Security Overview

The security of user data is a top priority for EdUnion. This document outlines the technical and organizational measures we take to protect your information across our products, including the union iOS app.

1. Data Protection

• Encryption in Transit: All data transmitted between our apps and our servers is encrypted using standard TLS 1.2+ protocols.
• Encryption at Rest: Sensitive data stored in our databases is encrypted at rest using industry-standard AES-256 encryption.

2. Authentication

We utilize secure authentication mechanisms to verify user identity. Where supported, we integrate with your institution's Single Sign-On (SSO) provider, meaning we do not store university passwords directly.

3. Access Controls

We follow the principle of least privilege. Access to production data is restricted to a small number of authorized engineering personnel who require it for maintenance or debugging purposes. All access is logged and monitored.

4. Monitoring

We maintain logs of system activity to detect and respond to potential security incidents. These logs are reviewed regularly for anomalies.

5. Vulnerability Reporting

We value the contributions of the security research community. If you believe you have found a security vulnerability in any EdUnion product, please report it to us immediately.

Security Contact: security@asku.app

6. Incident Response

We maintain an internal incident response plan to address security events promptly. In the event of a data breach affecting your personal information, we will notify you in accordance with applicable laws.

For general questions about our security practices, please contact support@asku.app.