Security & compliance.
Releasing a child is the most consequential transaction a school makes each day. This page describes our current compliance status, the controls in place today, and how to reach us about a security concern.
SOC 2: committed for launch.
We have not yet engaged a CPA firm. SOC 2 Type I is a launch requirement; we will retain an auditor as we approach general availability, obtain Type I immediately, and pursue Type II as soon as the observation window completes. The controls below describe the security posture in production today. They are the foundation an auditor will examine when observation begins.
- Framework
- SOC 2 (AICPA TSC: Security, Availability, Confidentiality)
- Auditor
- Not yet engaged
- Observation start
- Planned at general availability
- Type I report
- Planned at general availability
- Type II report
- Planned after Type I observation completes
What an auditor will examine.
These controls exist in production today. Where a control is partial or planned, we say so.
Identity & access
- Federated sign-in via Google or Microsoft for staff; password-based sign-in is also supported.
- Five scoped roles: super-admin, district-admin, school-admin, staff, scanner.
- Permissions are scoped per school within a district and revoke immediately when an account is deactivated.
- Per-tenant isolation enforced at the database layer; permissions ride on the user's authenticated session.
Data protection
- Encryption in transit (TLS) and at rest, on a managed cloud provider.
- Raw license-plate images are stripped at the next local day boundary. The long-term store retains only the recognized plate string and the structured pickup event.
- Vehicle records archive nightly to a one-year long-term store, then automatically purge.
- Tenant data segregated by district / school identifier on every query.
- Customer roster data is not sold, shared with third parties, or used to train models.
Auditability
- Every pickup release is recorded with the acting staff member, vehicle, and timestamp.
- Authentication events (sign-in, session start) recorded in the audit log.
- Roster, permission, and configuration changes captured in the audit log.
- Audit log retention defaults to 365 days, configurable per district, and is exportable for review.
Infrastructure
- Hosted on a major managed cloud provider with US data residency.
- Managed identity, hosting, and storage, patched on the provider's cadence.
- Codebase under version control; deploys are versioned and reversible.
- Vehicle recognition happens on-device, with no cloud round-trip in the recognition path.
WCAG 2.2 AA today; ACR document in progress.
The portal conforms to WCAG 2.2 Level AA across every public and authenticated route. Per-deficiency colorblind presets (red-green and blue-yellow), a session-timeout warning, full keyboard navigation, screen-reader landmarks, and reduced-motion support ship today. The full control list and known limitations are on the accessibility statement; the formal ACR / VPAT 2.5 document is in progress.
- Standard
- WCAG 2.2 Level AA (with AAA on the colorblind axis)
- Conformance evidence
- Automated accessibility regression suite gates every code change; per-deficiency colorblind presets, reduced-motion support, semantic landmarks, focus management, ARIA live regions
- ACR / VPAT 2.5
- In progress. Request via accessibility@
- Accessibility contact
- accessibility@dismissal.ai
How we support FERPA & COPPA.
FERPA and COPPA bind the school district, not the vendor. Our role is to provide districts the contractual terms, data handling, and parental-consent framework they need to comply.
Education record handling
We process student data only as a school official under FERPA's exception, on the district's behalf, for the legitimate educational interest of student dismissal.
Parental consent (COPPA)
Districts collect and document parental consent for under-13 students. We support consent records and revocation through the guardian roster.
Retention & deletion
Raw plate images are stripped at the next local day boundary, so they live at most one local day. Vehicle records archive nightly to a one-year store, then automatically purge. Audit log retention defaults to 365 days and is configurable per district.
Data Processing Addendum
We sign DPAs with district customers. Sample DPA available on request.
Reporting a security issue.
Security mail is answered by a person, not a form. If you've found a vulnerability or suspect misuse of the service, write directly. We acknowledge within one business day.