/-/https/www.sciencebuddies.org/cdn/Files/21464/5/sb-logo.png){kind=logo}
/-/https/www.sciencebuddies.org/cdn/Files/21464/5/sb-logo.png){kind=logo}
Security Practices
Last updated: November 21, 2025
Science Buddies is committed to maintaining the confidentiality, integrity, and availability of the information entrusted to us by students, educators, and families. Our security practices are designed to protect data at every stage — during collection, storage, transmission, and access — and to ensure that the learning environment remains safe, reliable, and respectful of user privacy.
- Our Approach to Security
- Infrastructure and Data Protection
- Data Storage, Backup, and Recovery
- Access Controls and Authentication
- Monitoring and Incident Preparedness
- Data Breach Response
- Continuous Improvement and Accountability
- Contact
Our Approach to Security
Security is embedded throughout Science Buddies’ technology and operations. All systems are designed using secure development principles and undergo regular testing, review, and monitoring to ensure they meet high standards for protection. Access to systems and data is limited to authorized personnel whose roles require it, and all employees receive annual security and privacy training.
Infrastructure and Data Protection
Our infrastructure is hosted in secure, industry-standard cloud environments that provide physical, network, and application-layer safeguards. Data in transit is protected with HTTPS/TLS 256-bit encryption, and sensitive information at rest is encrypted using strong algorithms. Systems are segmented to minimize risk exposure, and firewalls and access controls restrict internal access based on least-privilege principles.
Science Buddies’ services are hosted on Amazon Web Services (AWS), a leading cloud provider that meets rigorous international standards for physical and operational security. AWS data centers are independently audited and certified under ISO 27001, ISO 9001, SOC 3, and other recognized frameworks. Additional details about AWS security and compliance practices are available at aws.amazon.com/security and aws.amazon.com/compliance
Data Storage, Backup, and Recovery
Science Buddies maintains reliable and resilient data storage systems designed to ensure the availability and integrity of user information. Data is hosted in secure, U.S.-based cloud environments that meet rigorous industry standards for physical and operational security.
User data is backed up regularly, with encrypted copies stored in geographically separated locations to provide redundancy and support disaster recovery. Backups include full versions of production data and are retained for up to two years in accordance with our data retention policy.
Our database architecture is designed for high availability, performance, and rapid recovery, using technologies that support replication and scalability across multiple nodes. This structure minimizes downtime and ensures that educational services remain available even in the event of a system disruption.
Access Controls and Authentication
All administrative and system access is protected through strong authentication mechanisms, including the use of multifactor authentication where appropriate. User access rights are reviewed periodically to ensure that only those with a legitimate business need retain permissions.
Monitoring and Incident Preparedness
Continuous monitoring helps identify potential security or performance issues quickly. Automated alerts are configured to detect anomalies in network traffic, system access, or user behavior. Our monitoring program is regularly reviewed to ensure alerts, thresholds, and response procedures remain effective as systems and threats evolve.
Data Breach Response
In the event of a data breach, Science Buddies has established a structured response process to contain, assess, and mitigate the incident. Our Data Breach Response Plan outlines immediate containment steps, coordination with internal and external experts, and communication procedures with affected educational partners. If a breach involves personal data, impacted institutions and users will be notified promptly, and appropriate corrective actions will be taken to prevent recurrence.
Continuous Improvement and Accountability
Security is an evolving discipline. We regularly review system designs, operational procedures, and partner agreements to stay aligned with current best practices and emerging threats. Employee training, security testing, and process audits are ongoing parts of this commitment. By fostering a culture of awareness and accountability, we aim to maintain the trust of the schools, educators, and families we serve.
Contact
For questions about these security practices or to report a concern, please contact Science Buddies at [email protected].
/-/https/img.youtube.com/vi/rvyNRQ2J1_c/0.jpg)
/-/https/img.youtube.com/vi/y7v1xHn3Vmw/0.jpg)
/-/https/img.youtube.com/vi/zTTuB_afFyQ/0.jpg)