Security & Data Handling

Last updated: June 8, 2026

Draft for review. Describes our practices in plain language; not a certification. Please have counsel review, and we make no SOC 2 or similar certification claims at this time.

Credentials

Your CitiSpan login is encrypted at rest and in transit, used only to perform your uploads, never displayed back to anyone, and revocable by you at any time.

Least-privilege access

Our access to your portal is scoped to a single capability: uploading your attendance. The automation cannot do anything else.

The youth-consent boundary

We never submit youth consent or registration forms on a child's behalf. When a required form is missing, we flag it and escalate to a human.

Data minimization

We report attendance by CitiSpan PersonID only — student names are not included in the files we upload — the privacy-first approach we confirmed with DC's OST Office.

Auditability

Every login, upload, and resolution is logged with a timestamp, so you can demonstrate to a funder exactly what was reported and when.

Your data, your control

Your attendance data lives in the systems you already use; we never sell or share it. You can export or delete your records and revoke access at any time.

Service providers

We use a small set of vetted providers (cloud hosting, transactional email) that process data only as needed to run the service.

Responsible disclosure

Found a security issue? Email hello@attendanceautopilot.com and we'll respond promptly.