Trust & Security

Last updated: March 24, 2026

At Perspicax, we build tools that handle sensitive academic data. We take that responsibility seriously. This page provides transparency into our security posture, compliance certifications, and vendor registration details so that procurement and IT security teams have what they need to evaluate us.

HECVAT 4 — Higher Education Vendor Assessment

The Higher Education Community Vendor Assessment Toolkit (HECVAT) is the standard security questionnaire used by colleges and universities to evaluate third-party cloud vendors. Developed by EDUCAUSE, Internet2, and REN-ISAC, it covers cybersecurity controls, data privacy, accessibility, and compliance.

Perspicax has completed the HECVAT 4 Full Assessment. Our scores:

TX-RAMP — Texas Risk and Authorization Management Program

The Texas Risk and Authorization Management Program (TX-RAMP) is a state cybersecurity certification required for cloud service providers contracting with Texas state agencies, public universities, and community colleges. It is administered by the Texas Department of Information Resources (DIR).

TX-RAMP Level 1 certification applies to cloud offerings that process public or non-confidential data. The assessment covers security controls aligned with NIST 800-53, and certification requires annual reassessment and ongoing vulnerability reporting.

Texas CMBL — Centralized Master Bidders List

Perspicax is a registered vendor on the Texas Centralized Master Bidders List (CMBL), maintained by the Texas Comptroller of Public Accounts. The CMBL is the state's master vendor database used by Texas purchasing entities for procurement and bid notifications.

AggieBuy — Texas A&M University System

AggieBuy is the procurement marketplace for the Texas A&M University System, used across its member institutions to discover, evaluate, and purchase vendor products and services.

Data Privacy & FERPA

Perspicax products are designed to operate in compliance with the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA). We do not collect, store, or process personally identifiable student information. Our platforms analyze curriculum documents (syllabi, course descriptions, learning outcomes), not student records.

For full details on our data privacy practices, see our Privacy Policy and FERPA & COPPA Compliance page.

Infrastructure & Security Practices

Our platform is built with security as a foundational requirement, not an afterthought. Key practices include:

• Encryption in transit and at rest — all data is encrypted using TLS 1.2+ in transit and AES-256 at rest.
• Multi-tenant architecture with strict data isolation between institutional accounts.
• Role-based access control (RBAC) ensuring users only access data relevant to their role.
• Cloud-hosted infrastructure on SOC 2-compliant providers with redundancy and automated backups.
• Regular vulnerability assessments and remediation as part of our ongoing security operations.
• No student PII — our platform processes curriculum documents only, minimizing the data risk surface.

Procurement & Security Inquiries

If your institution requires additional security documentation, a completed HECVAT, a data processing agreement (DPA), or has questions about our compliance posture, we are happy to assist.