Security & Trust

Security built for districts, enterprises, and high-stakes training.

Snack presents security the way school and enterprise reviewers expect it: control domains, audit-ready materials, and a clear path for DPA, procurement, and security review questions.

Trust at a glance

Control-domain focused security overview

Role-based access, MFA, encryption, and logging safeguards

District-ready privacy, retention, AI, and vendor review materials

Direct DPA and security-review support via support@snack.io

Openfire LLC DBA Snack

Security and DPA intake: support@snack.io

Governance and compliance

Snack organizes its public trust story around the controls and documents school and enterprise reviewers actually ask for.

Access and authentication

Role-based access, MFA requirements, and documented administrative safeguards protect access to customer data.

Data protection and privacy

Encryption, audit logging, retention controls, and time-limited access patterns are central to the public security posture.

School-audit ready

District-facing privacy, DPA, AI, retention, and vendor review materials stay easy to access for audit workflows.

Security governance and controls

Control domains that map to how schools and enterprises review software

This page emphasizes governance, access, privacy, monitoring, resilience, and incident response rather than implementation detail. The goal is to answer common audit questions without exposing unnecessary stack specifics on the marketing page.

Security governance

Security practices align with NIST Cybersecurity Framework v1.1 and are documented in public policies and trust materials designed to support school, procurement, and legal review.

Access and authentication

Administrative access is limited by role and protected with multi-factor authentication requirements.

Data protection

Customer data is encrypted in transit and at rest, with logical separation controls and limited-access handling.

Logging and auditability

Key administrative and compliance-sensitive events are logged, with certain audit categories retained for up to 7 years.

Availability and resilience

Infrastructure, backups, and recovery planning are designed to support continuity, reliability, and customer operations.

AI and data usage controls

AI workflows are governed by documented data-use controls, workspace-level settings, and stronger restrictions for K-12 organizations.

Privacy and retention controls

Organizations can manage transcript retention, human review, and AI improvement preferences at the workspace level.

Incident response

Incident response and breach notification timelines are governed by applicable law and customer contract or DPA terms.

Vendor oversight

Service providers are reviewed through contractual, privacy, and security requirements before they support customer-facing workflows.

School audit readiness

Built to support district, enterprise, higher-ed, and international review

Snack keeps school-audit language, procurement support, and document access visible so districts can review controls without relying on public stack disclosure.

K-12 schools & districts

Structured for district privacy and legal review

Snack supports district review with public privacy, retention, AI, and audit materials plus direct DPA execution. SDPC NDPA coverage is approved across 15 states, and direct district agreements are available for additional jurisdictions.

FERPA

Snack supports school-official workflows and contract-based handling of education records for educational customers.

COPPA

Snack supports school-authorized use for students under 13 and provides operator disclosures for school review.

NY Ed Law Section 2-d

Data security planning and contractual support are available for New York district reviews.

SDPC NDPA

Snack has an approved SDPC NDPA across 15 states and supports direct district agreements where needed.

SDPC coverage

Approved
MassachusettsMaineIllinoisIowaMissouriNebraskaNew HampshireNew JerseyNew YorkOhioRhode IslandTennesseeVermontVirginiaWashington

Common review materials

  • Privacy Policy
  • Subprocessors List
  • Retention & Deletion Policy
  • AI Data Use Addendum
  • Signed NDPA through SDPC or direct district agreement

Sports & athletic programs

Coaches and athletic departments can keep film, playbooks, and training content inside an access-controlled workflow.

  • Encrypted storage for video and coaching materials
  • Role-based access for coaches, staff, and athletes
  • No cross-context behavioral advertising claims in the public privacy posture
  • Signed media delivery for private viewing workflows

Corporate L&D teams

Enterprise buyers can review a documented security posture without relying on marketing-only promises.

  • DPA and procurement review support
  • Workspace controls for AI handling and transcript retention
  • Operational analytics and diagnostics without session replay or form capture
  • Trust materials available for procurement review

Higher education

Colleges and universities can map Snack to institutional data-governance and student-record review workflows.

  • FERPA-oriented handling of education records
  • PPRA support language available in review materials
  • Institutional DPA options with custom governance terms
  • Security-review coordination with IT and legal stakeholders

International organizations

Global teams can review cross-border support and data-handling controls without needing public implementation detail on the page.

  • Primary customer data handling questions can be reviewed directly with the Snack team
  • Regional transfer and residency questions can be addressed during audit review
  • SCCs are available on request for cross-border review
  • Regional DPA language can be reviewed with the Snack team

Vendor oversight

Service categories and provider oversight without public stack disclosure

The public page focuses on service categories and control expectations. Detailed provider information remains available through review materials when schools, legal teams, or procurement stakeholders need it.

Snack service categories
Service categoryPurposeData scopeReview path
Cloud infrastructureHosting, availability, and operational continuityApplication requests, service runtime, and core availability workflowsDetailed provider information available in review materials
Data storage & identity systemsAccount management, data storage, and access controlUser accounts, content metadata, and protected application dataGoverned by retention policy and contract terms
Video processing providersVideo storage, processing, streaming, and secure deliveryVideo files and playback-related workflowsGoverned by content lifecycle and access controls
AI service providersSummarization, quiz generation, search, and AI-assisted workflowsPrompt content and workflow-specific inputsSee AI data-use materials and review documentation
Communications & billing processorsTransactional communication and payment workflowsOperational notifications and billing dataSubject to processor and legal retention obligations

Provider review standards

Service providers are evaluated through privacy, security, contractual, and deletion-support requirements before supporting customer-facing workflows.

Minimal public disclosure

The public page stays focused on controls and audit-readiness. More detailed provider information is available when a school or procurement review requires it.

Change communication

Material provider and trust-material changes are communicated through review materials, admin notices, and the product changelog.

Available documents

Audit materials and review resources

The table below separates self-serve materials from request-based review paths while keeping public descriptions intentionally high level.

Snack security and privacy documents
ArtifactWhat it coversAccess
Data Security and Privacy PlanNYSED-aligned data security and privacy plan covering governance, access controls, encryption, incident response, and breach notification.Download plan (PDF)
Privacy PolicyPublic privacy commitments across educational, enterprise, and state privacy scenarios.View policy
Detailed processor & vendor review materialsDetailed provider information for school audits, legal review, and procurement diligence.Review materials
Retention & Deletion PolicyRetention windows for accounts, transcripts, analytics, backups, and deletion procedures.Download artifact
AI controls & data use summaryAI workflows, organization-level controls, K-12 restrictions, and retention notes.Download artifact
Data Processing Agreement (DPA)Standard or custom DPA support for schools, districts, higher-ed, and enterprise buyers.Request by email
Incident Response PlanDetailed incident workflow, notification process, and severity guidance for review.Request by email
Security review supportQuestionnaire support, procurement follow-up, and documentation coordination.Contact security

Faster first review

Public materials answer the first round of district and procurement questions before a longer review thread begins.

Clear access paths

DPA, incident response, and questionnaire support stay easy to request without forcing buyers through a dead-end form.

Change communication

Trust updates are reflected through review materials, admin notices for material changes, and the public product changelog.

Contact security

Security review, DPA, and vulnerability reporting stay on one path.

Use the Snack security contact for document requests, procurement reviews, DPAs, or responsible disclosure. If you already have a questionnaire or district-specific terms, send them with your request so the team can respond in context.

DPA request

Email support@snack.io with subject line DPA Request.

Security question

Ask about controls, docs, or procurement follow-up.

Report an issue

Share a suspected vulnerability privately with reproduction details.

Trust center notes

Self-serve first

Public artifacts are linked above so buyers can review core materials before emailing.

Material change notices

Subprocessor and trust-material updates are reflected in public artifacts, admin notices, and the changelog.

Privacy terms

For broader privacy commitments, see the Privacy Policy.

Openfire LLC DBA Snack

Primary security contact: support@snack.io