NextStep AI Inc. Trust Center
This Trust Center provides transparent visibility into NextStep AI Inc.'s security, compliance, governance, and trust documentation, giving your procurement and security teams everything they need in one place.
The Foundation of Learning Is Trust
A learning platform holds some of the most sensitive information any software company can hold: the identities of children, private messages between students and educators, academic records, and the daily evidence of how a person learns. NextStep is engineered to protect it.
We encrypt all customer data in transit and at rest. We self-host the AI models that power student and teacher interactions, so private conversations never leave our infrastructure and are never sent to third-party AI providers. We collect only what learning requires, retain it only as long as necessary, and never sell it. We design every system on the assumption that the broader ed-tech sector will continue to be targeted, with continuous hardening, monitoring, and independent review.
Protecting it is not a feature of NextStep. It is the foundation of everything we build.
Controls
Review the operational, technical, and governance safeguards we monitor across access, encryption, secure development, incident response, vendor risk, and infrastructure security.
Policies
See the internal policies that define how NextStep handles customer data, employee access, privacy obligations, business continuity, vulnerability management, and compliance.
Subprocessors
Understand which third-party providers support the platform, what they are used for, and where to find each provider's own trust and compliance information.
Resources
Find public trust resources including service status, privacy documentation, terms of service, and deeper links for procurement and security review.
Safeguards continuously monitored across our infrastructure and processes.
An up to date list of controls published internally by NextStep AI Inc.
Controls
- Acceptable Use
- Access Rights
- Asset Inventory
- Change management
- Configuration & Patch Management
- Credential Management
- Data Privacy
- Data Retention & Destruction
- Disaster Recovery Planning
- Disciplinary process
- Encrypted Data at Rest
- Encryption Key Management
- Endpoint Protection
- Endpoint Security
- Information Classification
- Management Security Accountability
- Network Security
- Organization Structure & Reporting Lines
- Personnel Security
- Physical Access Control
- Policy Compliance
- Regulatory Liaison
- Remote-Work Security
- Resource Capacity Management
- Risk Management
- Secure Data Transfer
- Secure SDLC Integration
- Security Governance Roles
- Security Incident Management
- Security Logging
- Security Monitoring & Detection
- Segregation of duties
- Standard Operating Procedures (SOPs)
- Supplier Security
- Vulnerability Management
Internal policies that govern how we operate and protect customer data.
An up to date list of policies published internally by NextStep AI Inc.
Policies
- Access Control & Least Privilege
- Authentication & Password
- Acceptable Use & Workstation Security
- Information Sharing & Transfer
- Physical Security & Environmental
- Vendor & Third-Party Risk
- Policy Management & Exception Handling
- Secure Software Development Lifecycle
- Secure Configuration & Hardening
- Washington State Higher Education Compliance Addendum
- Accessibility & Section 508 Compliance
- Change & Release Management
- Remote Access & BYOD
- AI Model Governance & Inference Security
- FERPA Compliance Policy
- Logging, Monitoring & Audit
- Risk Management
- Information Security & Privacy Governance
- Security & Privacy Awareness Training
- Sanctions & Disciplinary
- Background Screening & On/Off-boarding
- Backup, Business Continuity & Disaster Recovery
- Vulnerability & Patch Management
- Compliance & Regulatory Monitoring
- Data Classification & Handling
- Retention & Secure Disposal
- Encryption & Crypto Controls
- Incident Response & Breach Notification
- Privacy & Data-Subject Rights
Third parties that process data on our behalf under strict contractual safeguards.
Policies, whitepapers, and contacts for deeper information.
NextStep AI Status
Real-time service status, incident history, and scheduled maintenance for the NextStep AI platform.
OpenPrivacy Policy
NextStep AI's privacy policy describing how personal data is collected, used, shared, and protected, along with user rights.
OpenTerms of Service
NextStep AI's terms of service governing use of the platform, including user obligations, acceptable use, and service commitments.
Open