Security & Data Protection

Last updated: June 9, 2026

Authentication: no passwords, ever

LTISim has no user accounts or passwords for learners and instructors. All authentication happens through LTI 1.3: the institution’s LMS sends a cryptographically signed launch (a JWT verified against the LMS’s published public keys), and LTISim issues a short-lived, context-scoped session token. There are no credentials for us to lose and no separate login for users to manage.

Institution isolation

LTISim is multi-tenant by design, and isolation is enforced in layers rather than by any single check:

  • Every LMS connection must be pre-registered before launches are accepted — unknown LMS instances are rejected outright.
  • Every user, course, assignment, session, and message row is tagged with the owning institution’s platform, and every query filters on it.
  • Session-level checks verify that the requesting user’s institution matches the data being requested, on every request.
  • Within an institution, data is scoped by course and role: learners see only their own sessions; instructors see only their own courses.

AI processing

Conversations and evaluations are powered by Anthropic Claude models accessed through AWS Bedrock in the United States. Conversation data is processed within AWS’s enterprise infrastructure and, under the applicable service terms, is not used to train AI models. Per-institution AI usage is metered, and institutions can be given monthly usage limits.

Infrastructure

  • All traffic is encrypted in transit with TLS; HTTP requests are redirected to HTTPS.
  • The application database (PostgreSQL) is bound to the local host and is not reachable from the internet.
  • Grade passback to the LMS uses the LTI Assignment and Grade Services standard with signed, scoped OAuth tokens.
  • Application logs avoid storing session tokens and learner conversation content.

FERPA posture

For U.S. institutions, LTISim operates as a school official with a legitimate educational interest: we process education records only as directed by the institution, use them only to provide the service, and do not redisclose them. Data minimization is structural — the only learner data we receive is what the LMS sends in the LTI launch plus the work the learner produces in the tool.

Institutions can request a complete JSON export of their data, or deletion, at any time. See the Privacy Policy for details.

Honest scope

LTISim is an early-stage product working with pilot institutions. We do not yet hold formal certifications such as SOC 2; our priority is sound architecture — standard protocols, layered tenant isolation, minimal data collection — and transparency with partners about exactly how their data is handled. We’re happy to walk your security team through the architecture and answer due-diligence questionnaires.

Responsible disclosure

If you believe you’ve found a security vulnerability, please report it to security@ltisim.com. We commit to acknowledging reports promptly and to not pursuing good-faith research conducted without data exfiltration or service disruption.