Security & Compliance

Security built into every layer

Hundreds of thousands of students and institutions across 180 countries trust Rouxbe with their data. We protect it with industry-standard encryption, hardened AWS infrastructure, and continuous monitoring against recognized security frameworks.

Encrypted in Transit

TLS 1.2+ secures every connection between your browser and our servers.

Encrypted at Rest

All stored data is protected with AES-256 encryption.

AWS Infrastructure

Hosted on AWS with defense-in-depth and least-privilege access.

Continuously Audited

Benchmarked against AWS, CIS, NIST, and CMMC standards.

Your data is encrypted, end to end

We apply strong, industry-standard cryptography at every stage of your data's lifecycle—while it moves across the network and while it sits at rest in our databases and storage.

Safe data handling and encryption
TLS 1.2+

In transit

Every request to Rouxbe is served over HTTPS. Connections are protected with TLS 1.2 or higher and modern cipher suites, so data exchanged between your device and our servers cannot be read or tampered with in flight.

AES-256

At rest

Data stored in our databases, file storage, and backups is encrypted using AES-256, one of the strongest block ciphers available and the standard trusted for protecting sensitive information.

AWS KMS

Key management

Encryption keys are generated, stored, and rotated using AWS Key Management Service. Keys are isolated from the data they protect and access is tightly scoped and logged.

Hardened AWS infrastructure

Rouxbe runs on Amazon Web Services, inheriting the physical, network, and operational security of one of the world's most rigorously certified cloud platforms—and we layer our own controls on top.

Network isolation

Resources run inside private VPCs with security groups and network ACLs that restrict traffic to only what's required.

Least-privilege access

IAM roles and policies grant the minimum permissions needed, with multi-factor authentication required for administrative access.

Continuous monitoring

AWS Security Hub, GuardDuty, CloudTrail, and Config continuously watch for misconfigurations and suspicious activity.

Resilient backups

Automated, encrypted backups and multi-AZ redundancy keep data durable and recoverable.

AES-256
Encryption at rest across databases, storage, and backups
TLS 1.2+
Enforced on every connection to the platform
MFA
Required for privileged and administrative access
24/7
Automated monitoring and alerting on AWS

Benchmarked against recognized frameworks

We don't just claim to be secure—we measure ourselves against established industry standards. Through AWS Security Hub, our environment is continuously and automatically checked for compliance readiness against the following standards.

AWS Foundational Security Best Practices v1.0.0

AWS Security Hub

A curated set of automated security checks, defined by AWS security experts, that detect when AWS accounts and deployed resources fall out of alignment with best practices across AWS's most popular and foundational services.

CIS AWS Foundations Benchmark v1.4.0

AWS Security Hub

Security configuration best practices for AWS from the Center for Internet Security (CIS). Security Hub automatically checks our compliance readiness against a subset of these requirements.

CIS AWS Foundations Benchmark v3.0.0

AWS Security Hub

The latest revision of the CIS AWS Foundations Benchmark, expanding and updating the configuration best practices we are continuously evaluated against.

NIST Special Publication 800-171 Revision 2

AWS Security Hub

Recommended security requirements for protecting the confidentiality of Controlled Unclassified Information (CUI). Security Hub checks our readiness against a subset of NIST 800-171 R2 requirements.

CMMC Level 1

Cybersecurity Maturity Model Certification

Foundational cybersecurity practices for safeguarding federal contract information, supporting partners with public-sector and government training requirements.

SOC 2 Type II

In progress
AICPA Trust Services Criteria

An independent, third-party examination of our controls for security, availability, and confidentiality over time. Our SOC 2 Type II examination is currently underway.

Compliance benchmarks measure our configuration against published control sets via AWS Security Hub; they are part of our ongoing security program and are not, on their own, formal third-party certifications.

Security practices we live by

Strong technology is only part of the picture. We pair it with operational discipline so that security is maintained day to day, not just at launch.

Access control

Role-based access and least-privilege permissions ensure people and systems can reach only the data they need to do their jobs.

Multi-factor authentication

MFA is enforced for administrative and privileged access to our infrastructure and tooling.

Logging & auditability

Activity across our AWS environment is logged via CloudTrail and retained so events can be investigated and audited.

Patching & hardening

Systems and dependencies are kept up to date, and configurations are hardened against the benchmarks above.

Backup & recovery

Encrypted, automated backups and redundant infrastructure protect against data loss and support recovery.

Incident response

We monitor for anomalies and maintain processes to detect, respond to, and learn from security events.

Security & compliance documentation

Review the policies and standards that govern how we collect, use, and protect your data. For anything else, our security team is a message away.

Questions about our security posture? Get in touch