Ink Wise | Your AI Academic Mentor

Our Security Commitment

At Ink Wise, security is not an afterthought—it's built into everything we do. We handle sensitive educational data and take that responsibility seriously. Our security practices are designed to meet SOC 2 Type 2 compliance requirements.

Security Measures

Encryption

• TLS 1.3 encryption in transit
• AES-256 encryption at rest
• Encrypted database connections
• Secure credential storage

Access Control

• Role-based access control (RBAC)
• Multi-factor authentication available
• Session management & timeouts
• Principle of least privilege

Infrastructure

• SOC 2 compliant hosting (Vercel)
• SOC 2 compliant database (Neon)
• DDoS protection
• Automatic security updates

Monitoring

• 24/7 security monitoring
• Real-time threat detection
• Comprehensive audit logging
• Automated alerting

Data Isolation

We use Row-Level Security (RLS) at the database level to ensure strict data isolation:

Your data is isolated from other users at the database level
Teachers can only see their students' work
Students can only access their own documents
Institutions have separate data boundaries

AI Security

When using our AI features, we implement additional security measures:

PII Redaction: Personal information is automatically removed before AI processing
Prompt Injection Prevention: We detect and block manipulation attempts
No AI Training: Your content is never used to train AI models
Rate Limiting: Protection against abuse and cost overruns

Incident Response

In the event of a security incident, we follow a structured response process:

Detection: Automated monitoring identifies issues within minutes
Assessment: Our team evaluates severity and scope
Containment: Affected systems are isolated immediately
Notification: Users are informed within 72 hours of confirmed breaches
Resolution: Root cause analysis and permanent fixes implemented

Compliance

We are committed to meeting industry security standards:

SOC 2 Type 2: Currently pursuing certification
Australian Privacy Act: Full compliance with APPs
GDPR: Data protection for EU users
FERPA: Student data protection (US institutions)

Responsible Disclosure

We welcome responsible security research. If you discover a vulnerability, please report it to security@getinkwise.com. We commit to:

Acknowledging your report within 24 hours
Providing regular updates on our investigation
Not taking legal action against good-faith researchers
Crediting researchers who help improve our security (with permission)

Questions?

For security-related questions or concerns, contact our security team:

security@getinkwise.com

Security Measures

Encryption

• TLS 1.3 encryption in transit
• AES-256 encryption at rest
• Encrypted database connections
• Secure credential storage

Access Control

• Role-based access control (RBAC)
• Multi-factor authentication available
• Session management & timeouts
• Principle of least privilege

Infrastructure

• SOC 2 compliant hosting (Vercel)
• SOC 2 compliant database (Neon)
• DDoS protection
• Automatic security updates

Monitoring

• 24/7 security monitoring
• Real-time threat detection
• Comprehensive audit logging
• Automated alerting

AI Security

When using our AI features, we implement additional security measures:

PII Redaction: Personal information is automatically removed before AI processing

Prompt Injection Prevention: We detect and block manipulation attempts

No AI Training: Your content is never used to train AI models

Rate Limiting: Protection against abuse and cost overruns

Incident Response

In the event of a security incident, we follow a structured response process:

Detection: Automated monitoring identifies issues within minutes

Assessment: Our team evaluates severity and scope

Containment: Affected systems are isolated immediately

Notification: Users are informed within 72 hours of confirmed breaches

Resolution: Root cause analysis and permanent fixes implemented

Responsible Disclosure

We welcome responsible security research. If you discover a vulnerability, please report it to security@getinkwise.com. We commit to:

Acknowledging your report within 24 hours

Providing regular updates on our investigation

Not taking legal action against good-faith researchers

Crediting researchers who help improve our security (with permission)