Verified · nextstep.com

NextStep AI Inc. Trust Center

This Trust Center provides transparent visibility into NextStep AI Inc.'s security, compliance, governance, and trust documentation, giving your procurement and security teams everything they need in one place.

Security posture

The Foundation of Learning Is Trust

A learning platform holds some of the most sensitive information any software company can hold: the identities of children, private messages between students and educators, academic records, and the daily evidence of how a person learns. NextStep is engineered to protect it.

We encrypt all customer data in transit and at rest. We self-host the AI models that power student and teacher interactions, so private conversations never leave our infrastructure and are never sent to third-party AI providers. We collect only what learning requires, retain it only as long as necessary, and never sell it. We design every system on the assumption that the broader ed-tech sector will continue to be targeted, with continuous hardening, monitoring, and independent review.

Protecting it is not a feature of NextStep. It is the foundation of everything we build.

Controls

Safeguards continuously monitored across our infrastructure and processes.

An up to date list of controls published internally by NextStep AI Inc.

35

Controls

  • Acceptable Use
  • Access Rights
  • Asset Inventory
  • Change management
  • Configuration & Patch Management
  • Credential Management
  • Data Privacy
  • Data Retention & Destruction
  • Disaster Recovery Planning
  • Disciplinary process
  • Encrypted Data at Rest
  • Encryption Key Management
  • Endpoint Protection
  • Endpoint Security
  • Information Classification
  • Management Security Accountability
  • Network Security
  • Organization Structure & Reporting Lines
  • Personnel Security
  • Physical Access Control
  • Policy Compliance
  • Regulatory Liaison
  • Remote-Work Security
  • Resource Capacity Management
  • Risk Management
  • Secure Data Transfer
  • Secure SDLC Integration
  • Security Governance Roles
  • Security Incident Management
  • Security Logging
  • Security Monitoring & Detection
  • Segregation of duties
  • Standard Operating Procedures (SOPs)
  • Supplier Security
  • Vulnerability Management
Policies

Internal policies that govern how we operate and protect customer data.

An up to date list of policies published internally by NextStep AI Inc.

29

Policies

  • Access Control & Least Privilege
  • Authentication & Password
  • Acceptable Use & Workstation Security
  • Information Sharing & Transfer
  • Physical Security & Environmental
  • Vendor & Third-Party Risk
  • Policy Management & Exception Handling
  • Secure Software Development Lifecycle
  • Secure Configuration & Hardening
  • Washington State Higher Education Compliance Addendum
  • Accessibility & Section 508 Compliance
  • Change & Release Management
  • Remote Access & BYOD
  • AI Model Governance & Inference Security
  • FERPA Compliance Policy
  • Logging, Monitoring & Audit
  • Risk Management
  • Information Security & Privacy Governance
  • Security & Privacy Awareness Training
  • Sanctions & Disciplinary
  • Background Screening & On/Off-boarding
  • Backup, Business Continuity & Disaster Recovery
  • Vulnerability & Patch Management
  • Compliance & Regulatory Monitoring
  • Data Classification & Handling
  • Retention & Secure Disposal
  • Encryption & Crypto Controls
  • Incident Response & Breach Notification
  • Privacy & Data-Subject Rights
Access Request

Request Security Questionnaire Access

Request access to security questionnaire.

Purpose

Helpful context speeds up approval. 500 character max.

A mutual NDA is required. After submitting, you'll receive an email with a short electronic signature link. Documents unlock immediately after signing.