Security & compliance
How EDGE Amplify protects your data and your money.
Data protection
- Encryption in transit — all traffic is served over HTTPS/TLS.
- Encryption at rest — data is stored in a managed Postgres database (Neon) with encryption at rest.
- Role-based access — every person sees only what their role allows (coach, athletic director, principal, district administrator, business), enforced on the server.
- Tenant isolation — each district’s data is scoped to that district.
Money & payments
- Payments by Stripe — card data never touches our servers; Stripe is a PCI-DSS Level 1 provider.
- Signed webhooks — payment notifications are cryptographically verified before we act on them.
- An audit-safe ledger — every dollar collected is recorded, with refunds and disputes reversed automatically.
Audit & accountability
- Append-only audit trail — sign-ins, payments, approvals, and permission changes are recorded with who, what, when, and from where. Records are never edited or deleted, and are exportable for your records.
Student data (FERPA / COPPA)
EDGE Amplify is designed not to collect student personal information. Where we process any information on a school’s behalf, we act as a service provider / “school official” under FERPA and use it only to provide the service — never to sell or advertise. We support a signed Data Processing Agreement; contact us to put one in place.
Reliability
- Backups — the database supports point-in-time restore, plus scheduled off-site snapshots.
- Monitoring — application errors are captured and surfaced so incidents are caught quickly.
- Live status — see current system health any time at /status.
On the roadmap
Single sign-on (Google, Clever, ClassLink), SOC 2, and a formal third-party penetration test are planned as we scale. If your district requires any of these to proceed, tell us and we’ll share our timeline.