Do you support district security reviews?

Yes. We provide architecture and control summaries for district and board-level due diligence workflows.

How quickly are access issues handled?

Operationally critical access issues are prioritized immediately with session and permission-level mitigation steps.

Do you track privileged admin activity?

Yes. Sensitive administrative actions are logged for traceability and internal review.

Security Program

Security for school communities, built into every release.

PTA.AI is designed so parent leaders can move quickly without compromising safety. We apply role-based access controls, encrypted data handling, continuous auditing, and incident-ready operations from intake through live deployment.

Version v2.1Last updated March 4, 2026Effective March 4, 2026

Policy radar

Structured for quick board review and deep legal/compliance reference.

Version

v2.1

Sections

Policy actions for Security policy

Material update v2.1

Expanded control-domain documentation, incident response flow, and shared-responsibility matrix.

Security at a glance

Access controls by role

System and tenant actions are gated by claim-based RBAC to limit access by responsibility.

Encrypted transport and storage

Traffic is protected in transit and platform data is stored with modern encryption standards.

Auditability by default

Administrative and policy-sensitive actions are recorded for review and accountability.

Operational resilience

Background jobs and release workflows are designed to be idempotent and replayable.

Incident-ready process

Security events follow a documented triage, containment, and communication path.

School-safe boundary

Product scope is intentionally designed to avoid collecting student academic records.

Control domains

Our controls are grouped by practical operating domains so boards, volunteers, and district reviewers can evaluate posture clearly.

Identity and access

Role-scoped permissions, session controls, password policy enforcement, and optional MFA paths for elevated accounts.

Application security

Structured validation, protected admin routes, and constrained mutation pathways for high-impact workflows.

Data security

Tenant-scoped records, controlled storage access patterns, and predictable data lifecycle rules.

Operational security

Queue and release controls, environment segregation, and explicit audit logging for critical actions.

Data protection model

Security decisions prioritize school operations, privacy boundaries, and recoverability.

Data minimization: We collect only the data needed to operate PTA communication and platform workflows.
Tenant separation: Records are scoped to tenant identifiers to reduce cross-organization exposure risk.
Release integrity: Deterministic generation and deployment flows reduce manual drift across environments.
Evidence trail: Audit logs and operational metadata provide traceability for sensitive changes.

Operations and incident response

When anomalies are detected, we follow a defined process to reduce impact and keep stakeholders informed.

Detection: alerts, operator review, and contextual signal collection.

Containment: temporary access restrictions, workflow pause controls, and session/security revocation where required.

Eradication and recovery: root-cause correction, validation, and controlled service restoration.

Communication: incident updates to affected customers based on scope and severity.

Post-incident review: documented learnings and control improvements.

Shared responsibility

Platform security is strongest when PTA.AI and school leadership both execute their responsibilities.

PTA.AI responsibilities

Operate and maintain platform controls.
Protect infrastructure and service-level access boundaries.
Monitor and respond to platform security signals.
Provide auditability and operational transparency.

School/PTA responsibilities

Use strong credentials and secure account recovery practices.
Assign appropriate roles and remove stale access promptly.
Review public content before release approval.
Report suspicious activity quickly through support channels.

Security FAQ

Version history

March 4, 2026 - Security policy redesign

Expanded controls, operations, and shared responsibility sections.

January 15, 2026 - Baseline publication

Initial policy publication for marketing and compliance reference.

Security reporting and support

Use the channels below for suspected incidents, urgent access concerns, or district review coordination.

Security

security@pta-ai.com

Support

support@pta-ai.com

Compliance

compliance@pta-ai.com