Security
Built with publisher-grade controls.
Your editors, your IP, your control. EduStack treats publisher data as a first-class tenant boundary — never trained on, never co-mingled.
Tenant isolation
Every org has its own row-level isolation in Postgres. Service-role calls bypass RLS only for trusted admin endpoints, audited per-write.
Bring-your-own keys
Use your own OpenAI / fal / ElevenLabs keys. EduStack never holds keys longer than the request needs them.
Encrypted at rest
All publisher data lives in encrypted Postgres + object storage. Brand assets are signed-URL only.
Audit log
Every gate-review action is logged with reviewer, timestamp, and decision. Exportable as CSV for compliance.
Single sign-on
SAML for Enterprise plans. Google OAuth for Starter and Publisher.
Region pinning
Choose data residency at org-create time. India · EU · US.