*Note: To see a teacher-facing version of this FAQ, please click here.
Support
What is your SLA?
Our application SLA is 99.9% uptime (a.k.a. three 9’s), although our actual uptime has always exceeded this.
See our status page here.
Does your SLA include a responsiveness component?
Site responsiveness depends on the task, pages viewed, previous visits/caching, and end-user hardware and network, but our average Time to Render is approximately 200ms. Ample use of auto-scaling and caching is utilized to maintain this impressive performance throughout the year. There are no particular performance levels as part of our SLA, other than the site being accessible.
How are features and bug fixes prioritized?
Generally, our technical support prioritizes issues with the greatest impact.
What type of ongoing technical support does Wayfinder offer?
As part of our school support package, staff and students will receive ongoing technical support throughout the year. We have a support bot within the application, allowing educators to ask our support team questions directly. Standard support hours are 7AM to 5PM PST. Staff can also email our support team directly for a 24-hr response time at support@withwayfinder.com.
How are technical issues that cannot be resolved through chat cataloged, escalated, and managed?
Unresolved issues such as bugs and enhancement requests are filed as bugs/feature requests in our product management and code base management software (Jira+Github). They are rated on a priority 0-5 scale, 0 meaning it is impeding the use of the application at this moment, and 5 meaning “nice to have, not necessary right now.” These bugs/features are addressed according to priority, and we release fixes continuously.
Performance
What is your site's responsiveness?
Site responsiveness depends on the task, pages viewed, previous visits/caching, and end-user hardware and network, but our average Time to Render is approximately 200ms. Ample use of auto-scaling and caching is utilized to maintain this impressive performance throughout the year.
How many concurrent users can the platform support?
There is no set limit. We use auto-scaling instances, which automatically increase the number of servers based on load. We continuously monitor usage and ensure that we always have 30% free space of storage.
Any partners with the potential to significantly increase platform usage can be vetted, and appropriate measures will be implemented in advance to ensure sufficient concurrency capacity and continued performance.
Database Specifications
What type of database does the application run off of?
PostgreSQL
Is the database structure single or multi-tenant? That is, do clients have their own database, or is the data co-mingled, respectively?
In typical implementations, data are stored in a multi-tenant database with client-specific indexes. Single tenancy is an option with significant cost considerations.
Data Security & Protection
Describe your data security processes.
Data are encrypted in transit and at rest. Databases reside in the US, and staff access data only upon customer request or for engineering migration purposes. Non-searchable PII is encoded, and all passwords are one-way hashed (Wayfinder or any other party cannot decrypt).
What steps does Wayfinder take to protect student data?
Project Wayfinder's practices fully support schools’ obligations under the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99). Our Education Services comply with all applicable provisions of the Children’s Online Privacy Protection Act (COPPA) (15 USC 6501 et seq.) All personal information in the database is encrypted, including names, emails, passwords, and responses. Additionally, all student data is owned by the school/district. The school or district can establish and customize user access levels for administrators, counselors, teachers, and students. For more information, please see our Education Services Privacy Policy.
Does Wayfinder staff have access to student data?
Authorized Wayfinder staff may access student data at the request of clients in the course of supporting clients with tickets and other support requests. While most application development is conducted on sample data, engineers may also access student data during data production migrations and for other technical tasks.
Web application aggregate statistics may also be accessed by authorized Wayfinder staff in completing technical tasks such as maintenance, security, usage, and performance analysis.
Are data encrypted at rest?
Yes.
Are data encrypted in transit?
Yes.
Do you maintain penetration and static code testing?
Yes, we have both penetration testing and static code testing which is built into our SDLC, along with ongoing remediation.
Do you sell or give personal information to third-party vendors?
We do not disclose, sell, or provide any data generated by the use of our site, other than anonymous data used internally in completing technical tasks such as maintenance, security, usage, and performance analysis. Click here to view our third-party software list.
For more information, please see our Education Services Privacy Policy.
What personally identifiable information about a student does Wayfinder’s web application capture?
The web application captures personally identifiable information, including student names, email addresses, passwords, district and school identifiers, classrooms, correspondence language, and student responses.
Will you remove data upon request?
Upon request of the district or school partner, Wayfinder will remove any and all data - including backups and logs - within 60 business days.
Does Wayfinder maintain cybersecurity insurance?
Wayfinder maintains cybersecurity insurance for $3,000,000.
Does Wayfinder actively employ data loss prevention tools?
We’ve implemented “soft delete” across most of our data models, allowing us to undelete records within a two-week period, after which those “soft deleted” records are permanently removed. Our database has a 4-week window of backups, allowing us to roll back to the previous version within that window.
What type of vulnerability management does Wayfinder deploy?
We use tools such as PackAttack to detect and block brute-force attacks, excessive login attempts, and phishing attempts.
Are you GDPR compliant?
Please see Wayfinder GDPR Compliance for more information.
Hosting
Is the web application hosted by a third-party provider?
Our web application is hosted on AWS (Amazon Web Services) via Heroku. Files are stored on AWS S3.
Feature Updates and Releases
What is Wayfinder’s process for testing and releasing software updates, and for providing continuity during major updates?
We utilize staging, release, and production environments. We deploy to our staging environment first, where the QA engineer tests the update. Once all tests are run, we deploy to a release environment for additional testing, including security, integration, and performance testing. We try to release to the production environment on the weekend or late at night to minimize disruption to users.
Hardware and Software Requirements
Does the application require any special software or hardware?
The application does not require any special hardware or software installation and is compatible with all major operating systems, including Microsoft, Apple, and Google, and works with all modern internet browsers. The application is not designed for mobile phones, but supports all devices with a minimum of 768px wide, including most tablets in horizontal orientation.
What screen resolution is required?
Our web application device requirements depend on resolution and require a minimum of 768px width.
Effectively, this supports all tablets in both landscape and portrait modes. Phones are generally unsupported. Users on phones or any device with a browser width under 768px will see a header noting that the experience is unsupported and that not all functionality will work.
Wayfinders Engineers will test down to 768px. Requests for bugs or features at lower resolutions will be given lower priority.
Interoperability
Does the application support single sign-on?
The application currently supports Google, ClassLink, Microsoft Azure, and Clever SSO.
What are the processes and provisions regarding the automated exchange of data between the mobile application and the school/district’s student information and assessment systems?
Currently, we accept flat files sent via SFTP and Clever, and Oneroster files sent via ClassLink, to roster students from other information systems. Additional integrations will occur at a later date.
Accessibility
What accessibility features does Wayfinder’s web application include?
At Wayfinder, we believe that all students, teachers, and administrators should benefit from future-ready skills. That’s why we strive to make our products as accessible as possible. We’re continuously checking our site using automated and manual methods to ensure that accessibility best practices are being followed. Our latest videos contain closed captions and written transcripts.
All of our curricular materials are designed to be accessible to varied learning needs. We incorporate a variety of sensory resources (audio/visual), including closed captioning on our videos. All common web accessibility standards are followed, including alt tags and tabability. We periodically check screen reader navigation and routinely assess accessibility improvements using Chrome Lighthouse accessibility reports.
Do you have accessibility reports?
Our Lighthouse Automated Accessibility score averages 97 out of 100, and the vast majority of topics on our VPAT report are supported or mostly supported.
You can find our accessibility reports here: