SeatoirBook a demo
Security

Security at Seatoir

Seatoir is building toward SOC 2 Type II certification. The practices described on this page reflect our current security posture, organized around the SOC 2 Trust Service Criteria.

Security

Protecting institutional data from unauthorized access is foundational to how Seatoir is built and operated.

  • All data is encrypted in transit using TLS 1.2+
  • Data at rest is encrypted using AES-256
  • Application infrastructure runs on managed cloud providers with SOC 2 certified data centers
  • Access to production systems is restricted to authorized personnel with role-based controls
  • Dependencies are monitored for known vulnerabilities and updated regularly
  • Authentication uses email-based magic links — no passwords are stored

Availability

Seatoir is designed for reliable access during the enrollment analysis cycles when registrar teams need it most.

  • Database hosted on managed PostgreSQL with automated backups
  • Application deployed with automated health checks and restarts
  • Infrastructure monitoring with alerting for anomalies

Confidentiality

Seatoir is a multi-tenant platform. Strict tenant isolation ensures that each institution can only access its own data.

  • All database queries are scoped by institution identifier — there is no mechanism to query across tenants
  • Role-based access controls limit what users within an institution can see and do
  • Session management uses secure, HTTP-only cookies with server-side validation
  • No institutional data is shared with other customers, partners, or third parties beyond what is required to operate the service

Privacy

Seatoir collects the minimum data necessary to provide the service.

  • Only section-level aggregate enrollment data is processed — no student personally identifiable information
  • Account data is limited to email address and institution name
  • See our Privacy Policy for full details

Infrastructure

  • PostgreSQL database with managed hosting and automated backups
  • HTTPS-only — all unencrypted connections are rejected
  • Managed cloud hosting with physical security and compliance certifications

Responsible disclosure

If you believe you have found a security vulnerability in Seatoir, please report it to support@seatoir.com. We take all reports seriously and will respond promptly.

Questions?

For security questions or to request additional detail about our practices, contact us at support@seatoir.com.