Security & compliance

How EDGE Amplify protects your data and your money.

Data protection

  • Encryption in transit — all traffic is served over HTTPS/TLS.
  • Encryption at rest — data is stored in a managed Postgres database (Neon) with encryption at rest.
  • Role-based access — every person sees only what their role allows (coach, athletic director, principal, district administrator, business), enforced on the server.
  • Tenant isolation — each district’s data is scoped to that district.

Money & payments

  • Payments by Stripe — card data never touches our servers; Stripe is a PCI-DSS Level 1 provider.
  • Signed webhooks — payment notifications are cryptographically verified before we act on them.
  • An audit-safe ledger — every dollar collected is recorded, with refunds and disputes reversed automatically.

Audit & accountability

  • Append-only audit trail — sign-ins, payments, approvals, and permission changes are recorded with who, what, when, and from where. Records are never edited or deleted, and are exportable for your records.

Student data (FERPA / COPPA)

EDGE Amplify is designed not to collect student personal information. Where we process any information on a school’s behalf, we act as a service provider / “school official” under FERPA and use it only to provide the service — never to sell or advertise. We support a signed Data Processing Agreement; contact us to put one in place.

Reliability

  • Backups — the database supports point-in-time restore, plus scheduled off-site snapshots.
  • Monitoring — application errors are captured and surfaced so incidents are caught quickly.
  • Live status — see current system health any time at /status.

On the roadmap

Single sign-on (Google, Clever, ClassLink), SOC 2, and a formal third-party penetration test are planned as we scale. If your district requires any of these to proceed, tell us and we’ll share our timeline.

Questions from your IT or procurement team? Contact us · Privacy · Terms