Security at Rise Bright

Rise Bright takes the security and privacy of your family's data seriously. As an educational platform serving children with diverse learning needs, we hold ourselves to the highest standards of data protection.

TLS 1.3 Encryption AES-256 Data Encryption AI Data Anonymisation OWASP Top 10 Compliant 285+ Security Tests Encrypted Backups Container Hardening Multi-Factor Authentication

Data protection

Encryption

All data transmitted to and from Rise Bright is encrypted using TLS 1.3, the latest encryption standard. Sensitive data stored in our database is encrypted using AES-256-GCM, a military-grade encryption algorithm.

Database backups are encrypted with GPG (AES-256 symmetric encryption) and stored securely.

AI privacy — anonymisation

When Rise Bright uses AI to generate personalised learning content, tutor your child, or analyse assessment results, we anonymise all personal information before it leaves our servers.

Your child's name is replaced with a random pseudonym (e.g., "Student-A7f3")
Learning conditions are replaced with generic categories
The anonymisation map exists only for the duration of a single request and is never stored
The AI only ever sees anonymised data

Application security

Testing & monitoring

Our security test suite includes over 285 automated tests covering authentication, authorisation, rate limiting, injection prevention, CSRF protection, and more. These tests run on every code change.

We regularly scan our dependencies for known vulnerabilities and generate a Software Bill of Materials (SBOM) for full supply chain transparency.

Infrastructure

Docker containers with hardened security profiles (read-only filesystems, dropped capabilities)
Cloud firewall restricting access to only necessary ports
Web Application Firewall (WAF) protection
Prompt injection protection on all AI-powered endpoints
Role-based access control with MFA for administrative access
Comprehensive audit logging of all administrative actions

Compliance

Rise Bright is designed to comply with:

Australian Privacy Act 1988 — Australian Privacy Principles (APPs)
OWASP Application Security Verification Standard — Level 1 self-assessment
OWASP Top 10 — All top 10 web application security risks addressed

For schools and institutions, we provide a Data Processing Agreement (DPA) and Service Level Agreement (SLA) upon request.

Responsible disclosure

If you discover a security vulnerability in Rise Bright, please report it responsibly to security@risebright.com.au. We commit to:

Acknowledging your report within 48 hours
Providing a timeline for remediation
Keeping you informed of progress
Not taking legal action against good-faith security researchers

Questions?

If you have questions about our security practices or need documentation for your school or institution, please contact us at security@risebright.com.au.

Last updated: January 2026