Security & Privacy
Enterprise-grade security for campus data
Narrative is designed for multi-team campus operations with tenant isolation, role-aware access, and audit-friendly workflows.
Data flow overview
Access controls
- Role-based access controls (admin, approver, editor, viewer)
- Organization-level data isolation with row-level security (RLS)
- Audit-friendly activity trails across key response actions
Encryption & infrastructure
- Encryption at rest (AES-256 via Neon) and in transit (TLS 1.2+)
- Application hosting on Vercel with managed PostgreSQL on Neon
- Worker execution isolated through Modal infrastructure
FERPA alignment
Narrative supports FERPA-aligned workflows. We do not store FERPA-protected education records; we ingest publicly available content for narrative intelligence workflows.
Compliance roadmap
- SOC 2 Type II: in progress
- SSO/SAML: available on Enterprise tier
- SCIM provisioning: on roadmap
Verified claims
Row-level security (RLS) ensures tenant data isolation.
Verified: Yes · Engineering · 2026-02-12
Encryption at rest (AES-256 via Neon) and in transit (TLS 1.2+) is enabled.
Verified: Yes · Engineering · 2026-02-12
Narrative supports FERPA-aligned workflows for public-signal monitoring.
Verified: Yes · Product + Engineering · 2026-02-12
Vendor subprocessors
| Vendor | Purpose | Data |
|---|---|---|
| Clerk | Authentication & user management | User email, name, session |
| Neon (PostgreSQL) | Primary database | All app data, encrypted at rest |
| Modal | AI worker execution | Content text (ephemeral processing) |
| Anthropic (Claude) | AI enrichment & generation | Content text (not stored by vendor) |
| Stripe | Billing | Payment info (PCI compliant) |
| Vercel | Application hosting | Request logs |
Data retention
Configurable retention policies. Default: 90-day content retention, audit logs retained for 1 year.
Need a deeper security review for procurement?
We can walk through controls, architecture, and current roadmap commitments with your team.
Prefer email? hello@narrative.com