Security Overview
True North NexTech LLC – AI Course Assistant
Effective Date: January 2026
This Security Overview describes the technical and organizational measures implemented by True North NexTech LLC (“True North NexTech,” “we,” “us,” or “our”) to protect data processed by the AI Course Assistant platform (the “Service”).
This document is provided for transparency and informational purposes only and does not replace or modify the Terms of Service, Privacy Policy, or AI Use & Data Policy.
1. Security Principles
The Service is designed with the following core security principles:
- Protection of student and instructor data;
- Least-privilege access and role-based controls;
- Transparency and auditability;
- Defense-in-depth across infrastructure and application layers.
2. Infrastructure Security
The Service is hosted on infrastructure provided by Amazon Web Services (AWS).
Key infrastructure safeguards include:
- Logical isolation of environments;
- Secure network configurations;
- Continuous availability and redundancy mechanisms provided by AWS.
True North NexTech leverages AWS-managed services to reduce operational risk and improve reliability.
3. Data Encryption
We protect data using encryption at multiple layers:
- Encryption in transit using industry-standard Transport Layer Security (TLS);
- Encryption at rest for stored data.
Encryption keys are managed using secure key management practices.
4. Access Controls
Access to the Service and underlying systems is restricted using:
- Role-based access controls (RBAC);
- Authentication and authorization mechanisms;
- Principle of least privilege for internal access.
Only authorized personnel may access production systems, and access is reviewed periodically.
5. Application Security
The Service includes application-level protections such as:
- Input validation and error handling;
- Secure API authentication;
- Separation of user data by account and course context.
AI-assisted actions require explicit user initiation and approval.
6. Audit Logging and Monitoring
The Service maintains audit logs that record:
- User-initiated actions;
- AI-assisted draft generation;
- Review, approval, and publication events.
System logs and monitoring are used to detect and investigate anomalous activity.
7. Third-Party Services
The Service relies on vetted third-party service providers, including:
- Cloud infrastructure providers (AWS);
- AI service providers (such as OpenAI).
Third-party providers are selected based on security posture and contractual safeguards.
8. Incident Response
True North NexTech maintains procedures to respond to security incidents, including:
- Investigation and containment of suspected incidents;
- Remediation efforts;
- Notification as required by applicable law.
9. Compliance and Risk Management
The Service is designed to align with common higher-education security expectations, including FERPA-related safeguards.
At this time, the Service does not claim certification under specific security standards such as SOC 2 or ISO 27001.
9A. What We Do Not Do
To provide clarity and build trust, True North NexTech does not:
- Share or sell user or student data;
- Collect Canvas usernames or passwords;
- Automatically publish grades, feedback, or content to students;
- Profile students for advertising or non-instructional purposes;
- Use student data for purposes unrelated to providing the Service.
10. User Responsibilities
Users are responsible for:
- Safeguarding their account credentials;
- Using the Service in accordance with institutional policies;
- Reviewing and approving AI-assisted outputs prior to publication.
11. Updates to This Security Overview
This Security Overview may be updated from time to time to reflect changes in security practices or system architecture.
12. Contact Information
For security-related questions or concerns, please contact:
True North NexTech LLCkristy@truenorthnextech.com
We aim to acknowledge security-related inquiries within a reasonable timeframe, typically within three (3) business days.