CampusThreads is built for institutions, brands, and teams that need to protect student, ambassador, and customer data. This page summarizes the security, privacy, and operational practices we use to keep the CampusThreads platform reliable and enterprise-ready.
SOC 2 / SOC II Pending: CampusThreads has started the SOC 2 process and is actively working toward formal third-party validation of our security controls.
Infrastructure Security
- Hosting providers: Our public marketing website is hosted with Hostinger. CampusThreads product applications use Google Firebase / Google Cloud services for frontend hosting, authentication, database, serverless functions, and push-notification infrastructure. Our API and backend services run on cloud infrastructure including AWS-hosted infrastructure behind an HTTPS reverse proxy.
- Encryption in transit: CampusThreads uses HTTPS/TLS for production web, API, and application traffic, including the public website, app frontends, and API endpoints.
- Network controls: Production services are routed through managed reverse proxies and cloud-provider controls. Administrative and integration traffic is restricted where appropriate by authentication, tokens, allowlists, and service-level configuration.
- Monitoring: We use operational monitoring, error tracking, uptime checks, and alerting to identify availability, reliability, and security-relevant issues.
Data Protection
- Encryption at rest: Production data is stored using managed cloud services and databases that provide encryption at rest for stored application data, files, logs, and backups where supported by the underlying provider.
- Least-data approach: CampusThreads collects and processes the data needed to deliver the platform, support customer workflows, provide analytics, and meet legal or contractual obligations.
- Customer data boundaries: Product workflows are designed to scope data access by customer, school, brand, role, and permission level.
- Data deletion and access requests: Customers and users may request access, correction, or deletion of personal information as described in our Privacy Policy and contractual terms.
Access Controls
- Role-based access: CampusThreads uses role-based permissions for administrative, customer, ambassador, and end-user experiences.
- Least privilege: Internal access to production systems is limited to authorized personnel with a business need.
- Authentication: Product access is protected by authenticated accounts, secure tokens, and platform-level authorization checks.
- Credential handling: Secrets, API keys, and service credentials are managed outside of source code where possible and rotated when needed.
Backups & Resilience
- Backups: CampusThreads uses provider-level backups, database backups, and operational recovery practices appropriate to the system and data type.
- Recovery planning: We maintain deployment and rollback processes to restore service quickly if an incident or failed release affects production.
- Availability monitoring: Core production endpoints are monitored so the team can investigate service interruptions and performance issues.
Incident Response
CampusThreads maintains an incident response process for investigating, containing, remediating, and communicating security or privacy incidents. When appropriate, we will notify affected customers in accordance with contractual commitments and applicable law.
- We monitor for production errors, suspicious activity, and service degradation.
- We triage incidents by severity and potential customer impact.
- We preserve relevant logs and evidence during investigations.
- We perform post-incident review and remediation for material events.
AI & Data Usage
CampusThreads may use AI-assisted features to support workflows such as content analysis, planning, training, recommendations, and automation. We apply privacy and access-control principles to these workflows.
AI data handling policy: We do not use institutional or student data to train AI models without explicit permission.
- Customer content is sent to AI providers only when needed to deliver enabled product functionality.
- AI workflows are designed to use the minimum data necessary for the task.
- Customers can discuss AI feature scope, data handling, and contractual requirements with CampusThreads before deployment.
Compliance Roadmap
- SOC 2 / SOC II Pending: We have started the SOC 2 process and are working toward formal third-party validation.
- Privacy program: We continue to improve documentation, vendor review, access reviews, and customer-facing privacy resources.
- Enterprise readiness: We support customer security reviews, vendor questionnaires, and reasonable documentation requests during procurement.
Security & Privacy Contact
For security, privacy, vendor review, or data protection questions, contact CampusThreads at team@campusthreads.co.
Last updated: May 15, 2026.