Security & privacy

Built to protect your families' data.

A school record holds a family's trust: grades, health notes, addresses, tuition. Trivium treats that trust as a design constraint, not a settings page. Here is exactly what protects it—and where it's enforced.

Access

Who can see what—decided by the database, not the page.

Every rule below is enforced at the database layer with row-level security on every table. If a page forgot to check, the database still says no.

Each school is an island

Your school's records are isolated from every other school's at the database layer. A query from one school cannot return another school's rows—there is no shared pool to leak from.

Roles that match real life

Parents see only their own children. Teachers see only their own classes. A substitute sees only the classes they're covering, on the dates they're covering them. Admin access is a role you grant, not a default.

Two-factor authentication

Any staff member can add two-factor authentication to their account with a standard authenticator app—no extra cost, no plugin.

Idle sessions end themselves

People walk away from office computers. Sessions left idle are signed out automatically, so an open tab in the workroom doesn't stay a doorway.

Accountability

A record of the record.

Small schools run on trust—and trust is easier when there's a trail.

Append-only audit log

Admin actions (and views of sensitive records like health information) are written to an audit log that application users cannot edit or delete. Not even an admin can tidy up their own trail.

Error monitoring without the PII

When something breaks, we get the stack trace—not your families. Emails, phone numbers, cookies, and auth headers are scrubbed from error reports before they ever leave the server.

Nightly backups, per school

Every night, each school's data is backed up separately and older copies are pruned on a schedule. Your history doesn't depend on one good day.

Encrypted in transit and at rest

Every connection to Trivium is encrypted with TLS, and the database and file storage are encrypted at rest.

Family privacy

Families keep a hand on their own data.

Privacy isn't only about intruders. It's about giving parents real choices.

Self-serve data export

Any parent can download a complete export of their family's records (their children, grades, attendance, invoices) without filing a ticket or waiting on the office.

Photo consent & directory opt-out

Per-student flags for photo and media consent and for opting out of the family directory—recorded once, respected everywhere the student appears.

The paperwork, in plain sight

Our Data Processing Addendum and subprocessor list are published, not gated behind a sales call. Your administrator accepts the DPA electronically during onboarding (versioned and on record for your school), and we give schools at least 30 days' notice before adding or replacing a subprocessor. See also our privacy policy.

Trivium is built to support your FERPA obligations—role-scoped access to education records, audit trails, and parent access to their own children's records. Your school remains the custodian of its records; we're the locked filing cabinet.

Questions your board or a parent wants answered?

Ask us directly—we answer security and privacy questions in plain English, in writing.

privacy@usetrivium.com

See how it holds up on a school like yours.

Book a demo and bring your hardest question—who-can-see-what is our favorite part of the tour.

Security & privacy—Trivium school information system