You're being asked to trust us with students. We take that literally.
This page says what we actually do — in plain language your IT lead can interrogate. Bring them to the demo; we like those questions.
This page says what we actually do — in plain language your IT lead can interrogate. Bring them to the demo; we like those questions.
Every school's data is walled off with row-level security at the database layer, not just application logic — the isolation rule lives where the data lives. We audit these policies on a recurring basis and close gaps as we find them.
A school can self-serve onboard in minutes — but once you're set up, students and staff never self-register. Every account starts from an invitation your school issued, with codes that expire. There's no open student signup to police.
Students, teachers, advisors, administrators, and IT each get the narrowest access that does the job. Elevation paths are explicit and controlled — roles can't quietly grant themselves more.
Administrative actions leave an audit trail your school can review. When someone asks "who changed this?", the answer is a lookup, not an investigation.
Most vendors talk about outside threats. The harder promise is about the inside: what can NexusPlan's own team see?
Our support and onboarding staff work from de-identified views — short reference IDs, not student names or personal details.
School-side troubleshooting uses a guarded "view as" tool — logged, role-restricted, and never a shared password.
SIS API credentials are stored encrypted, scoped to your school, and used only to run your school's sync.
We run recurring internal adversarial security reviews against our own system, and close what they find — including gaps in access controls, before they ever reach a real school.
We sync what planning needs — assignments, due dates, rosters, grades — and no more. Data that isn't collected can't be leaked.
Student data is never sold, never shared for advertising, never used to build profiles for anyone else. Schools pay for the product; that's the whole business model.
Offboarding is a product feature: export what's yours, then have it removed. No hostage negotiations at renewal time.
Some data is protected from the interface itself: students see per-assignment feedback, never a looming overall average; there are no streaks or public leaderboards. Wellbeing is a privacy issue.
Your school stays in control of education records: access is role-scoped, our staff access is minimized and logged, and records are exportable and deletable on your instruction.
Have a vendor security questionnaire? Send it — we answer them directly, and your IT lead gets an engineer on the call, not a sales deck.
Book a walkthrough with your IT lead in the room. We'll show the isolation model, the audit trail, and the offboarding path live.