Security, Privacy & Compliance.

Security and privacy aren’t features bolted onto Etriever — they are the architecture. Because Etriever queries from source data, sensitive student records stay in your systems of record, governed by your policies, at all times.

Built-in protections.

Data stays in place, read-only by design

Etriever queries authoritative source systems and returns role-based views and reports. It queries data where it resides and does not modify source data. LEAs and institutions retain full ownership and control.

Encryption everywhere

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256 / minimum 128-bit), throughout its lifecycle.

Strong authentication

Multi-factor authentication through your identity provider (SSO/OAuth), enforced password complexity, lockout, and throttling.

Least-privilege access

Role-based access controls (RBAC) with administrative separation of duties; all access is logged and auditable.

Independently aligned controls

SOC 2 Type II-equivalent controls, aligned to the CIS Critical Security Controls and implemented via NIST 800-53 families (Access Control, Audit & Accountability, Incident Response, Configuration Management). Backup and recovery aligned to ISO 27001 practices.

U.S. data residency

All data access, validation, and reporting services are performed entirely within the United States.

Accessibility

User-facing components are designed and tested to meet Sections 504 and 508 accessibility standards.

Rapid incident response

Documented incident-response runbooks. Confirmed incidents involving student or institutional data are reported within one (1) calendar day, with a documented remediation plan within ten (10) calendar days.

Audit-ready archive

A secure, searchable archive of certification artifacts, validation reports, and an end-to-end audit trail of user and system actions is retained for a minimum of six (6) years — without copying student data.

Compliance

Etriever is built to comply with FERPA, COPPA, and applicable state privacy laws (including, in Utah, GRAMA and Administrative Rule R277-484), and operates under your data governance policies and agreements. AI is used only to assist — never to adjudicate, certify, or alter regulated student data.

FERPA

COPPA

SOC 2 Type II-equivalent

NIST 800-53

504/508

Center Data on Your Students with Etriever.

Every student record, every support plan, every data source — connected, visible, and working together. Find out how this can work for your school, district, institution, or agency.

Contact Us

Learn More About Etriever

Center Data on Your Students with Etriever.

Every student record, every support plan, every data source — connected, visible, and working together. Find out how this can work for your school, district, institution, or agency.

Contact Us

Learn More About Etriever

Center Data on Your Students with Etriever.

Every student record, every support plan, every data source — connected, visible, and working together. Find out how this can work for your school, district, institution, or agency.

Contact Us

Learn More About Etriever

Student-centered data, built for the way modern districts work.

Explore

How It Works

Security

About

FAQ

Legal

Privacy Policy

Terms

Accessibility Statement

Contact

Investor Inquiries

© 2026 Etriever AI · Salt Lake City, Utah · Built on DatumSure Tapestry.

Student-centered data, built for the way modern districts work.

Explore

How It Works

Security

About

FAQ

Legal

Privacy Policy

Terms

Accessibility Statement

Contact

Investor Inquiries

© 2026 Etriever AI · Salt Lake City, Utah · Built on DatumSure Tapestry.

Student-centered data, built for the way modern districts work.

Explore

How It Works

Security

About

FAQ

Legal

Privacy Policy

Terms

Accessibility Statement

Contact

Investor Inquiries

© 2026 Etriever AI · Salt Lake City, Utah · Built on DatumSure Tapestry.