District & administrator information
Technical and policy details for IT administrators and compliance teams evaluating The Filing Cabinet.
How encryption works
All encryption and decryption happens in the teacher's browser using the Web Crypto API. The encryption key is derived from the teacher's password via PBKDF2-SHA256 (minimum 600,000 iterations). The master key never leaves the browser in plaintext. Exam files are encrypted with AES-256-GCM before upload. Our servers receive and store ciphertext only.
What we store
- Encrypted exam chunks (AES-256-GCM ciphertext)
- Encrypted manifest files (chunk hashes and metadata, also ciphertext)
- Batch metadata: label, course, semester, page count — entered by the teacher
- Certificates of Deletion: PDF records of deleted batches (stored indefinitely)
- Retention dates and reminder timestamps
We do not store decryption keys, student names, student IDs, or any plaintext exam content.
Infrastructure
Encrypted exam data is stored in Google Cloud Storage (us-central1) in a dedicated, access-controlled bucket. Metadata is stored in Google Cloud Firestore. The application runs on Google Cloud Run. All data is encrypted at rest by Google's default storage encryption in addition to the application-layer AES-256-GCM encryption.
Deletion and audit trail
When a teacher deletes a batch, all encrypted GCS objects are permanently deleted. A Certificate of Deletion PDF is generated immediately, containing the batch label, deletion timestamp, deletion reason, and a SHA-256 hash of each encrypted file that was destroyed. The certificate is stored in the teacher's account indefinitely and can be re-downloaded at any time.
If a teacher's subscription expires without manual deletion, a 60-day export window opens automatically. If the window closes without action, all remaining batches are automatically deleted and certificates are generated.
A note on compliance
The Filing Cabinet is built with a privacy-first architecture aligned with the intent of student data protection laws, including FERPA. Whether it satisfies your district's specific compliance requirements — including any state-level student privacy laws — is a determination your district must make. We are happy to provide technical documentation to support your evaluation.
Contact us at admin@digitalredpen.com for technical documentation, data processing details, or district licensing questions.
Frequently asked questions
How does The Filing Cabinet handle student data privacy and FERPA?
The Filing Cabinet is built with a privacy-first architecture aligned with the intent of FERPA. AES-256-GCM encryption in the browser means our servers never receive plaintext exam content. Whether this satisfies your district's specific FERPA determination is a decision your district must make. Contact us at admin@digitalredpen.com for technical documentation.
Does Digital Red Pen ever have access to student exam content?
No. All encryption and decryption happens in the teacher's browser. Our servers receive and store only AES-256-GCM ciphertext. Without the teacher's password, neither we nor any third party can read the content.
Where is data stored?
Encrypted exam data is stored in Google Cloud Storage (us-central1). Metadata is stored in Google Cloud Firestore. All data is also encrypted at rest by Google's default storage encryption, layered on top of the application-level AES-256-GCM encryption.
What documentation can you provide for district evaluation?
We can provide a technical data flow document, encryption specification, and data processing details. Contact admin@digitalredpen.com.