Skip to content

Highlights

✓ Student data is never sold
✓ Student profiles only shared with student’s consent
✓ Student data is encrypted using bank-grade technology
✓ Same top data centers as internet giants like Netflix, Airbnb, Expedia
FERPA and GDPR compliant
✓ StriveScan team is continuously trained and knowledgeable
✓ The only student scanning solution that offers:

‣ Two-factor authentication
‣ Biometric security
‣ Role-based account permissions
‣ Certified under the EU-U.S. Data Privacy Framework Program

Policies

Privacy and security are StriveScan’s top priorities. StriveScan maintains strict privacy restrictions and only shares personally identifiable student information with the institutions that the student consents or allows to scan their barcode, their school counselors, and the event coordinators. StriveScan does not sell or share student data to other third-parties.

Technology

StriveScan invests heavily in state-of-the-art technology to ensure the security of our data. We encrypt our data both in transit and at rest. While data is in transit, we use bank-grade SSL/TLS technology to ensure it is protected; this is the same https protocol (the lock symbol in your browser 🔒) that protects your bank account login and sensitive information on e-commerce websites.

We run our secure servers on Amazon Web Services, the same best-in-class data centers that are trusted by Fortune 500 companies and power internet giants like Netflix, Airbnb, Pinterest, NASA, Kelloggs, and Expedia, as well as education technologies commonly used in admissions like Technolutions Slate and Ellucian Recruit.

Student registration information is stored in a database that is IP-restricted and encrypted at rest. Encryption is performed by using the 256-bit Advanced Encryption Standard (AES-256) block cipher and AWS cryptography services.

We employ Cloudflare’s enormous infrastructure to provide our firewall, distributed denial of service (DDoS) protection, rate limiting, content distribution network (CDN), and other advanced security features to stop hackers. Cloudflare has an expansive global network of servers and is relied on by 20 million websites, including IBM, the Library of Congress, Reuters, and the FBI.

StriveScan utilizes role-based permissions, allowing institutions fine-grained controls of what access their team members have to data and configurations. Limited User permissions can be used to allow alumni and volunteers to securely scan and collect data, but not have permission to access or export it.

On mobile devices, we protect all of the data stored in the StriveScan app through strong encryption. We utilize Apple’s hardware encryption and file data protection and Android’s file-based encryption. Additionally, the StriveScan app is “sandboxed,” thus securing and isolating it, preventing any other app or process from accessing our data. Additionally, the StriveScan mobile app offers a Stealth Mode, which limits the data actually stored on device, perfect for users using personal devices.

StriveScan offers two-factor authentication and biometric login to add additional layers of protection.

In order to use the StriveScan app, every college representative must have their own password-protected login. Accounts have role-based permissions. All user passwords are hashed before being stored in our database and never persisted in plain text.

Student data is exported either via direct download from our website; via a secure, time-expiring download link sent via email; or via automatic uploads direct to institutions using Secure File Transfer Protocol (SFTP).

Legal Compliance

Additionally, we operate in strict regulatory environments and have designed our practices and technology to comply with key laws like FERPA in the United States and GDPR in Europe. The Family Educational Rights and Privacy Act (FERPA) gives parents certain rights with respect to their children’s education records. StriveScan honors those rights and supports compliance with FERPA‘s requirements on educational institutions.

For European data subjects, StriveScan adheres to the General Data Protection Regulation (GDPR)’s organizational and technical requirements and StriveScan honors all rights of access, rectification, erasure, and data portability. With more recent changes from the European Commission (EC), StriveScan has also implemented the European Standard Contractual Clauses (SCCs) for clear and transparent support of our compliance with applicable European data protection laws.

StriveScan is also the only student scanning app that is certified under the EU-U.S. Data Privacy Framework Program (DPF), the Swiss-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. Data Privacy Framework. These programs are set forth by the U.S. Department of Commerce and the International Trade Administration (ITA) regarding the cross-border collection, use, and retention of personal information.

Organizational Investment

Finally, StriveScan’s team is continuously trained and educated on the latest technology, best practices, security threats, and legal issues surrounding data protection, privacy, and our profession. We invest not only in the technology, but also our team’s knowledge to help our educational partners understand and achieve their goals while protecting the privacy of students.

StriveScan’s President, Dan Saavedra, has over two decades of experience in college admissions, technology, and law. He has worked in technology for AOL and run a digital agency, in law for federal and state court judges, and in college admissions as Illinois ACAC’s Director of Digital Communications for almost two decades.

More Information

If you have any questions regarding our policies, security, or technology, do not hesitate to contact us at [email protected].
Back To Top