At RCampus, safeguarding the privacy and security of our users’ data is our top priority. We implement comprehensive security measures and transparent data handling practices to protect your information.

Server Security:

Our services are hosted on Amazon Web Services (AWS), a leader in secure cloud infrastructure. AWS data centers are geographically distributed within the United States, providing reliable and secure hosting. AWS’s compliance with numerous security standards, such as ISO 27001 and SOC 2, ensures that our data hosting practices meet the highest industry standards.

• All servers, application, and data are housed in AWS 
• Only select admins have access to sensitive data and operations
• AWS compliance information can be found here: https://docs.aws.amazon.com/whitepapers/latest/introduction-aws-security/compliance.html

Application and Data Security:

Encryption

All data, whether at rest or in transit, is encrypted using advanced encryption standards. Data at rest is protected using SHA256 encryption, while data in transit is secured through Transport Layer Security (TLS) protocols. This ensures that your information remains confidential and secure from unauthorized access.

• RCampus/iRubric authenticates users directly or using institutional Single SignOn systems in which case as it does not collect or require user passwords
• All data is transmitted from institutional systems are secured via SSL and security tokens
• Names are encrypted in the database
• Application runs in secure HTTPS mode (TTL) at all time
• Application is scanned for intrusion by third party systems
• URL parameters are filtered by application for added security

Identity Management

RCampus employs stringent identity management protocols to control access to our services. We utilize role-based access control (RBAC) to ensure that only authorized individuals can access sensitive information. User access is regularly reviewed and updated to maintain compliance with security policies.

Patches & Upgrades

We continuously update our software to enhance functionality and security. Patches and upgrades are deployed regularly, with critical security patches applied immediately. Major feature releases are communicated to system administrators in advance, ensuring seamless integration and minimal disruption to our users.

Security Testing & Monitoring

RCampus conducts continuous real-time monitoring and regular security testing to identify and address potential vulnerabilities. Our security measures include third-party penetration testing, automated vulnerability scanning, and 24/7 monitoring of our systems to detect and mitigate threats promptly.

Data Backup & Recovery

Automated Backups

We perform regular automated backups of all user data to ensure data integrity and availability. Backup frequency ranges from hourly to daily depending on the criticality of data. This ensures that your data can be quickly restored in the event of data loss or corruption.

Disaster Recovery

Our disaster recovery plan (DRP) includes measures to ensure business continuity. In case of catastrophic events, we have the capability to rapidly rebuild servers and restore services. This minimizes downtime and ensures that our users have continuous access to our services.

Compliance & Privacy Policy

Data Retention Policies

RCampus adheres to strict data retention policies, retaining data for the duration of the license period or a minimum of five years. Upon termination of services, we facilitate the secure return or destruction of data based on institutional requests.

Regulatory Compliance

We comply with key regulations, including the Family Educational Rights and Privacy Act (FERPA). These regulations mandate strict data protection and privacy standards, ensuring that we handle your information with the utmost care and legal compliance.

Information Collection and Use

iRubric may collect User Information from the LMS and Single SignOn (SSO) systems to enable user identification for grading, ePortfolios, and other required operations.  This data cannot include user password.  Users’ names are encrypted in the database.

Information Sharing and Disclosure

Reazon does not rent, sell, or share User Information with other agencies except to provide information requested under the following circumstances: 

• In order to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;
• In order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law.

Reazon will first contact Licensee with a notification, should a disclosure of data be required as stated above.

Inappropriate Content, Advertising, Spam, etc.

To provide a safe environment for End Users, RCampus reserves the right to monitor any content that RCampus may find inappropriate. RCampus will first contact Licensee with a notification.

FERPA Compliance:

RCampus adheres to best practices to protect student information as prescribed by Family Educational Rights and Privacy Act (FERPA).  Reazon will be considered a “School Official” (as that term is used in FERPA and its implementing regulations) and will comply with FERPA.

Changes to This Policy

We may update this policy periodically to reflect changes in our practices or legal requirements. We will post significant changes and provide an updated policy on our website.

Contact Us

If you have any questions or concerns about our privacy and security practices, please contact us.