GuidesClever App DashboardAPI Postman CollectionClever AcademySupportStatus
Guides

Security and Privacy

Security at Clever

At Clever, our mission is to set the highest standard for student data privacy and security in the industry. For more details, check out our Security Whitepaper.

Security Best Practices

To prioritize data security and privacy, we require all Clever app account users to enable Single Sign-On (SSO) or Two-Factor Authentication (2FA) by June 30th, 2023.

Login Options

Clever offers three secure login methods:

  1. App Dashboard SSO
  2. Sign in with Google
  3. Two-Factor Authentication

These methods provide simple, effective protection for your account at no additional cost.

❗️

Important Note:

The email in the OAuth token is not verified by Clever. It’s important to confirm that the email address is controlled by the user authenticated through Clever.

  • Ensure the email matches the user's Clever ID, or use another verification method.
  • Malicious actors may exploit unverified emails, leading to potential account takeovers. Clever IDs are authenticated by Clever and are secure.

Keep Secrets Secure

For your safety, never send district-app tokens, client secrets, or authorization headers via email or other unencrypted channels. We recommend storing them as environment variables rather than embedding them directly in code.

❗️

Security Notice:

If we detect that a token or secret has been sent through email or unsecured channels, we will reset it within 24 hours.

Privacy Considerations

If you’re integrating with Clever, ensure that you have a signed contract with the District and are onboarded as an official District vendor before initiating connections through Clever (e.g., District SSO or Secure Sync integrations). These contracts outline your usage of personally identifiable information (PII) and must specify whether you’re allowed to store user emails.

Additionally, all partners must agree to Clever’s Terms of Use and comply with relevant laws, including FERPA, COPPA, and other state laws like CCPA.

Note:
Clever cannot make decisions on whether your usage of PII complies with applicable laws. It’s your responsibility to ensure compliance with both your contractual obligations and relevant legal requirements.

Updated 2 months ago

What’s Next