Security at Trellis

SOC 2 Readiness

Trellis is built on a SOC 2-aligned security foundation. Our infrastructure, processes, and controls are designed to meet the Trust Services Criteria for security, availability, and confidentiality.

Data Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.2+. Database connections are encrypted end-to-end, and sensitive fields receive additional application-layer encryption.

Multi-Tenant Isolation

Each school's data is logically isolated through strict application-layer scoping and database constraints. Every query and mutation is explicitly scoped by schoolId and backed by schema-level safeguards, so one school cannot access or modify another school's data, even in the event of an application vulnerability.

FERPA Compliance

Trellis is designed to comply with the Family Educational Rights and Privacy Act (FERPA). We handle all student education records in accordance with federal requirements. See our FERPA Compliance page for details.

Infrastructure

Trellis runs on trusted, SOC 2-compliant infrastructure providers:

• Vercel — Application hosting with edge network delivery and DDoS protection
• Neon PostgreSQL — SOC 2 Type II compliant managed database with automatic backups
• Clerk — Authentication with enterprise SSO support, MFA, and session management
• Stripe — PCI DSS Level 1 certified payment processing (Trellis never stores card data)

Access Controls

Role-based access control (RBAC) ensures that users only see what they need. Administrators, teachers, parents, and students each have tailored permission sets. All access is logged and auditable.

Security Audits

We conduct regular security reviews of our codebase, infrastructure, and dependencies. Vulnerability scanning runs continuously, and critical patches are applied promptly.

Contact

To report a security concern or request our security documentation, please contact security@trellis.school.