Preparing your workspace
Security, privacy, and accessibility at every layer.
Drivia is built for organizations that take security, privacy, and accessibility seriously. From FERPA-aligned student-record workflows to WCAG 2.1 AA accessibility targets, the platform is designed for procurement review. Below is an overview of security architecture, compliance support, and data handling practices.
WCAG 2.1 AA
SupportedAccessibility target and remediation program
Section 508
SupportedUS Federal Accessibility procurement support
ADA Title II
SupportedAccessibility review for public-sector buyers
FERPA
SupportedFERPA-aligned data handling and DPA support
GDPR
SupportedEU privacy controls and DPA/SCC support
CCPA / CPRA
SupportedCalifornia privacy controls
SOC 2 Type II
In ProgressService Organization Control — Security & Availability
ISO 27001
PlannedInformation Security Management System
COPPA
PlannedUnder-13 K-12 workflows require customer parental-consent scope
VPAT/ACR and HECVAT documentation are available during procurement when current and approved for release. Contact support@drivia.consulting.
Every database table uses Postgres RLS policies. Tenant data is cryptographically isolated — no user can access another organization's data.
Virtual Resource Integrity Model partitions data across 5 layers: Organization, Course, Student, AI Context, and Assessment. Each layer has independent access controls.
Roadmap item for 2026. Identity-provider scope, availability, and rollout schedule must be confirmed in the MSA before it is sold as available.
40+ event types tracked with timestamps, actor identification, IP addresses, and before/after states. Searchable audit trail with CSV export.
TLS 1.3 encryption in transit. AES-256 encryption at rest. Database connections use SSL. No plaintext secrets in codebase.
16 granular permissions across 5 categories. Custom roles for instructors, department leads, and administrators. Principle of least privilege enforced.
All webhook deliveries are signed with HMAC-SHA256. Exponential backoff retry with dead letter queue. Webhook secrets never logged or exposed.
AI conversation history is private to each student — never visible to instructors or administrators. Learning analytics use k-anonymity with minimum group size of 5.
The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records. Drivia is designed around FERPA-aligned data handling for educational institutions and their technology partners.
Data Processing Agreement: Drivia can provide a DPA template and review customer terms during procurement. School-official designation language is confirmed in the signed agreement.
Drivia targets WCAG 2.1 Level AA and supports Section 508 / ADA Title II procurement review. Specific VPAT/ACR, remediation, and testing obligations are confirmed during procurement.
VPAT / Accessibility Conformance Report: Current VPAT/ACR materials can be shared during procurement when approved for release. Contact support@drivia.consulting.
Drivia provides privacy controls and contract support for GDPR and CCPA/CPRA review.
Certification In Progress
Drivia is actively pursuing SOC 2 Type II certification for Security and Availability trust service criteria. Our infrastructure provider (Supabase) publishes security and compliance documentation for enterprise review. Drivia's application-layer controls — including row-level security, audit logging, encryption, and access controls — are designed to meet SOC 2 requirements. The audit program is underway; current questionnaires and available assessment evidence can be shared under NDA.
For organizations requiring SOC 2 documentation before purchase, contact us for current security questionnaire responses, infrastructure documentation, and audit-status evidence. Type II report access follows audit completion.
Drivia is designed to integrate with your existing technology ecosystem.
LTI 1.3
LTI 1.3 integration with OIDC authentication, deep linking, and grade passback (AGS). Embed Drivia inside Canvas, Blackboard, Moodle, Brightspace, Schoology, and supported LTI 1.3-compliant LMS environments. Provisioning scope is confirmed during implementation.
Available — Learn More →xAPI (Tin Can)
Experience API support allows learning activity data to flow into your Learning Record Store (LRS) for enterprise analytics and compliance reporting across platforms.
Coming SoonREST API & Webhooks
Full REST API with HMAC-SHA256 signed webhooks for real-time event streaming. Integrate enrollment, completion, and assessment data with your HRIS, CRM, or analytics platform.
AvailableCSV / JSON Data Export
Export any dataset — members, enrollments, progress, quiz results, audit logs — in CSV or JSON. Scheduled exports and API-driven exports available for enterprise clients.
AvailableDrivia can provide HECVAT (Higher Education Community Vendor Assessment Toolkit) responses for university procurement processes. The HECVAT covers security, privacy, accessibility, data handling, business continuity, and incident response. If your institution uses HECVAT Lite or Full, we will share current responses approved for procurement release.
Request HECVAT documentation at support@drivia.consulting.
We can provide current procurement documentation - DPA, VPAT/ACR, HECVAT, security questionnaires, or a live security review call - as available and approved for release.