Back to Blog
update

Enterprise Security: How GenEval Protects Your Data

A deep dive into the security architecture that keeps institutional data safe while enabling AI-powered evaluation.

Orientrix

Orientrix Team

GenEval Insights

November 28, 2025
2 min read

Security by Design

When institutions trust us with student data, they're trusting us with sensitive academic records. That responsibility shapes every technical decision we make.
GenEval is built with security as a foundational principle, not an afterthought.

Our Security Architecture

Multi-Tenant Isolation

Every institution operates in a completely isolated environment:
  • Separate databases per tenant
  • Encrypted data at rest with tenant-specific keys
  • Network isolation preventing cross-tenant access
  • Independent backup and recovery systems

Access Control

Role-based access control (RBAC) ensures:
  • Instructors see only their courses
  • Department heads access departmental data
  • Administrators manage institutional settings
  • Students view only their own records

Encryption Everywhere

  • TLS 1.3 for all data in transit
  • AES-256 encryption for data at rest
  • Hardware Security Modules (HSM) for key management
  • Zero-knowledge architecture where possible

Compliance & Certifications

GenEval is designed to meet:
  • FERPA (Family Educational Rights and Privacy Act)
  • GDPR (General Data Protection Regulation)
  • SOC 2 Type II (in progress)
  • ISO 27001 (planned 2026)

AI-Specific Security

AI systems introduce unique security considerations:

Model Security

  • No training on customer data without explicit consent
  • Model isolation per tenant
  • Audit logs for all AI decisions
  • Bias monitoring and regular fairness audits

Prompt Injection Prevention

Our systems are hardened against prompt injection attacks:
  • Input sanitization
  • Output validation
  • Sandboxed execution environments
  • Rate limiting and anomaly detection

Incident Response

We maintain a comprehensive incident response plan:
  1. Detection: Real-time monitoring and alerting
  2. Containment: Automated isolation of affected systems
  3. Investigation: Forensic analysis and root cause identification
  4. Recovery: Tested backup and restoration procedures
  5. Communication: Transparent notification protocols

Third-Party Audits

We engage independent security firms to:
  • Conduct penetration testing quarterly
  • Review code for vulnerabilities
  • Assess infrastructure security
  • Validate compliance controls

Your Data, Your Control

Institutions retain full control:
  • Data portability: Export all data in standard formats
  • Data deletion: Complete removal upon request
  • Audit access: Full audit trails available
  • Consent management: Granular control over data usage
Security isn't a feature — it's a commitment. If you have questions about our security practices, contact our security team.

Continue Reading

More articles you might enjoy

Meet GenTutor: Your AI Study Companion

Dec 20, 2025

Deep Dive: The Enhanced Evaluation View

Dec 15, 2025

Revolutionizing Exam Evaluation with GenEval

Dec 15, 2025
Back to All Articles