Security Documentation

Our Commitment to Security

At TeacherServerPro, we take the security of your data seriously. This page provides transparent information about how we protect your information, manage our infrastructure, and respond to security concerns. We believe in honest communication about our security practices rather than making unrealistic promises.

Infrastructure and Data Storage

Dedicated Server Infrastructure: TeacherServerPro operates on a dedicated server located in Florida, United States. This dedicated infrastructure ensures that your data is not shared with other applications or tenants, providing an additional layer of security and performance consistency.

Database Technology: We use MySQL database technology to store account information and user preferences. Our database is professionally managed with industry-standard security configurations and access controls.

Data Location: All data is stored and processed within the United States, specifically on servers located in Florida. This ensures compliance with U.S. data protection standards and provides clarity about data jurisdiction.

AI Processing and Data Privacy

Local AI Model: Unlike many educational technology platforms, TeacherServerPro runs its own local AI models directly on our infrastructure. We do not send your data to third-party AI services such as OpenAI, Anthropic, Google, or Microsoft. This means your AI interactions remain completely within our controlled environment.

No Data Retention for AI: When you use our AI-powered tools, your input data is processed in real-time and immediately discarded. We do not store AI queries, prompts, or responses. This ensures that lesson plans, student information, assignments, and other educational content you process through our tools remains private and temporary.

No Training on User Data: We do not use any user-submitted data to train, improve, or refine our AI models. Your educational content, teaching materials, and student-related information is never incorporated into our machine learning systems.

Authentication and Access Control

User Authentication: We provide two secure methods for users to access their accounts. Users can authenticate using traditional email and password credentials, with passwords encrypted using industry-standard bcrypt hashing algorithms. Additionally, users can sign in using Google OAuth, which allows authentication through their existing Google accounts without sharing passwords with our platform.

Administrative Access: A small, vetted team of authorized personnel has access to production systems for maintenance, support, and troubleshooting purposes. All team members are bound by confidentiality agreements and follow strict security protocols. Access to production systems is logged and monitored.

Support Tools: We maintain administrative tools that allow our support team to assist users with account issues, resolve technical problems, and respond to data requests. Access to these tools is restricted to authorized support personnel and all actions are logged for security and compliance purposes.

Future Security Enhancements: We are currently evaluating the implementation of two-factor authentication (2FA) for user accounts to provide an additional layer of security. We will announce this feature when it becomes available.

Data Encryption and Transport Security

HTTPS/SSL Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS with modern SSL/TLS protocols. This prevents interception of your data during transmission and ensures that your login credentials and other sensitive information cannot be read by third parties.

Data at Rest Encryption: Data stored in our database is encrypted to protect against unauthorized access. This includes your account information, preferences, and any dashboard configurations you save.

Password Security: User passwords are never stored in plain text. We use bcrypt, a robust one-way hashing algorithm specifically designed for password security. Even our own team members cannot view your password - the only way to access your account is through the password reset process.

Backup and Disaster Recovery

Automatic Backups: Our hosting provider performs automatic backups of all data on an hourly basis. These frequent backups ensure that we can recover your data quickly in the event of hardware failure, data corruption, or other technical issues.

Backup Retention: Backups are retained for 90 days, providing ample recovery options for various scenarios. Backups are stored securely and separately from production data to protect against simultaneous loss of both systems.

Disaster Recovery: In the unlikely event of a catastrophic server failure, we have procedures in place to restore service from backups. Our goal is to minimize downtime and data loss through our comprehensive backup strategy.

Monitoring and Incident Response

Uptime Monitoring: We maintain continuous uptime monitoring of our servers and services. Our monitoring system checks availability and performance around the clock, alerting our team immediately if any issues are detected.

Real-Time Alerts: Our team receives immediate notifications from the server when any security concerns, performance issues, or system anomalies are detected. This allows us to respond quickly to potential problems before they impact users.

Incident Response Time: We operate 24-hour monitoring with a target resolution time of 2-4 hours for critical incidents. While we strive to resolve issues as quickly as possible, our realistic commitment is to acknowledge incidents immediately and work toward resolution within this timeframe.

Incident Communication: In the event of a security incident or service disruption, we commit to transparent communication with affected users. We will notify users via email about any incidents that may impact their data or service access, along with details about what happened and what steps we are taking to resolve the issue.

Vulnerability Management

Software Updates: We regularly update our server software, database systems, and application dependencies to address known security vulnerabilities. Critical security patches are applied promptly to minimize exposure to known threats.

Security Monitoring: We monitor security advisories and vulnerability databases relevant to our technology stack. When vulnerabilities are identified in software we use, we assess the risk and apply necessary updates according to the severity of the threat.

Code Review: Our development team follows secure coding practices and conducts code reviews to identify and address potential security issues before they reach production.

FERPA Compliance

Educational Privacy: TeacherServerPro respects the Family Educational Rights and Privacy Act (FERPA) and is designed to support teachers in compliance with educational privacy laws. We understand that teachers may process student-related information through our tools and have designed our system accordingly.

No Student Data Collection: We do not collect, store, or retain student educational records. When teachers use our AI tools to generate lesson plans, assignments, or other educational content that may reference student information, that data is processed in real-time and immediately discarded. We have no permanent record of student names, grades, performance data, or other educational records.

Teacher Responsibility: Teachers who use TeacherServerPro are responsible for ensuring their use of the platform complies with their school or district policies and applicable privacy laws. We provide the secure infrastructure and privacy-respecting tools, while educators maintain control over what information they choose to process.

Data Retention and Deletion

Account Data: We retain your account information (name, email, password, profile settings, and dashboard preferences) for as long as your account remains active. This data is necessary to provide you with personalized service and access to your preferred tools.

AI Processing Data: As stated throughout this document, we do not retain any data submitted to or generated by our AI tools. This data is processed in memory and immediately discarded after your session.

Account Deletion: You may request deletion of your account at any time by contacting support@teacherserverpro.com. Upon receiving a deletion request, we will permanently remove all of your account information within 30 days. Please note that some data may persist in backups for up to 90 days before being automatically purged from our backup systems.

Data Export: Before deleting your account, you may request an export of your profile information and dashboard preferences. We will provide this data in a standard format (CSV or JSON) within 7 business days of your request.

Third-Party Services

Limited Third-Party Integration: TeacherServerPro minimizes the use of third-party services to reduce potential security vulnerabilities and data sharing. We only integrate with services that are essential for basic functionality.

Google OAuth: For users who choose to sign in with Google, we use Google's OAuth authentication service. This integration only accesses your basic Google profile information (name and email) and does not grant us access to your Google Drive, Gmail, or other Google services. You can revoke this access at any time through your Google account settings.

Payment Processing: If we process payments, we use industry-standard payment processors that maintain PCI DSS compliance. We do not store credit card information on our servers - all payment data is handled by our payment processor.

Employee Access and Training

Access Controls: Access to production systems and user data is limited to essential personnel only. Team members are granted the minimum level of access necessary to perform their job functions (principle of least privilege).

Security Training: All team members with access to systems or data receive training on security best practices, privacy requirements, and incident response procedures. We maintain a culture of security awareness throughout our organization.

Confidentiality: All team members are bound by confidentiality agreements that prohibit unauthorized disclosure of user information or business data. Violation of these agreements results in immediate termination and potential legal action.

Reporting Security Issues

Responsible Disclosure: If you discover a security vulnerability in TeacherServerPro, we encourage you to report it responsibly. Please email security@teacherserverpro.com with details of the vulnerability. We commit to acknowledging your report within 24 hours and working with you to understand and resolve the issue.

Bug Bounty: While we do not currently operate a formal bug bounty program, we appreciate and acknowledge security researchers who help us improve our platform. We will publicly credit researchers (with their permission) who responsibly disclose valid security issues.

Contact Information

For security questions, concerns, or to report a vulnerability, please contact us:

Email: security@teacherserverpro.com
Support: support@teacherserverpro.com
Phone: 727-873-4803
Address: 140 7th Ave S, St. Petersburg, FL 33712

For urgent security matters, please contact us immediately via email or phone. We take all security reports seriously and will respond as quickly as possible.

Updates to This Document

We may update this security documentation as our practices evolve, new features are added, or infrastructure changes occur. When significant changes are made, we will update the "Last Updated" date at the top of this page and notify active users via email. We encourage you to review this page periodically to stay informed about how we protect your data.