Security & privacy
Private by architecture, not by policy.
Every other AI enrollment tool processes PII in some form. CeliaConnect is designed so it cannot. This is not a policy commitment we could choose to break — it’s a structural property of the system.
What we ingest
Only patterns, never people.
- Anonymous Slate internal IDs
- Behavioral signals (engagement, milestone, form interaction)
- Milestone statuses (application stage, FAFSA, checklist completion)
- Demographic categories — first-gen flag, in-state, program type
- Engagement patterns — days since last activity, response velocity
What we never ingest
Under any circumstances.
- Names (first, last, preferred, or any variation)
- Email addresses
- Phone numbers
- Physical addresses
- Social security numbers or government IDs
- Dates of birth
- Health or disability information
- Financial account numbers or routing information
- Essay content, personal statements, or recommendation letter text
- Photos, biometrics, or video recordings
The three promises
Verifiable, not aspirational.
These aren’t marketing lines. They’re architectural properties of the system, auditable by any technical review.
01
We never see a student's name, email, or phone number. Architecturally.
CeliaConnect is designed so personal information cannot reach our systems. Our queries return anonymous Slate IDs and behavioral signals. Personalized communication happens inside Slate.
02
Your data lives in your own dedicated database.
Every institution gets its own physically isolated Cloudflare D1 database, encrypted with keys unique to that Organization. No shared tables, no pooled schemas. Real isolation.
03
If you leave, you take everything. We delete ours within 30 days. Verifiably.
Export on demand, in standard formats. Deletion with audit trail. Nothing held hostage, nothing kept. If you change your mind about us, we make it easy to walk away.
Four architectural benefits.
01
FERPA posture is dramatically simpler
Because we don't process education records with identifiable information, most FERPA concerns don't apply. The compliance conversation shifts from "how do we comply while using this tool?" to "we've reviewed the architecture and there's nothing to comply with."
02
Breach blast radius approaches zero
If we experience a security incident tomorrow, the maximum data an attacker could access is anonymous IDs and risk scores. No names. No emails. No way to identify or contact a student.
03
Institutional adoption accelerates
Sales cycles for AI tools in higher ed are often delayed by 3–6 months of security and legal review. Our architecture removes most of those blockers. Institutions that need board approval for FERPA-processing AI can often approve CeliaConnect at the department level.
04
Exit is painless
If a customer leaves, there is nothing sensitive for us to delete. Scores written back to Slate belong to you. We retain anonymous behavior history for our models that is meaningless to anyone else.
Compliance posture
Built for the audits that matter.
FERPA
Architectural non-processing of education records with PII. Confirm with your counsel; most concerns don’t apply.
SOC 2 Type 1
Target within 12 months of launch. Type 2 by month 24.
GDPR / UK GDPR
Architecture supports international students by design.
State privacy laws
CCPA, VCDPA, and similar — minimized exposure by design.
Start free
Connect your Slate. See your first insights this week.
All ten modules, no credit card. Upload a CSV in three minutes or connect Slate directly. Every student, understood.