✓ Student profiles only shared with student’s consent
✓ Student data is encrypted using bank-grade technology
✓ Same top data centers as internet giants like Netflix, Airbnb, Expedia
✓ FERPA and GDPR complaint
✓ The only student scanning solution that offers:
‣ Two-factor authentication
‣ Biometric security
‣ Role-based account permissions
‣ Certified under the EU-U.S. Privacy Shield Framework
✓ StriveScan team is continuously trained and knowledgeable
StriveScan invests heavily in state-of-the-art technology to ensure the security of our data. We encrypt our data in transit using bank-grade SSL technology to ensure it is protected; this is the same https protocol (the lock symbol in your browser 🔒) that protects your bank account login and sensitive information on e-commerce websites.
We run our secure servers on Amazon Web Services, the same best-in-class data centers that are trusted by Fortune 500 companies and power internet giants like Netflix, Airbnb, Pinterest, NASA, Kelloggs, and Expedia, as well as education technologies commonly used in admissions like Technolutions Slate and Ellucian Recruit.
We employ Cloudflare’s enormous infrastructure to provide our firewall, distributed denial of service (DDoS) protection, rate limiting, content distribution network (CDN), and other advanced security features to stop hackers. Cloudflare has an expansive global network of servers and is relied on by 20 million websites, including IBM, the Library of Congress, Reuters, and the FBI.
On mobile devices, we protect all of the data stored in the StriveScan app through strong encryption. We utilize Apple’s hardware encryption and file data protection and Android’s file-based encryption. Additionally, the StriveScan app is “sandboxed,” thus securing and isolating it, preventing any other app or process from accessing our data.
StriveScan offers two-factor authentication and biometric login to add additional layers of protection.
In order to use the StriveScan app, every college representative must have their own password-protected login. Accounts have role-based permissions. All user passwords are hashed before being stored in our database and never persisted in plain text.
Student data is exported either via direct download from our website; via a secure, time-expiring download link sent via email; or via automatic uploads direct to institutions using Secure File Transfer Protocol (SFTP).
Additionally, we operate in strict regulatory environments and have designed our practices and technology to comply with key laws like FERPA in the United States and GDPR in Europe. The Family Educational Rights and Privacy Act (FERPA) gives parents certain rights with respect to their children’s education records. StriveScan honors those rights and complies with FERPA‘s requirements on educational institutions.
For European data subjects, StriveScan adheres to the General Data Protection Regulation (GDPR)’s organizational and technical requirements and StriveScan honors all rights of access, rectification, erasure, and data portability.
Finally, StriveScan’s team is continuously trained and educated on the latest technology, best practices, security threats, and legal issues surrounding data protection, privacy, and our profession. We invest not only in the technology, but also our team’s knowledge to help our educational partners understand and achieve their goals while protecting the privacy of students.
StriveScan’s President, Dan Saavedra, has over two decades of experience in college admissions, technology, and law. He has worked in technology for AOL and run a digital agency, in law for federal and state court judges, and in college admissions as Illinois ACAC’s Director of Digital Communications for almost two decades.