Security and privacy are part of the product architecture.

Contained AI processing

Student data and institutional content are processed inside Lyrabyte-controlled infrastructure.

No external AI data exposure

Student queries and outputs are not sent to third-party AI providers for processing.

Minimum necessary data

Products collect only the data required for authentication, session handling, product use, and institution-configured features.

Institution control

Storage, retention, authentication, chat history, teacher visibility, and integration settings can be configured.

• Encryption at rest · Stored data, where enabled, is encrypted at rest.
• Encryption in transit · Data transfers use secure protocols.
• Access control · Only authorised users can access permitted data.
• Session expiry · Tokens automatically expire on logout or timeout.
• Audit logging · Administrative actions can be logged where required.
• Security monitoring · Lyrabyte handles ongoing monitoring and maintenance.
• Vulnerability reviews · Regular security reviews help identify and resolve risks.