Security & Trust

Built for academic trust

MiaCortex is designed around the realities of higher education — where transparency, data protection, and academic integrity are non-negotiable.

Data protection

  • All traffic encrypted in transit via TLS 1.2+.
  • Data at rest encrypted on managed Google Cloud infrastructure.
  • Role-based access control with least-privilege principles.
  • Regular automated backups with point-in-time recovery.

Authentication

  • Industry-standard OAuth via Google Sign-In (NextAuth.js).
  • Credentials hashed with bcrypt; no plain-text passwords.
  • Session cookies are HTTP-only, Secure, and SameSite-protected.
  • SSO (Google Workspace, SAML) available on institutional plans.

Responsible AI

  • Student code and conversations are never used to train foundation models.
  • Every AI interaction is logged, auditable, and exportable.
  • Instructors can configure AI guardrails and disclosure policies.
  • Clear in-product disclosure when AI is generating a response.

Privacy & compliance

  • Transparent Privacy Policy and Terms of Service.
  • Data minimization — we only collect what’s needed to provide the service.
  • Account deletion and data export available on request.
  • Cookie usage limited to essential and analytics (with consent).

Operational security

  • Deployed on Google Cloud Run with managed autoscaling.
  • Continuous dependency scanning and patching.
  • Error monitoring, audit logs, and anomaly alerts.
  • Secrets stored in Google Secret Manager — never in source code.

Academic integrity

  • Socratic-first AI that coaches rather than solves.
  • Per-course policies to restrict or disclose AI assistance.
  • Submission records retained for audit and accreditation.
  • Instructor dashboards show exact AI usage per student.

Report a vulnerability

If you believe you have found a security issue, please email us. We triage every report and respond within one business day.

[email protected]

See also our Privacy Policy and Terms of Service.