Built for K-12 data privacy, end to end

Yes. Sokano is designed to operate under the FERPA "school official" exception: the platform processes student education records only under the direct control of the school district, uses them solely for the service the district has engaged us to provide, and does not disclose them to third parties. Student PII is isolated by role with row-level security, and the interpreter job board is built to hide all student PII by design.

Yes. Sokano is ready to sign the Student Data Privacy Consortium (SDPC) National DPA template, and we can work with state- and district-specific addenda as part of your procurement review. DPAs are available on request during evaluation.

All data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Documents moving through the translation pipeline are stored in isolated, encrypted buckets with strictly scoped access.

Sokano is built and operated around the SOC 2 trust services criteria — including comprehensive audit logging, encryption at rest, role-based access controls, and documented disaster recovery.

Documents are uploaded and retrieved over encrypted connections and stored in isolated, access-controlled storage. For districts that need an additional layer of protection, Sokano offers an optional add-on that integrates a third-party PII detection service to flag sensitive content for administrator redaction review before a translated document is released back to the requester.

Access is governed by role-based permissions (Admin, Requester, Interpreter, School Admin) and scoped to the user's school site where applicable. Interpreters only see the job details required to perform their assignment, never the full student record. Administrator access is logged and reviewable through the audit trail.

The Sokano platform is hosted on Vercel, with Supabase as the underlying database and storage layer for all customer and student data. Both are enterprise-grade cloud providers with their own SOC 2 Type 2 attestations, GDPR compliance, and HIPAA-eligible offerings, and both run on top of major U.S.-based cloud infrastructure (Supabase on AWS). (Note: the public sokano.net marketing site is fronted by Cloudflare, but Cloudflare does not process or store any customer or student data — that lives exclusively in Vercel and Supabase.) A current subprocessor list and region details are shared during procurement review and reflected in the signed Data Privacy Agreement.

If a security event affects your district's data, Sokano will notify you directly in line with our contractual and legal obligations, and work with you through investigation, containment, and remediation. The Sokano database is protected by automated daily backups and point-in-time recovery, so customer data can be restored to any moment within the recovery window. Specific notification timelines and recovery objectives are documented in the signed Data Privacy Agreement and shared during procurement review.

Yes. The platform is built to WCAG 2.1 AA standards — including keyboard navigation, semantic markup, screen reader support, and accessible form labeling — aligned with Colorado HB 21-1110 and equivalent accessibility mandates in other states.

Customer data is retained for the duration of the contract and in accordance with the district's retention policy. On termination, Sokano provides customer data export and securely deletes customer data from production systems within the timelines specified in the signed DPA.