Checkmark Plagiarism Logo
Checkmark Plagiarism
Sign InTry Demo
Back to Home
SecurityNovember 11, 2025~6 min read

Security

Last updated: November 11, 2025

Our comprehensive security measures, data protection practices, and compliance standards for educational data safety.

We prioritize the security and privacy of educational data. Our comprehensive security framework ensures that student information and academic content remain protected at all times.

HECVAT Compliance

HECVAT-Lite Completed

Our Higher Education Community Vendor Assessment Toolkit (HECVAT) has been completed to demonstrate our commitment to educational security standards.

To request our completed HECVAT form for your institution's review, please contact us at support@checkmarkplagiarism.com.

Data Encryption

  • In Transit: All data transmission is protected using TLS 1.2+ encryption protocols, ensuring secure communication between your browser and our servers.
  • At Rest: All stored data is encrypted using AES-256 encryption standards via Google Cloud's enterprise-grade security infrastructure.
  • Key Management: Encryption keys are managed through Google Cloud's secure key management system with regular rotation protocols.

Data Storage and Location

Geographic Location: All data is stored exclusively in United States-based Google Cloud data centers, ensuring compliance with domestic data residency requirements.

Storage Infrastructure: We utilize Google Cloud Platform (GCP) for all data storage needs, leveraging their industry-leading security certifications and infrastructure reliability.

  • Cloud-based storage with 99.9% uptime guarantee
  • Redundant storage across multiple data centers
  • Automated backup systems with point-in-time recovery

Data Retention Policy

We maintain a strict data retention policy to ensure student privacy while providing necessary educational services:

  • Active Data: Student data is retained only as long as necessary for analysis and teacher access to support educational objectives.
  • Deletion Requests: Data may be deleted upon request by educators or institutions at any time, with immediate processing of such requests.
  • Automatic Purging: Inactive data is routinely purged after 12 months to minimize data storage and maintain privacy standards.
  • Legal Compliance: Retention practices align with FERPA requirements and institutional data governance policies.

Incident Management and Response

We maintain a comprehensive incident response framework to address any potential security concerns:

  • Response Plan: A documented incident response plan is in place with clear escalation procedures and communication protocols.
  • Monitoring: Continuous security monitoring through Google Cloud tools with automated alerts for suspicious activities.
  • Testing: Formal policy testing and incident response drills are conducted quarterly to ensure readiness.
  • Notification: Affected institutions will be notified promptly in the event of any security incident affecting their data.

Disaster Recovery and Business Continuity

Our business continuity planning ensures minimal service disruption and data protection:

  • Daily Backups: Automated daily backups are maintained in separate Google Cloud Platform regions for geographic redundancy.
  • High Availability: Systems are designed with high availability architecture to minimize downtime and ensure consistent access.
  • Recovery Protocols: Documented recovery procedures are in place and tested biannually to verify effectiveness.
  • Service Restoration: Recovery time objectives (RTO) and recovery point objectives (RPO) are defined to ensure rapid service restoration.

Security Standards and Certifications

Our infrastructure leverages Google Cloud's comprehensive security certifications and compliance standards:

  • SOC 2 Type II: Service Organization Control 2 certification for security, availability, and confidentiality.
  • ISO 27001: International standard for information security management systems.
  • FedRAMP: Federal Risk and Authorization Management Program compliance for government-standard security.
  • GDPR: General Data Protection Regulation compliance for international data protection standards.

Third-Party Testing and Access Controls

We implement industry-standard security practices and access management:

  • Authentication: Multi-factor authentication (MFA) requirements for all administrative access.
  • Role-Based Access: Strict role-based access controls (RBAC) limit system access to authorized personnel only.
  • Regular Audits: Periodic security audits and penetration testing to identify and address potential vulnerabilities.
  • Third-Party Assessments: Independent security assessments conducted by qualified security firms.
  • Least Privilege: All system access follows the principle of least privilege, granting only necessary permissions.

Privacy and Security Integration

Our security measures work hand-in-hand with our privacy commitments outlined in our Privacy Policy. This includes:

  • Secure processing of student data for educational purposes only
  • No use of student data for AI training or commercial purposes
  • Institutional ownership and control of all submitted academic content
  • Transparent data handling practices with full audit trails

Security Contact

For security-related questions, incident reports, or to request security documentation, please contact our security team:

support@checkmarkplagiarism.com

Security reports are monitored 24/7 and will receive priority response within 24 hours.

Copy page link