Security at Hustle/Op

We built Hustle/Op for organizations that trust us with their most sensitive data — student records, family contact information, and financial details. Security is not an afterthought. Here is how we protect your information.

Data Encryption

All data transmitted between your browser or app and our servers is encrypted using TLS (Transport Layer Security). Sensitive data — including personally identifiable information and payment records — is encrypted at rest. We use industry-standard encryption algorithms and rotate encryption keys regularly.

Secure Infrastructure

Hustle/Op is hosted on enterprise-grade cloud infrastructure with built-in redundancy, automated backups, and 24/7 monitoring. Our infrastructure provider maintains its own rigorous physical security, availability, and compliance programs.

We perform regular automated backups to ensure your data can be recovered in the event of an incident. Backups are encrypted and stored in geographically separate locations.

Access Controls

Role-Based Permissions

Every Hustle/Op account uses role-based access control. Administrators control exactly which staff members can view, edit, or export data — down to the individual feature level. Access is always least-privilege by default.

Authentication

We enforce strong password requirements for all accounts. Multi-factor authentication (MFA) is available and recommended for all administrator accounts.

Our Internal Access

Hustle/Op employees do not access customer data except when required to provide support, and only with the account holder's permission or when required by law. All internal access to production systems is logged and audited.

Payment Security

Hustle/Op does not store full credit card numbers or CVV codes. All payment processing is handled by PCI-DSS compliant payment processors. Only the last four digits and card type are retained for reference.

FERPA Compliance

Hustle/Op serves as a "school official" under the Family Educational Rights and Privacy Act (FERPA) when processing student data on behalf of educational institutions. Our commitments under FERPA include:

• We access student education records only as directed by your organization and only to the extent necessary to provide contracted services.
• We do not use student education records for any purpose beyond the services your organization has engaged us to provide.
• We do not share student education records with third parties except as permitted by FERPA or as instructed by your organization.
• We support your organization's obligations to provide parents and eligible students with access to their records and to correct inaccurate information.

We are committed to maintaining a Data Processing Agreement (DPA) with any educational institution that requires one under FERPA. Contact hello@hustleop.com to request a DPA.

Student Privacy Commitments

Hustle/Op voluntarily adheres to the following student privacy principles:

• We do not sell student data, ever.
• We do not use student data to build advertising profiles or target students or families with advertising.
• We do not share student data with third parties for commercial purposes.
• We collect only the data necessary to provide the services your organization has requested.
• We support your ability to review, correct, and delete student data at any time.

Security Monitoring and Incident Response

We monitor our systems continuously for unusual activity, unauthorized access attempts, and potential security incidents. In the event of a confirmed data breach that affects your organization's data, we will:

• Notify affected Operators promptly and within the timeframes required by applicable law
• Provide a clear description of what happened, what data was affected, and what steps we are taking
• Work with you to assess impact and take appropriate remediation steps

Responsible Disclosure

If you believe you have discovered a security vulnerability in Hustle/Op, please report it to us responsibly before making it public. Email us at support@hustleop.com with a description of the issue and steps to reproduce it. We take all reports seriously and commit to acknowledging your report within 48 hours.

We ask that you do not access, modify, or delete data that is not your own, and that you give us a reasonable opportunity to investigate and address the issue before any public disclosure.

Questions About Security

If you have questions about our security practices or would like to request a Data Processing Agreement, please contact us:

Hustle/Op
Email: support@hustleop.com
Subject line: Security Inquiry