Security
How we protect your data and keep the Class Gecko platform secure.
1. Overview
Class Gecko takes the security of your data seriously. We protect the information you entrust to us—including organization details, class and enrollment data, student and family information, and payment-related records—using industry-standard practices and continuous improvement. This page summarizes how we keep your data safe.
2. Data in Transit and at Rest
All data transmitted between your browser or app and our servers is encrypted using TLS (HTTPS). Data stored in our databases and backups is encrypted at rest. We use strong encryption standards so that even if data were intercepted or accessed without authorization, it would not be readable.
3. Authentication and Access Control
Access to the Class Gecko platform requires secure sign-in. Passwords are hashed and never stored in plain text. We support secure session management so that only authenticated users can access organization dashboards, class management, enrollments, and the family portal. Organization admins can control which staff have access to their data.
4. Payment Security
We do not store full credit or debit card numbers. Payment processing is handled by Stripe, a PCI-DSS compliant payment provider. Card details are sent directly to Stripe; we only store tokens and metadata needed for invoicing, payment schedules, and refunds. This keeps sensitive payment data out of our systems and reduces risk.
5. Infrastructure and Hosting
Our applications and databases run on secure, managed infrastructure with regular security updates and monitoring. We use industry-standard practices for access control, network security, and incident response. Where we use third-party providers (e.g. hosting, email), we choose vendors that meet high security and compliance standards.
6. Application Security
We follow secure development practices: code review, dependency updates, and protection against common vulnerabilities (e.g. injection, cross-site scripting). Our APIs and application logic are designed so that users can only access data they are authorized to see—for example, organizations see only their own classes and enrollments.
7. Monitoring and Incident Response
We monitor our systems for suspicious activity and potential security issues. If we become aware of a breach or significant security incident that affects your data, we will notify affected users and take steps to mitigate harm, in line with applicable law and our policies.
8. Your Role
You can help keep your account secure by using a strong, unique password, not sharing your login details, and signing out when using shared devices. If you suspect unauthorized access to your account, contact us at hello@classgecko.com and we will help you secure it.
9. Questions
For security-related questions or to report a vulnerability, contact us at hello@classgecko.com. We take responsible disclosure seriously and will respond as quickly as we can.