Current posture
| Control | Status | Notes |
|---|---|---|
| HTTPS / TLS 1.3 | Active | All endpoints |
| Encryption at rest (AES-256) | Active | All data stores |
| Per-user data isolation | Active | Enforced at API and graph layers |
| No training on user content | Active | Policy and architecture |
| No data selling | Active | Policy commitment |
| GDPR data subject rights | Active | Access / deletion on request |
| FERPA-aligned data handling | Active | For Canvas integrations |
| Microsoft publisher verification | In progress | Pending AZ LLC processing |
| SOC 2 Type II | Planned | Target: 2027 |
FERPA
RemMe's Canvas integration accesses student educational records as defined under FERPA (Family Educational Rights and Privacy Act). Panderose acts as a "school official" under the legitimate educational interest exception when institutions deploy RemMe to their students.
We do not share Canvas data with third parties beyond the sub-processors listed below, all of which are bound by appropriate data agreements. We do not sell Canvas data. Students may request deletion of their Canvas-derived data by contacting [email protected].
Institutions requiring a Data Processing Agreement (DPA) for Canvas deployment should see our DPA page.
GDPR
If you are in the European Economic Area or United Kingdom, you have the following rights under GDPR/UK GDPR:
- Access: request a copy of the personal data we hold about you
- Rectification: correct inaccurate data
- Erasure: request deletion of your data
- Portability: receive your data in a structured, machine-readable format
- Objection: object to processing based on legitimate interests
- Restriction: request that we restrict processing while a dispute is resolved
To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
Panderose is the data controller for personal data processed through RemMe. For the purposes of international data transfers, Groq (our LLM inference provider) processes limited query data in the United States under standard contractual clauses.
SOC 2 Type II roadmap
We intend to pursue SOC 2 Type II certification as the product matures. Our target is to begin the observation window in 2026 with a report in 2027. We will update this page when the audit begins.
In the meantime, our security controls are documented on the Security page.
Sub-processors
The following third parties process customer data on Panderose's behalf:
| Name | Purpose | Location |
|---|---|---|
| Groq | LLM inference (chat responses) | United States |
| Qdrant (self-hosted) | Vector search index | Prescott, AZ |
| Neo4j (self-hosted) | Knowledge graph storage | Prescott, AZ |
| Ollama (self-hosted) | Embedding generation | Prescott, AZ |
We will update this list when sub-processors are added or removed. To be notified of changes, email [email protected].
Data Processing Agreement
Institutions requiring a formal DPA for Canvas deployment can request one via [email protected]. Our standard DPA template is available on the DPA page.