Markers Helper Logo Markers Helper

Security & Data Protection

Enterprise-grade security designed for educational environments.

Security practices and compliance information

πŸ›‘οΈ Security First Approach

Security isn't an afterthoughtβ€”it's built into the core architecture of Markers Helper. Your data never leaves your device, eliminating the largest security risk: data transmission and cloud storage.

1. Zero-Knowledge Architecture

1.1 Local-Only Data Storage

The most secure data is data that never leaves your control:

  • Complete Local Storage: All grading data stored exclusively on your device
  • No Cloud Dependencies: Core functionality works entirely offline
  • Zero Server Access: We cannot see, access, or retrieve your data
  • Air-Gapped Security: Student data physically isolated from internet threats

1.2 Privacy by Design

  • No user tracking or analytics on sensitive data
  • Minimal data collection for software operation only
  • No third-party integrations that access student data
  • Built-in privacy controls and data ownership

2. Encryption and Data Protection

2.1 Military-Grade Encryption

πŸ” AES-256 Encryption

All sensitive data encrypted with Advanced Encryption Standard

πŸ”‘ Key Derivation

PBKDF2 with salt for password-based encryption keys

πŸ’Ύ Encrypted Storage

Database files encrypted at rest on your device

πŸ”„ Secure Backups

Backup files maintain same encryption standards

2.2 Access Controls

  • Master Password Protection: Single secure password protects all data
  • Optional 2FA: Two-factor authentication for additional security
  • Session Timeouts: Automatic logout after inactivity
  • Failed Attempt Lockout: Protection against brute force attacks

2.3 Secure Communication

When internet communication is necessary:

  • TLS 1.3 encryption for all web communications
  • Certificate pinning to prevent man-in-the-middle attacks
  • Authenticated connections for license verification
  • No student data transmitted over any network

3. Compliance and Standards

3.1 Educational Privacy Compliance

πŸŽ“ FERPA Compliant

  • β€’ Educational records remain under school control
  • β€’ No unauthorized disclosure of student information
  • β€’ Complete audit trail of data access
  • β€’ Parent/student rights preserved

πŸ”’ COPPA Safe

  • β€’ No collection of data from children under 13
  • β€’ Local storage eliminates data collection concerns
  • β€’ Parental consent requirements satisfied
  • β€’ Child-safe design principles

3.2 International Standards

GDPR Compliance (EU)

Our local-only architecture simplifies GDPR compliance:

  • β€’ Data minimization: Only essential data collected
  • β€’ Right to portability: Export your data anytime
  • β€’ Right to erasure: Delete data permanently
  • β€’ Data sovereignty: Your data never leaves your jurisdiction
  • β€’ No cross-border data transfers

3.3 Security Frameworks

  • NIST Cybersecurity Framework: Aligned with federal cybersecurity standards
  • ISO 27001 Principles: Information security management best practices
  • OWASP Guidelines: Secure coding practices implemented
  • Common Criteria: Security evaluation standards considered

4. Security Auditing and Monitoring

4.1 Local Audit Trails

Comprehensive logging of all data access and modifications:

  • User login and logout times
  • Data access and modification timestamps
  • Failed authentication attempts
  • System configuration changes
  • Backup and restore operations

4.2 Security Monitoring

  • Intrusion Detection: Monitor for unauthorized access attempts
  • File Integrity: Detect unauthorized changes to system files
  • Anomaly Detection: Alert on unusual usage patterns
  • Security Notifications: Real-time alerts for security events

4.3 Third-Party Security Assessments

Annual Security Reviews: Independent security assessments by certified professionals

Penetration Testing: Regular security testing to identify vulnerabilities

Code Reviews: Security-focused code audits by external experts

5. Incident Response and Recovery

5.1 Data Recovery

  • Automated Backups: Regular local backups with encryption
  • Point-in-Time Recovery: Restore to specific dates
  • Corruption Detection: Automatic detection and repair of corrupted data
  • Export Options: Multiple formats for data portability

5.2 Security Incident Response

🚨 If You Suspect a Security Issue:

  1. Immediately change your master password
  2. Check audit logs for unauthorized access
  3. Contact our security team: security@markershelper.com
  4. Follow our incident response procedures
  5. Document and report as required by your institution

5.3 Business Continuity

  • Local storage ensures continued access during outages
  • Offline functionality maintains productivity
  • Regular backups protect against hardware failure
  • Multiple recovery options available

6. Vulnerability Management

6.1 Security Updates

  • Automatic Security Patches: Critical security updates applied automatically
  • Regular Releases: Monthly security and stability updates
  • Emergency Patches: Rapid response to critical vulnerabilities
  • Update Verification: Cryptographic verification of update integrity

6.2 Responsible Disclosure

Security Research Welcome: We encourage responsible security research

Bug Bounty Program: Rewards for verified security vulnerabilities

Coordinated Disclosure: Work with researchers to fix issues before publication

6.3 Supply Chain Security

  • Secure development environment with access controls
  • Code signing for software authenticity verification
  • Third-party component security scanning
  • Secure software distribution channels

7. Security Best Practices for Users

7.1 Password Security

  • Use a strong, unique master password
  • Enable two-factor authentication if available
  • Change passwords regularly (annually recommended)
  • Don't share passwords with others

7.2 Device Security

  • Keep your operating system updated
  • Use antivirus software and firewalls
  • Lock your computer when stepping away
  • Secure physical access to your device

7.3 Data Management

  • Regular backups to secure locations
  • Test restore procedures periodically
  • Secure disposal of old devices
  • Follow institutional data policies

8. Security Contact and Resources

🚨 Security Team

Email: security@markershelper.com

PGP Key: Available on request

For security vulnerabilities and incidents

πŸ“ž Emergency Contact

Critical security issues: Mark as URGENT

Response time: <4 hours

24/7 monitoring for critical security alerts

πŸ“š Security Resources

Security You Can Trust

Built for educators who take data protection seriously. Your students' privacy and your professional reputation are safe with Markers Helper.

Learn More About Privacy Security Questions?