Security Architecture

Security that withstands scrutiny

ExamCoder is built on a zero-trust security model. Every layer of the platform enforces authentication, authorization, and data isolation independently. No single point of compromise can expose institutional data.

Defense in Depth

Six layers of protection

Each security layer operates independently. A failure in one layer does not compromise the others.

Data Isolation

Complete tenant isolation at the database level using PostgreSQL Row-Level Security policies. Every query is scoped to the authenticated organization. No shared tables, no cross-tenant joins, no data leakage vectors.

Controls

  • Row-level security on all tables
  • Organization-scoped queries
  • Tenant ID validation on every request
  • No shared data paths between organizations

Encryption

All data is encrypted both in transit and at rest. TLS 1.3 for all network communication, AES-256 for stored data, and cryptographic integrity verification for audit logs.

Controls

  • TLS 1.3 for all connections
  • AES-256 encryption at rest
  • Cryptographic audit log integrity
  • Secure key management

Access Control

Granular role-based access control with principle of least privilege. JWT-based authentication with short-lived tokens, session management, and comprehensive permission scoping.

Controls

  • Four-tier role hierarchy
  • JWT with short expiration
  • Principle of least privilege
  • Session-based access management

Vendor Zero-Access

ExamCoder is architected so that platform operators have no access to examination content or student data in production. Administrative access is logged, auditable, and requires explicit authorization.

Controls

  • No vendor access to exam content
  • All admin access is audited
  • Explicit authorization required
  • Customer-controlled data retention

Compliance-Ready Infrastructure

Infrastructure designed to support institutional compliance requirements including data residency, retention policies, audit trails, and access reporting.

Controls

  • Geographic data residency options
  • Configurable retention policies
  • Complete audit trail exports
  • Access reporting for compliance reviews

Infrastructure Security

Hardened deployment infrastructure with network isolation, automated security updates, intrusion detection, and continuous monitoring. Dedicated deployment option available for maximum isolation.

Controls

  • Network-level isolation
  • Automated security patching
  • Continuous monitoring
  • Dedicated instance option

Request a security review

We provide detailed security documentation and architecture reviews for institutional evaluation processes.

Request Security DocumentationView Platform Details