Trust and Compliance Center

Welcome to the Cirrus Identity Trust and Compliance Center prepared materials. You can find the following:

• Terms of Service
• Privacy Policy
• Cookie Policy
• HECVAT Document
• Accessibility Conformance Report (VPAT)
• SOC2 Audit Reporting
• TX-RAMP Certification
• Security Disclosure Notice
• Prohibitions on System Monitoring or Testing
• Where to Direct Questions 
  
  

Terms of Service

The Cirrus Identity current Terms of Service is available below and posted at the bottom of each Cirrus Identity Website page.

Terms of Service

Privacy Policy

The current Cirrus Identity Privacy Policy is available below and posted at the bottom of each Cirrus Identity Website page.

Current Privacy Policy - Effective May 9, 2023

A new version of the Cirrus Identity Privacy Policy will go into effect June 2, 2025. You may preview the new version at the following link:

New Privacy Policy - Effective June 2, 2025

The following are past versions of the Cirrus Identity Privacy Policy:

Prior Privacy Policy - Effective September 8, 2022

Prior Privacy Policy - Effective May 23, 2018

Cookie Policy 

To support the Cirrus Identity Website and the Cirrus Identity Privacy Policy, we have established a Cookie Policy.

Current Cookie Policy

HECVAT

Cirrus Identity supports use of the Higher Education Community Vendor Assessment Toolkit (HECVAT) as a shared method between campuses and vendors to streamline the vendor assessment process. Cirrus Identity is committed to updating our HECVAT on an annual basis and posts the most recent version here.

Higher Ed Vendor Assessment Tool (HECVAT)

Accessibility

Cirrus Identity is committed to providing products that are accessible. We continually work to improve the accessibility of our products and websites following the WCAG recommendations. 

Voluntary Product Accessibility Template (VPAT) - WCAG Edition

SOC2 Type 2 Audit

Cirrus Identity has completed a SOC2 Type 2 audit. You may download the latest Letter of Attestation here. To obtain the full report, please contact Cirrus Support by sending an email to support@cirrusidentity.com.

TX-RAMP Level 1 Certification

Cirrus Identity has received Texas Risk and Authorization Management Program (TX-RAMP) Level 1 certification. You may find Cirrus Identity listed on the TX-RAMP Certified Cloud Products list. Additional TX-RAMP information can be found on the TX-RAMP website, Texas Risk and Authorization Management Program (TX-RAMP).

Security Disclosure Notice

Cirrus Identity encourages responsible disclosure of any security concern. We do not have a bug bounty program. To report a vulnerability, please email security@cirrusidentity.com.

Prohibitions on System Monitoring or Testing

As specified by contract, Cirrus Identity customers shall not engage in stress/load testing, monitoring, or penetration testing of Cirrus Identity Service infrastructure. Cirrus Identity performs routine load testing, periodic penetration testing, continuous monitoring, and continuous intrusion detection scanning on the Services. Information about these practices is available within the HECVAT discussed above or by requesting our SOC2 Type2 report.

Where to Direct Questions

Questions, concerns, or complaints regarding the Cirrus Identity Trust and Compliance Center, or the linked content, should be directed by email to security@cirrusidentity.com.