Policies that protect our learners, partners, and research.

Personal data is encrypted in transit and at rest, and access is limited through server-enforced roles and institution-scoped permissions.

• Fernet-encrypted PII stored in PostgreSQL with hashed identifiers for lookups.
• TLS 1.2+ is enforced from the browser through CloudFront and to the application load balancer origin.
• Public media delivery uses a CloudFront-backed path, while application buckets remain private and SSL-enforced.

The repo shows defined retention behavior for some stored artifacts today, while broader transcript and generated-artifact deletion workflows are still being formalized.

• Voice recording artifacts already age out on a 30-day schedule, and broader transcript and generated-artifact retention automation remains in progress.
• The current codebase includes scoped deletion primitives for some stored assets, such as OpenAI vector-store cleanup paths.
• Scoped third-party services visible in the product include AWS (hosting and storage), OpenAI (LLM inference), and ElevenLabs (voice runtime and agent tooling).
• Broader end-to-end customer deletion workflows across transcripts, stored artifacts, and provider-side data are still being completed.

MedSimAI orchestrates third-party AI systems for inference and voice runtime. Conversation prompts and scoring rubrics are version-controlled and change-tracked before release.

• OpenAI and ElevenLabs are used for scoped inference and realtime voice experiences.
• Scenario prompts undergo review and change tracking before deployment.
• Prompt and scoring updates are version-controlled so partner reviews can trace every change.

Role-based access separates student, instructor, researcher, and admin workflows with server-enforced session policies and consent tracking.

• Strict RBAC gates dashboards and API access.
• Idle sessions time out after 2 hours and use secure cookies with CSRF protections.
• Institution-specific SAML SSO with metadata retrieved from InCommon MDQ.
• Institution and platform administrators can export recent auth and account-management audit logs with timestamps, actions, and source IP context.

Structured audit records are available for investigation, while formal incident-response playbooks and partner notification SLAs are still being completed.

• Auth events now generate structured audit records with request metadata for follow-up and review.
• Engineering standards in the repo call for incident contacts, escalation paths, and operational playbooks.
• Documented response playbooks and notification SLAs remain in progress.

The team is working toward WCAG 2.1 AA with automated checks in CI, public status reporting, and documented remediation targets for protected workflows.

• Core public and authentication pathways have automated accessibility checks, and keyboard coverage is being expanded across protected workflows.
• The public accessibility statement documents known gaps, roadmap targets, and the current VPAT / ACR refresh status.
• Inclusive language and assistive-technology testing remain release requirements for the covered workflows.