Trust and Compliance Center
Welcome to the Cirrus Identity Trust and Compliance Center prepared materials. You can find the following:
- Terms of Service
- Privacy Policy
- Cookie Policy
- HECVAT Document
- Accessibility Conformance Report (VPAT)
- SOC2 Audit Reporting
- TX-RAMP Certification
- Security Disclosure Notice
- Prohibitions on System Monitoring or Testing
- Where to Direct Questions
Terms of Service
The Cirrus Identity current Terms of Service is available below and posted at the bottom of each Cirrus Identity Website page.
Privacy Policy
The current Cirrus Identity Privacy Policy is available below and posted at the bottom of each Cirrus Identity Website page.
Current Privacy Policy - Effective May 9, 2023
A new version of the Cirrus Identity Privacy Policy will go into effect June 2, 2025. You may preview the new version at the following link:
New Privacy Policy - Effective June 2, 2025
The following are past versions of the Cirrus Identity Privacy Policy:
Prior Privacy Policy - Effective September 8, 2022
Prior Privacy Policy - Effective May 23, 2018
Cookie Policy
To support the Cirrus Identity Website and the Cirrus Identity Privacy Policy, we have established a Cookie Policy.
HECVAT
Cirrus Identity supports use of the Higher Education Community Vendor Assessment Toolkit (HECVAT) as a shared method between campuses and vendors to streamline the vendor assessment process. Cirrus Identity is committed to updating our HECVAT on an annual basis and posts the most recent version here.
Higher Ed Vendor Assessment Tool (HECVAT)
Accessibility
Cirrus Identity is committed to providing products that are accessible. We continually work to improve the accessibility of our products and websites following the WCAG recommendations.
Voluntary Product Accessibility Template (VPAT) - WCAG Edition
SOC2 Type 2 Audit
Cirrus Identity has completed a SOC2 Type 2 audit. You may download the latest Letter of Attestation here. To obtain the full report, please contact Cirrus Support by sending an email to support@cirrusidentity.com.
TX-RAMP Level 1 Certification
Cirrus Identity has received Texas Risk and Authorization Management Program (TX-RAMP) Level 1 certification. You may find Cirrus Identity listed on the TX-RAMP Certified Cloud Products list. Additional TX-RAMP information can be found on the TX-RAMP website, Texas Risk and Authorization Management Program (TX-RAMP).
Security Disclosure Notice
Cirrus Identity encourages responsible disclosure of any security concern. We do not have a bug bounty program. To report a vulnerability, please email security@cirrusidentity.com.
Prohibitions on System Monitoring or Testing
As specified by contract, Cirrus Identity customers shall not engage in stress/load testing, monitoring, or penetration testing of Cirrus Identity Service infrastructure. Cirrus Identity performs routine load testing, periodic penetration testing, continuous monitoring, and continuous intrusion detection scanning on the Services. Information about these practices is available within the HECVAT discussed above or by requesting our SOC2 Type2 report.
Where to Direct Questions
Questions, concerns, or complaints regarding the Cirrus Identity Trust and Compliance Center, or the linked content, should be directed by email to security@cirrusidentity.com.
