure Security

Our infrastructure meets the highest standards for data center security.

SSAE-16 Certified Facilities

Our servers are hosted in SSAE-16 Type II certified data centers with 24/7 physical security, biometric access, surveillance cameras, and redundant power systems.

24/7 Monitoring

Our systems are monitored around the clock for security threats, performance issues, and availability. Automated alerts notify our team of any anomalies.

Disaster Recovery

Daily encrypted backups, geographic redundancy, and documented recovery procedures ensure business continuity. We target 99.9% uptime.

Compliance

Regulatory Compliance

We maintain compliance with key educational and privacy regulations.

FERPA

eFit fully complies with the Family Educational Rights and Privacy Act (FERPA), protecting the privacy of student education records.

ADA / Section 508

Our platform is designed to meet WCAG 2.2 AAA accessibility standards, ensuring equal access for users with disabilities.

SSAE-16

Our hosting infrastructure maintains SSAE-16 Type II certification, demonstrating robust controls for security and availability.

Application Security

How We Protect Your Data

Secure Authentication

Password hashing with bcrypt, secure session management, and optional two-factor authentication for added protection.

Input Validation

All user input is validated and sanitized to prevent SQL injection, XSS, and other common attack vectors.

Audit Logging

Comprehensive logging of system access and changes for security monitoring and compliance requirements.

Session Security

Automatic session timeouts, secure cookie handling (HttpOnly, Secure, SameSite), and protection against session hijacking.

Vulnerability Testing

Regular security assessments and penetration testing to identify and address potential vulnerabilities.

Security Headers

Implementation of CSP, HSTS, X-Frame-Options, and other HTTP security headers to protect against common web attacks.

Have Security Questions?

Our team is happy to discuss our security practices and answer any questions your IT or compliance team may have.

Contact Security Team View Privacy Policy