Built so students, schools, and organizations can trust it with real data.
StudentLife OS handles private information for students, schools, departments, and organizations. Security is not a feature bolted on at the end. It is the foundation everything else is built on. Here, in plain language, is how we protect every account and every record.
Trusted infrastructure
Built on the same platforms the largest companies rely on.
We do not reinvent security primitives. We stand on industry-leading, independently audited providers for storage, payments, networking, and delivery, and we harden every layer on top of them.
Ten layers of protection, every day.
No single control keeps a platform safe. Defense in depth means many layers, each one catching what the others miss.
Isolated compartments
- Students, organizations, schools, and departments each live in a separate compartment.
- Every compartment has its own session and its own server-side access checks.
- A session in one compartment cannot read another, even by changing the URL.
Multi-factor authentication
- Email one-time codes for every account type, required for sensitive admin roles.
- An unrecognized device always has to re-verify before it gets in.
- Our internal operator consoles require an authenticator app plus an emailed code on every login.
Roles and least privilege
- Team members get one role with only the access their job needs, enforced on the server.
- A team member cannot reach a tab or action their role disallows, even by editing the URL.
- Removing a member signs them out everywhere and erases their multi-factor enrollment at once.
Encryption everywhere
- HTTPS and TLS for everything in transit, with strict transport security.
- Documents and sensitive data encrypted at rest with AES-256.
- Private messages are stored as ciphertext, encrypted with a dedicated key.
Zero-trust documents
- Resumes, cover letters, and every uploaded document live in private storage that the public internet cannot reach.
- Every open re-checks on our servers that you are allowed to see that exact file, then streams it into an in-app viewer. No file links to copy, share, or leak.
- Every document access is logged: who opened what, and when. Documents you send by email use expiring links that stop working on their deadline.
Credentials and tokens
- Passwords are hashed with bcrypt and never stored or logged in plaintext.
- Authenticator secrets are encrypted with AES-256-GCM at rest.
- One-time links are stored only as a hash; the real token lives only in your email.
Privacy by design
- Approximate location from your IP only, derived at our network edge.
- We never prompt for device location and never store GPS coordinates.
- We collect what the product needs and tell you exactly what that is.
Responsible AI
- Demographic information never reaches our AI and has no path into any ranking.
- When AI ranks candidates, names, emails, and schools are removed first.
- Our AI provider is a contracted sub-processor that does not train on your data.
Incident response
- Operator kill switches can lock the platform down instantly during an event.
- A separate switch can require MFA on every sign-in, even for accounts that never enrolled.
- Engaging lockdown signs everyone out and blocks new sign-ins at once.
Tamper-evident audit
- Every sensitive action is written to an append-only, tamper-evident ledger.
- The trail is what we use to investigate, and it cannot be quietly edited.
- Real-time error monitoring alerts us the moment something looks wrong.
Account safety
- See every device signed into your account and sign any of them out.
- A 12-character minimum password, and we block passwords found in known breaches.
- Login throttling, progressive lockouts, and bot protection stop guessing attacks.
Unified reporting
- Report any post, message, opportunity, or account from where you see it.
- Every report reaches one secure queue worked by a dedicated security team.
- You can follow the status of the reports you file.
Your data is encrypted at rest and in transit.
Encryption is not one switch. We protect data at every stage it could be exposed, from the moment it leaves your browser to the way it sits in our database.
- In transit. HTTPS and TLS for every request, with strict transport security so connections cannot be downgraded.
- Documents. Files you upload are stored in encrypted object storage with AES-256, behind short-lived, signed access links.
- Messages. Private messages are stored as ciphertext with a dedicated encryption key, not as readable text in a database.
- Secrets and tokens. Authenticator secrets use AES-256-GCM; one-time links are stored only as a hash; passwords are hashed with bcrypt.
Illustrative. Ciphertext shown is not a real key or message.
Sign-in is layered, never just a password.
A password alone is never enough on the surfaces that matter. We add factors, device trust, and active defenses around every sign-in.
- Email one-time codes on every account, required for sensitive roles.
- New devices always re-verify before they get access.
- Operator and founder consoles require an authenticator app plus an emailed code, every time.
- Sign-in codes go to your primary inbox; sending to a verified recovery inbox is opt-in.
- Login throttling, progressive lockouts, and bot protection stop guessing.
If something ever goes wrong, we can act in seconds.
We hope to never use them, but the controls are ready. During an incident we can contain the platform immediately while keeping a full record of every action.
- A full lockdown that signs everyone out and blocks new sign-ins instantly.
- An emergency mode that forces MFA on every sign-in, even for accounts that never enrolled.
- A student-only restriction that keeps operators working while protecting students.
- Immediate session eviction for any suspended or removed account.
- A tamper-evident audit ledger that records exactly what happened and when.
Discovery you can trust
Everyone can find everyone, the right way.
StudentLife OS is one connected platform: organizations, schools, and departments all have public profiles anyone can open, follow, and message, and the connection works in reverse. Discovery is built on public profiles and explicit permissions, never open access to private data, and students always control whether they can be found.
Signed, expiring links
Cross-account profile views use signed, short-lived tokens instead of raw identifiers, so nothing can be enumerated.
Every view is recorded
Each cross-account profile view is access-checked, rate limited, and written to an audit trail, and the person viewed is notified.
Students control findability
A student can be public or private, appear in search or not, and allow messages or not. If a student opts out, they are withheld everywhere.
No browsing the student body
There is no all-students directory. An organization reaches a student only through a legitimate connection the student allows.
No cross-tenant data
A profile view never exposes another account’s private records, another organization’s analytics, or a school’s private roster.
Honest both ways
Students can research organizations, schools, and departments before they apply, with a verified badge where our team has confirmed them.
Clear by design
Every tab explains itself.
A platform you cannot understand is a platform you cannot trust. Nearly every tab on every side has a How it works button that opens a clear, plain-language guide: what the screen does, what each control means, and how your data is handled. No manual, no onboarding call, no guessing.
- How it works guidance on nearly every tab, on every side
- Plain language: what the screen does and what each control means
- Honest about data: who can see what, and how privacy is handled
- Built so students, schools, and organizations onboard themselves

A Notifications tab on every side, so nothing is buried.
Students, schools, departments, and organizations each have a Notifications tab that keeps a clear, running record of what matters, and a bell that stays in sync in real time. Paired with the tamper-evident audit ledger, you always know what is happening on your account, and there is always an accurate history of who did what and when.
Questions, answered plainly.
Does StudentLife OS use multi-factor authentication (MFA)?+
Yes. Email one-time codes are available on every account type and required for sensitive administrative roles. Unrecognized devices always re-verify, and our internal operator and founder consoles require an authenticator app plus an emailed code on every single login. During a security event we can require MFA on every sign-in across the whole platform, even for accounts that never enrolled.
Is my data encrypted?+
Yes. Everything in transit is protected with HTTPS and TLS. Documents and sensitive data are encrypted at rest with AES-256, private messages are stored as ciphertext with a dedicated encryption key, authenticator secrets are encrypted with AES-256-GCM, and one-time links are stored only as a hash. Passwords are hashed with bcrypt and never logged in plaintext.
Are my private messages secure?+
Private messages are encrypted at rest with a dedicated key, so they are stored as ciphertext rather than readable text. Real-time delivery runs over authenticated channels that only the people in a conversation can subscribe to. Files shared in a conversation are held in private storage and can only be opened by the people in that conversation; every open is re-checked on our servers.
How are resumes and uploaded documents protected?+
Documents follow a zero-trust model. They are stored in a private bucket that the public internet cannot reach, encrypted at rest with AES-256, and scanned on upload (file type allow-lists plus deep content checks that reject disguised or dangerous files). When someone with permission opens a document, our servers verify their access to that exact file on that exact request, then stream it into an in-app viewer, so there is never a file link sitting in a browser tab, history, or email that could be copied and reused. Every access is written to an audit log. When an institution emails a document, the recipient gets a tracked link that expires on the deadline the sender chose, and an expired link cannot be refreshed by the recipient. Files keep the names you gave them, but storage identifiers are randomized so nothing can be guessed or enumerated.
How do team roles and permissions work for an organization or school?+
Each team member is given one role that grants only the access their job needs, such as admin, recruiter, reviewer, compliance officer, or viewer. Permissions are enforced on our servers on every single request, not by hiding buttons, so a team member can never reach a tab or perform an action their role does not allow, even by editing the URL or calling an endpoint directly. Admins are required to turn on multi-factor authentication before they can act. Sensitive actions, such as role changes, removals, and exports, are written to a tamper-evident audit log, and removing a member signs them out of every device and erases their multi-factor enrollment immediately, so a re-invited person starts over from scratch.
Can a school see an organization’s data, or one student see another’s?+
No. Students, organizations, schools, and departments are kept in fully isolated compartments, each with its own session and its own server-side access checks. A session in one compartment cannot read another’s data, even by editing the URL. Cross-compartment profile views go through signed, expiring tokens rather than raw identifiers, so nothing can be enumerated.
Does the platform track my exact location?+
No. We derive an approximate location (city, region, and country) from your IP address at our network edge for security and fraud-prevention. We never prompt for device location, never call browser geolocation, and never store GPS coordinates. We disclose this in our Privacy and Cookie policies.
Does your AI use my demographic information?+
No. Demographic information is walled off and has no path into any AI ranking. When AI helps rank candidates, applicants are anonymized first and contact details are removed. Our AI provider is a contracted sub-processor that does not train on your data, and recruiter instructions are screened to block discriminatory or abusive prompts.
What happens if you detect a security incident?+
We have operator kill switches that can lock the platform down instantly, require MFA on every sign-in, or restrict student access, while keeping a tamper-evident record of every action. Suspended or removed accounts are evicted from all active sessions immediately, and we can block a compromised email from re-entering.
Security you can verify, not just trust.
Read the full policies, or reach our team with any question. We would rather over-explain than leave you guessing.
