Security and governance

CALLIOPE protects assessment work through clear boundaries, role controls, and accountable AI use.

CALLIOPE combines a product-facing website with a governed platform runtime for transcripts, uploads, AI assessment, telemetry, billing, and audit controls.

Data minimization

CALLIOPE should collect the oral transcript, assessment, media, account, and telemetry data needed for the active workflow, not unrelated personal data.

Accountable anonymity

Peer or jury views may hide identity from other participants while educator or administrator traceability remains available for safety and governance.

AI boundaries

AI features process selected rubric context and voice streams to answer a request. Private user content is not used for public model training by default.

Architecture boundary

CALLIOPE.com serves commercial pages, policy pages, registration entry points, and product routing. Authenticated runtime paths may use the shared LearnAdapt platform so transcripts, assessment history, media, credits, AI requests, telemetry, analytics, and audit logs stay governed by one backend.

What stays shared

  • User accounts and roles.
  • Oral transcripts, uploaded media, rubrics, and assessment history.
  • Credits, usage logs, and billing events.
  • Product events, analytics, consent records, and audit logs.
  • AI provider controls and safety checks.

Encryption and transport

Authenticated sessions and platform traffic should use HTTPS/TLS. Storage services should use managed encryption and access controls appropriate to the environment.

Role-based access

Students, educators, researchers, administrators, and system administrators should receive only the permissions needed for their role and project context.

Auditability

Important service actions, AI requests, uploads, role changes, consent records, and administrative actions should be logged for investigation and compliance.

Privacy and legal alignment

CALLIOPE's governance model is designed to support Singapore PDPA principles such as accountability, consent, purpose limitation, notification, access and correction, protection, retention limitation, transfer limitation, and breach notification. For international use, CALLIOPE should also support GDPR/UK GDPR rights, applicable U.S. state privacy notices, and education-specific requirements in institutional agreements.

Incident response

If a security or data incident occurs, CALLIOPE should investigate, contain, document, and notify affected users, institutions, regulators, or authorities where legally required. Notification timing depends on the applicable law and the risk of harm.

AI and media safeguards

  • AI features should use only the rubric context needed for the requested task.
  • Uploaded audio, video, images, and documents may be processed for preview, playback, analysis, transcription, assessment, or summarization.
  • Users should avoid uploading confidential, regulated, or third-party content unless authorized.
  • Research exports should include only consented data and approved study fields.

Report a concern

Report security, privacy, account, or data protection concerns to help@calliope.com. Include the affected account, board, timestamp, and a clear description where safe to do so. Do not send passwords or highly sensitive files by email.