Trust at Dismissal

Security & compliance.

Releasing a child is the most consequential transaction a school makes each day. This page describes our current compliance status, the controls in place today, and how to reach us about a security concern.

Compliance status
SOC 2 · Planned at launch

SOC 2: committed for launch.

We have not yet engaged a CPA firm. SOC 2 Type I is a launch requirement; we will retain an auditor as we approach general availability, obtain Type I immediately, and pursue Type II as soon as the observation window completes. The controls below describe the security posture in production today. They are the foundation an auditor will examine when observation begins.

Framework
SOC 2 (AICPA TSC: Security, Availability, Confidentiality)
Auditor
Not yet engaged
Observation start
Planned at general availability
Type I report
Planned at general availability
Type II report
Planned after Type I observation completes
Controls in place today

What an auditor will examine.

These controls exist in production today. Where a control is partial or planned, we say so.

Identity & access

  • Federated sign-in via Google or Microsoft for staff; password-based sign-in is also supported.
  • Five scoped roles: super-admin, district-admin, school-admin, staff, scanner.
  • Permissions are scoped per school within a district and revoke immediately when an account is deactivated.
  • Per-tenant isolation enforced at the database layer; permissions ride on the user's authenticated session.

Data protection

  • Encryption in transit (TLS) and at rest, on a managed cloud provider.
  • Raw license-plate images are stripped at the next local day boundary. The long-term store retains only the recognized plate string and the structured pickup event.
  • Vehicle records archive nightly to a one-year long-term store, then automatically purge.
  • Tenant data segregated by district / school identifier on every query.
  • Customer roster data is not sold, shared with third parties, or used to train models.

Auditability

  • Every pickup release is recorded with the acting staff member, vehicle, and timestamp.
  • Authentication events (sign-in, session start) recorded in the audit log.
  • Roster, permission, and configuration changes captured in the audit log.
  • Audit log retention defaults to 365 days, configurable per district, and is exportable for review.

Infrastructure

  • Hosted on a major managed cloud provider with US data residency.
  • Managed identity, hosting, and storage, patched on the provider's cadence.
  • Codebase under version control; deploys are versioned and reversible.
  • Vehicle recognition happens on-device, with no cloud round-trip in the recognition path.
Accessibility
WCAG 2.2 AA · ACR in progressRead the full statement

WCAG 2.2 AA today; ACR document in progress.

The portal conforms to WCAG 2.2 Level AA across every public and authenticated route. Per-deficiency colorblind presets (red-green and blue-yellow), a session-timeout warning, full keyboard navigation, screen-reader landmarks, and reduced-motion support ship today. The full control list and known limitations are on the accessibility statement; the formal ACR / VPAT 2.5 document is in progress.

Standard
WCAG 2.2 Level AA (with AAA on the colorblind axis)
Conformance evidence
Automated accessibility regression suite gates every code change; per-deficiency colorblind presets, reduced-motion support, semantic landmarks, focus management, ARIA live regions
ACR / VPAT 2.5
In progress. Request via accessibility@
Accessibility contact
accessibility@dismissal.ai
Data handling

How we support FERPA & COPPA.

FERPA and COPPA bind the school district, not the vendor. Our role is to provide districts the contractual terms, data handling, and parental-consent framework they need to comply.

  • Education record handling

    We process student data only as a school official under FERPA's exception, on the district's behalf, for the legitimate educational interest of student dismissal.

  • Parental consent (COPPA)

    Districts collect and document parental consent for under-13 students. We support consent records and revocation through the guardian roster.

  • Retention & deletion

    Raw plate images are stripped at the next local day boundary, so they live at most one local day. Vehicle records archive nightly to a one-year store, then automatically purge. Audit log retention defaults to 365 days and is configurable per district.

  • Data Processing Addendum

    We sign DPAs with district customers. Sample DPA available on request.

Incident response

Reporting a security issue.

Security mail is answered by a person, not a form. If you've found a vulnerability or suspect misuse of the service, write directly. We acknowledge within one business day.

Security contactsecurity@dismissal.ai
Initial acknowledgementWithin 1 business day
District customer notificationWithout undue delay, per DPA