Security and privacy
The page your IT admin will ask for before signing
Standard OAuth 2.0 with your LMS. AES-256-GCM encrypted tokens. EU data residency. Students don't access Merital — they don't even have an account. Written so you can forward this page to your DPO.
Six non-negotiable product decisions
What Merital does differently from the first commit.
Students don't access Merital
No account, no awareness. Students submit in their LMS as usual. Zero minors' personal data in our database.
AES-256-GCM encrypted tokens
Your LMS credentials (OAuth access/refresh, Public API tokens) are encrypted at rest with a master key that never leaves the server. Rotation and revocation on demand.
Strict multi-tenancy
Isolation by lms_connection_id on every query. Two schools on the same LMS = two encrypted connections with different credentials, no cross-access.
Data in the EU
Database on Supabase eu-west-1 (Ireland). Edge on Vercel cdg1 (Paris). OCR and AI run in Google Cloud EU regions.
OAuth 2.0 and LTI 1.3 standards
No proprietary protocols. OAuth Authorization Code with anti-CSRF state nonce. LTI 1.3 Advantage with JWT validation against the LMS's JWKS and anti-replay nonce.
Deletion on disconnect
Disconnect your LMS and credentials are deleted in the same request. Rubrics and comments exportable as JSON/CSV for 30 days. Then, permanent deletion (GDPR right to erasure).
Compliance and certifications
Honest status for every framework. If we don't have it, we say so.
GDPR
EU data residency. Public subprocessor list. DPA available under contract. Right to erasure implemented on connection deletion.
1EdTech LTI Advantage Complete
LTI 1.3 integration built on 1EdTech's certified ltijs library. Formal certification in progress — we'll announce it only once issued.
SOC 2 Type II
SOC2-ready architecture today (encryption at rest, access logging, least privilege). Formal audit on roadmap. Controls whitepaper under NDA.
Student files live in your LMS
Merital never permanently duplicates student data. Full flow of an exam:
The student submits in their LMS
As always. Merital receives nothing at submission time. The file belongs to and lives in your LMS.
The teacher opens Merital to grade
Merital downloads the file from the LMS on demand via OAuth. Encrypted temporary cache during the grading session, never persistent.
Merital publishes the grade back to the LMS gradebook
The grade returns automatically to the LMS via REST or LTI AGS. The cached file is discarded when the session closes. No permanent duplication.
Technical FAQ
Ready for a technical review with your team?
Book an IT-specific demo. We bring the security whitepaper and answer whatever your DPO needs.