Last updated: June 1, 2026
BookPulse is an early-stage product built by one founder. We are honest about what we have today and what we are building toward. Our current security posture is documented on the Security Practices page — encryption in transit and at rest, Row-Level Security on every table, server-side enforcement, de-identified AI processing, and US-based infrastructure.
Here is where we stand on the certifications and controls schools commonly evaluate. Dates are targets, not guarantees — we will update this page as items ship.
| Item | Status | Target |
|---|---|---|
| SOC 2 Type II audit | Not started | Q3 2027 |
| Third-party penetration testing | Not started | Q1 2027 |
| Multi-factor authentication (teacher accounts) | In design | Q4 2026 |
| Centralized security event monitoring (SIEM) | Not started | Q2 2027 |
| Public SLA with uptime guarantees | Not started | Q3 2027 |
| Formal bug bounty program | Not started | Q4 2027 |
| Anthropic Data Processing Agreement execution | In progress | Q3 2026 |
If a missing item on this roadmap is a hard requirement for your school or district, that is useful for us to know. Email chris@readbookpulse.com and we will be candid about current status and timing. We would rather have an honest conversation about fit than oversell.