How we protect your course content.

1. Hosting & isolation

CoursePortify runs on Google Cloud Platform in U.S. regions. The HTTP API runs on Cloud Run (autoscaled, fully managed containers); long-running translation and evaluation work runs in Cloud Run Jobs (isolated, single-shot workers). Course content is stored in Google Cloud Storage and job metadata in Google Cloud Firestore. None of these primitives are shared with other customers — every container starts from a clean image with scoped IAM credentials.

2. Encryption

• In transit. All public traffic uses TLS 1.2+ with HTTPS-only redirects. Custom domains are served from Google's managed-certificate edge.
• At rest. Cloud Storage and Firestore encrypt all data at rest by default using Google-managed keys (AES-256). Customer-managed keys (CMEK) are available on the Enterprise tier.
• Internal RPC. Calls between CoursePortify and Google Cloud APIs are made over Google's private backbone using gRPC over TLS.
• Download URLs. Downloads are served via short-lived signed URLs (typically 5–10 minutes), generated server-side after authentication and ownership checks.

3. Access control & secrets

• Least privilege IAM. The CoursePortify service account has only the GCS, Firestore, AI Platform, and Cloud Run Job permissions it needs to operate; production resources are not accessible to engineering laptops.
• Secret Manager. Secrets — Stripe keys, the Clerk secret key, signing webhooks, admin docs keys — live in Google Secret Manager and are mounted into the runtime as ephemeral environment variables. They are never written to disk, never logged, and never committed to source.
• Rotation. Stripe keys, Clerk keys, and admin keys are rotatable independently without downtime via the standard add-then-revoke pattern.
• Source control. The deploy script reads `.env` locally and pushes only secret-classified values to Secret Manager; runtime config (URLs, flags) is set via Cloud Run environment variables.

4. Multi-tenancy

Every upload, every job record, and every Firestore document is tagged with an owner_id derived from the verified Clerk user identifier. All read paths (HTML and JSON) re-check that the requesting user owns the record. Two users signing in with different accounts cannot see, list, or download each other's folders or job outputs, and the isolation is enforced server-side, not by the client.

5. Data retention & deletion

• Uploaded folders auto-delete after 48 hours, regardless of job state, by Cloud Storage lifecycle rules and Firestore TTL policies. This is not best-effort — it's enforced by the cloud provider.
• Job metadata is retained up to 90 days for support and audit, then automatically deleted.
• Account information is retained while your account is active. Deletion requests are processed within 30 days subject to legal retention obligations.
• Payment and tax records are retained as required by U.S. tax law (typically up to 7 years), via Stripe.

Full schedule on our Privacy Policy §7.

6. Authentication

• Identity is provided by Clerk, Inc. on a production instance hosted at clerk.courseportify.koneroanalyticsml.com.
• Sessions are validated server-side by JWT signature against Clerk's JWKS on every request that hits a protected route — no implicit trust of cookies.
• Federated sign-in is supported via Google with per-account OAuth credentials; SAML 2.0 / OIDC SSO and SCIM provisioning are available on the Enterprise tier.
• The legacy session cookie can be disabled with CLERK_DISABLE_LEGACY_SESSION=true for environments that require Bearer-token-only API auth.

7. Payments

Card data is processed entirely by Stripe using Stripe Checkout. CoursePortify servers never see full card numbers, CVV, or bank credentials — Stripe is PCI DSS Level 1 certified and handles all of that. We receive only transactional metadata (amount, currency, last 4 digits, country, success / failure / refund status) via signed Stripe webhooks. Webhook signatures are verified before the payload is parsed.

8. AI & data residency

• Translation and evaluation requests are sent to Google Vertex AI (Gemini family models) and Google Cloud Translation under enterprise data-processing terms.
• Inputs and outputs are not used to train Google's general-purpose models.
• All AI requests are routed via the same U.S. regions as the rest of the platform; no cross-border egress for inference.
• CoursePortify does not train any model of its own on customer content.

9. Logging & monitoring

• HTTP request logs (path, status, latency, owner identifier) are emitted in JSON to Cloud Logging.
• Errors and worker failures are surfaced into Cloud Error Reporting for triage.
• We do not log course content. Logs contain identifiers and metadata, never document text.
• Logs are retained for 90 days.

10. Incident response

If we detect or are notified of a security incident materially affecting customer data, our process is:

1. Identify and contain (revoke compromised credentials, isolate affected resources).
2. Assess scope (which records, which customers, which sub-processors).
3. Notify affected customers and any required regulators within the timelines required by applicable law (commonly 72 hours for material incidents under state breach-notification laws and GDPR).
4. Remediate root cause and publish a post-incident summary to affected customers.

Customers may request our incident-response runbook under NDA.

11. Vulnerability management

• Dependencies are pinned in requirements.txt and reviewed for advisories on each release.
• Container images are rebuilt from Google's maintained Python base on every deploy so OS-level patches land in production within hours of a deploy.
• Internal pen-tests and dependency audits are run before each material release. Third-party penetration test reports are available on the Enterprise tier under NDA.

12. Responsible disclosure

If you believe you have found a vulnerability in CoursePortify, please email contact@koneroanalyticsml.com with subject Security disclosure.

• We will acknowledge your report within 3 U.S. business days.
• We will keep you informed as we triage and remediate.
• We will not pursue legal action against good-faith researchers who follow this process and who do not access, modify, or destroy customer data.
• Please do not publicly disclose the issue before we have remediated it.

13. Compliance roadmap

• FERPA — institutional buyers can sign our DPA + FERPA addendum to position CoursePortify as a "school official" with a legitimate educational interest under 34 CFR § 99.31(a)(1)(i)(B).
• SOC 2 Type I / Type II — on the roadmap. Status updates and an attestation letter will be published here when available.
• GDPR — we will execute the EU SCCs as part of our DPA on request.
• HIPAA, PCI DSS — out of scope; covered data should not be uploaded to CoursePortify.

Customers can request our security questionnaire response (CAIQ v4.0 / SIG Lite) by emailing contact@koneroanalyticsml.com.

14. Contact

Security disclosures: contact@koneroanalyticsml.com (subject: Security disclosure).

Privacy / data-subject requests: contact@koneroanalyticsml.com (subject: Privacy request).

Mailing address: Konero Analytics & Machine Learning LLC, 11672 E Berry Ave, Englewood, CO 80111, USA.