Security built for the people who hand you their kids.
Childcare data is sensitive: minors, custody, medical, immigration status, payment info. CIRCLETIME treats it that way at every layer — infrastructure, database, application, and AI.
Encryption everywhere
TLS 1.2+ in transit. AES-256 at rest. Database, backups, file storage, and short-lived signed URLs for downloads.
MFA & SAML SSO
TOTP MFA for every admin role. Enterprise customers can require MFA org-wide and bring SAML 2.0 SSO from Google, Okta, or Azure AD.
Per-tenant RLS
Row-Level Security on every table. Each childcare's data is isolated at the database layer, not just the app layer.
Login & audit trail
Every successful sign-in is recorded with IP and user agent. Directors can review sessions and force a global sign-out in one click.
IP allow-listing
Optional CIDR allow-lists per center for staff portals — block access from outside your network.
Hardened edge runtime
Server functions run on Cloudflare's edge network behind WAF and DDoS protection.
SOC 2-aligned controls
Access reviews, change management, vendor reviews, and nightly evidence collection. Audit-ready CSV export of role & MFA status.
AI safety, audited nightly
Every AI output passes our hallucination guard. The full golden test suite runs every night — public pass-rate on /trust.
Your rights
- Export your entire data set (CSV/JSON) at any time from the director console.
- Delete a child, family, or staff record and we honor it within 30 days across backups.
- Sign a DPA in two clicks — GDPR + CCPA + COPPA aligned. Preview at /dpa.
Report a vulnerability
Found something? Email security@educircletime.com. We acknowledge within one business day and triage within three. Coordinated disclosure preferred — please do not test against live customer data.