Scholar Current
Math and Physics Practice / Book Access / Teacher Tools
Scholar Current

Hosting Security And Backup Evidence

Effective date: June 8, 2026. This checklist tracks production evidence for database encryption, backup encryption, backup retention, restore access, and administrator access to production data.

1. Current Evidence Summary

This page separates vendor documentation from Scholar Current production evidence. Vendor documentation explains what a provider supports. Production evidence is the screenshot, dashboard setting, contract, or export retained by Scholar Current to show how this specific account is configured.

Current status: Render documentation confirms general Render Postgres encryption and backup capabilities, but production account evidence still needs to be captured from Render, Cloudflare, Resend, GitHub, and any manual backup/export locations before this item should be treated as fully verified for school review. School review evidence should also include school-owned purchase records, pooled-seat allocation records, yearly renewal records, school academic admin access controls, and audit logs for school academic roster/gradebook access.
Code-confirmed storage

The API uses PostgreSQL through DATABASE_URL; production database security therefore depends on the Render/Postgres configuration.

Vendor-doc confirmed

Render documents AES-256 at-rest encryption for Render Postgres primary/replica instances and backups, plus TLS for external database connections.

Production proof still needed

Capture dashboard evidence for region, plan, PITR window, backup/export settings, external access rules, admin access, and restore process ownership.

2. Evidence Checklist

Area What The Vendor Docs Say Scholar Current Production Evidence Needed Current Production Status Owner / Review Cadence
Render Postgres encryption at rest Render states that Render Postgres databases are encrypted at rest using AES-256, including primary instances, replicas, and backups. Screenshot or saved PDF of the Render database page showing the production database, plan, region, and link to Render encryption/security docs used for the review. Vendor documentedProduction evidence neededProduction database appears to be hosted in Render/Postgres, but the account-specific evidence file is not yet attached here. Admin review before school contract review and at least once per term.
Database backup encryption Render states that Render Postgres backup encryption is covered by the same AES-256 at-rest encryption statement. Evidence from Render Recovery/Backups page showing enabled recovery/backup features for the production database, plus the current plan level. Vendor documentedProduction evidence neededConfirm whether the current database plan is Hobby, Pro, or higher and record the backup/PITR features available. Admin review after any database plan/storage change and at least once per term.
Backup retention and recovery window Render documents point-in-time recovery for paid databases, with Hobby retaining three days and Pro or higher retaining seven days. Render logical exports are retained for seven days after creation. Screenshot of the Render Recovery page showing the production database recovery window, logical export availability, and any created exports. Record whether extra off-platform backups exist. Production evidence neededDo not assume the exact recovery window from code. Confirm the active database plan in Render. Admin monthly review and after every plan/storage change.
Restore access and procedure Render documents point-in-time recovery by creating a recovered database instance and logical export restore using downloaded export files. Written restore runbook naming who may trigger PITR, who may download exports, where restore evidence is saved, and how restored data is validated before reconnecting production. Runbook neededThe codebase has retention cleanup endpoints, but production database restore authority and steps still need dashboard-backed documentation. Admin and technical owner review twice per year or after a restore drill.
External database access Render documents internal and external database URLs and allows restricting external access by IP/CIDR or disabling external access. Screenshot of Render database networking/access rules. Confirm whether external access is restricted and whether the app uses internal database URLs where possible. Production evidence neededConfirm external access rules and connection string type in Render environment settings. Admin review after any environment variable or database networking change.
Cloudflare Access / Pages logs and regional behavior Cloudflare documents customer-log metadata boundary behavior and Logpush options for exporting logs to customer-controlled storage or SIEM systems. Screenshot of Cloudflare Access application policies, admin users, log retention/export settings, and whether Logpush or Data Localization features are enabled. Production evidence neededCloudflare is active for access/security, but log retention and export configuration need dashboard proof. Admin review once per term and after changing Zero Trust policies.
GitHub repository and deployment access GitHub stores private repository code and deployment history if connected to Render/Cloudflare. Repository history can retain removed content. List of repository admins/collaborators, branch protection status, secret-scanning status, and confirmation that student data and production secrets are not committed. Production evidence neededPrivate repos are active; access review evidence should be captured from GitHub. Admin review once per term and immediately after collaborator changes.
Manual exports and local backup files Manual exports, CSVs, privacy exports, database dumps, and downloaded Render logical exports are outside the database provider once downloaded. Document where exports may be stored, who may create them, expected deletion timing, and whether local/cloud storage is encrypted. Policy evidence neededAdmin export tools exist; local handling rules should be documented and followed. Admin review before sending or storing any student-data export outside production systems.

3. Evidence Capture Steps

4. Official Reference Links

Return to Vendor Inventory