skip to Main Content

Highlights

✓ Student profiles only shared with student’s consent
✓ Student data is encrypted using bank-grade technology
✓ Same top data centers as internet giants like Netflix, Airbnb, Expedia
FERPA and GDPR complaint
✓ StriveScan team is continuously trained and knowledgable

Policies

Privacy and security are StriveScan’s top priorities. StriveScan maintains strict privacy restrictions and only shares personally identifiable student information with the institutions that the student consents or allows to scan their barcode, their school counselors, and the event coordinators. StriveScan does not sell or share student data to other third-parties.

Technology

StriveScan invests heavily in state-of-the-art technology to ensure the security of our data. We encrypt our data in transit using bank-grade SSL technology to ensure it is protected; this is the same https protocol (the lock symbol in your browser 🔒) that protects your bank account login and and sensitive information on e-commerce websites.

We run our secure servers on Amazon Web Services, the same best-in-class data centers that are trusted by Fortune 500 companies and power internet giants like Netflix, Airbnb, Pinterest, NASA, Kelloggs, and Expedia.

We employ Cloudflare’s enormous infrastructure to provide our firewall, distributed denial of service (DDoS) protection, rate limiting, content distribution network (CDN), and other advanced security features to stop hackers. Cloudflare has an expansive global network of servers and is relied on by 20 million websites, including IBM, the Library of Congress, Reuters, and the FBI.

On mobile devices, we protect all of the data stored in the StriveScan app through strong encryption. We utilize Apple’s hardware encryption and file data protection and Android’s file-based encryption. Additionally, the StriveScan app is “sandboxed,” thus securing and isolating it, preventing any other app or process from accessing our data.

In order to use the StriveScan app, every college representative must have their own password-protected login. All user passwords are hashed before being stored in our database and never persisted in plain text. Student data is exported either via direct download from our website or via a secure, time-expiring download link sent via email.

Legal Compliance

Additionally, we operate in strict regulatory environments and have designed our practices and technology to comply with key laws like FERPA in the United States and GDPR in Europe. The Family Educational Rights and Privacy Act (FERPA) gives parents certain rights with respect to their children’s education records. StriveScan honors those rights and complies with FERPA‘s requirements on educational institutions. For European data subjects, StriveScan adheres to the General Data Protection Regulation (GDPR)’s organizational and technical requirements and StriveScan honors all rights of access, rectification, erasure, and data portability.

Organizational Investment

Finally, StriveScan’s team is continuously trained and educated on the latest technology, best practices, security threats, and legal issues surrounding data protection, privacy, and our profession. We invest not only in the technology, but also our team’s knowledge to help our educational partners understand and achieve their goals while protecting the privacy of students.

StriveScan’s President, Dan Saavedra, has over two decades of experience in college admissions, technology, and law. He has worked in technology for AOL and run a digital agency, in law for federal and state court judges, and in college admissions as Illinois ACAC’s Director of Digital Communications for almost two decades.

More Information

If you have any questions regarding our policies, security, or technology, do not hesitate to contact Dan Saavedra, President, at [email protected].
Back To Top