Security

VectorStudy uses managed authentication, session cookies, access controls, and server-side route protection for private product areas.

Users should use a strong unique password and keep account recovery email access secure.

Stripe handles card collection when checkout is enabled. VectorStudy should not store full card numbers.

US checkout URLs and customer portal return URLs must use vectorstudy.com once USD pricing is live.

US paid checkout should use configured USD prices only. Stripe Tax should remain disabled unless VectorStudy has confirmed registration obligations and configured tax collection.

Security concerns can be reported to support@studyvector.co.uk.

Do not include unnecessary student personal data in a security report.

This page is intentionally careful. VectorStudy does not claim SOC 2, ISO 27001, FERPA certification, HIPAA compliance, or district-wide security approval unless those reviews are completed and documented. Any future school deployment should be checked against the school or district's own procurement and data protection requirements.

If you report a vulnerability, include the affected URL, browser or device context, and the safest reproduction details you can share. Do not include passwords, payment card numbers, private student records, or unnecessary personal information in the report.

Security wording should stay current with the actual platform. If authentication, billing, storage, monitoring, or school data flows change, this page should be reviewed so it continues to describe real controls rather than planned controls.

Private dashboards, billing pages, and account settings should remain protected from public indexing. Public security information is useful for trust, but it should not reveal implementation details that would make the service easier to attack.

For parents and schools, the safest assumption is to treat VectorStudy as a study platform that is still growing and should be reviewed before any large deployment.