Security & Privacy

How we protect your family's data and ensure safe learning

Our Security Commitment

At MathMates, security and privacy are fundamental to our mission. We understand the responsibility of protecting children's data and have implemented comprehensive security measures to safeguard every aspect of our platform.

Our security-first approach means we continuously monitor, assess, and improve our protections to stay ahead of evolving threats while maintaining compliance with all applicable regulations.

Security Measures

Data Encryption

All data is encrypted in transit and at rest using industry-standard AES-256 encryption.

  • End-to-end encryption for all communications
  • Database encryption with rotating keys
  • Secure SSL/TLS connections (TLS 1.3)
  • Encrypted backups and data storage

Access Controls

Strict access controls and authentication mechanisms protect user accounts.

  • Multi-factor authentication options
  • Role-based access control (RBAC)
  • Regular password security audits
  • Automatic session timeout protection

Infrastructure Security

Our cloud infrastructure is secured with enterprise-grade protections.

  • AWS security best practices
  • Network isolation and firewalls
  • DDoS protection and mitigation
  • Regular security patches and updates

Privacy Protection

We implement strict privacy controls to protect children's personal information.

  • COPPA-compliant data collection
  • Minimal data collection principle
  • Anonymous usage analytics
  • No third-party data sharing

Compliance & Certifications

COPPA

Certified

Children's Online Privacy Protection Act compliance

We follow strict guidelines for collecting, using, and disclosing personal information from children under 13.

FERPA

Compliant

Family Educational Rights and Privacy Act compliance

Educational records are protected according to federal privacy requirements.

SOC 2 Type II

Certified

Security, availability, and confidentiality controls

Independent audit of our security controls and data protection measures.

GDPR

Compliant

General Data Protection Regulation compliance

Data protection rights for users in the European Union.

Security Practices

Regular Security Audits

Third-party security assessments and penetration testing

Quarterly

Vulnerability Management

Continuous monitoring and rapid response to security threats

24/7 Monitoring

Employee Training

Regular security awareness training for all team members

Monthly

Incident Response

Documented procedures for security incident handling

As Needed

Security Best Practices for Users

Use Strong Passwords

Create unique passwords with a mix of letters, numbers, and symbols

Enable Two-Factor Authentication

Add an extra layer of security to your parent account

Monitor Account Activity

Regularly review your child's activity and progress reports

Keep Information Updated

Ensure contact information is current for security notifications

Report Suspicious Activity

Contact us immediately if you notice anything unusual

Report Security Issues

If you discover a security vulnerability or have concerns about the safety of our platform, please report it immediately through our responsible disclosure program.

[email protected]Contact Support

Transparency & Accountability

We believe in transparency about our security practices and incident response. Our annual security report provides detailed information about our security posture, any incidents, and our continuous improvement efforts.

Last Security Audit:July 2025
Security Incidents (2025):0 Major, 2 Minor (Resolved)
Average Response Time:< 4 hours