Trust and security
An instructor that watches your work has to earn your trust first
Observation is powerful, so the controls around it have to be strong. The product is still in development, so the statements below describe how Safua is designed to work, not behavior that is live today.
Observation
You decide what it sees, and you can stop it instantly
Observation is the heart of the product, so the controls around it come first. It is built to be consent-based, visible, and easy to stop.
Consent-based, per app and per window
Observation is designed to be opt-in, granted for the specific apps or windows you choose, never blanket access to your screen.
An always-visible indicator
When observation is active, a clear indicator is intended to show what can be seen, so it is never ambiguous or hidden.
One action to stop
You are meant to be able to pause or stop observation in a single action, at any time, without hunting through settings.
Never an undetectable tool
Safua is designed to be obvious when it is watching. It is not built to hide from you or from anyone else.
Your data
Keep less, derive what teaching needs, ask before proof
The data approach is built around minimization: capture what is needed to teach and to prove, and avoid keeping raw screen content.
Data minimization by default
The system is designed to collect only what teaching and proof require, and no more.
Raw screen frames are not stored by default
The policy is that raw frames are processed in the moment and not retained. Derived events may be stored to power learning and proof.
Explicit consent for credential evidence
Before any of your work becomes evidence behind a credential, you are meant to give explicit consent to that specific use.
Access and delete your data
You are intended to be able to see what is held about you and request its deletion.
Security
Protected in transit, protected at rest, and auditable
The security posture is designed for a product that handles sensitive work and the proof built from it.
Encryption in transit and at rest
Data is designed to be encrypted both while moving and while stored.
Admin auditability
Administrative actions are intended to be logged so an organization can review who did what.
Tenant isolation
Organizations data is designed to be kept isolated from other tenants.
Built for security review
The architecture is intended to stand up to external security review as the product matures toward launch.
Privacy and compliance
A privacy posture built for the regions you work in
Safua is a Canadian company, and the privacy posture is shaped accordingly, with international regimes in view.
PIPEDA-aware
The privacy approach is designed with Canadian PIPEDA principles in mind.
A GDPR and CCPA-ready posture
The data-rights model is intended to support GDPR and CCPA-style requests as the product reaches those regions.
Your rights are not an afterthought
Access, correction, and deletion are designed in, not bolted on, because trust depends on them.
Responsible AI
Honest about what proof means, and hard on cheating
The instructor watches real work, so the integrity stance and how the AI treats what it sees both matter.
An anti-cheating stance
Proof is designed to measure independent skill, so shortcuts that fake independence are treated as integrity failures, reflected in the credential.
Observed content is treated as untrusted input
What appears on screen is designed to be handled as untrusted input, so the instructor is not steered by text it merely observes.
No overstated credentials
A credential is built to state its own confidence level and conditions, so it is never read as more than the evidence supports.
Want the full picture of how work becomes proof? Read how proof works.