Security

We take security and privacy seriously and keep things simple: collect only what’s needed, protect it well, and give providers control over where assessment data lives.

  • Minimal personal information

    Vocina can run using an anonymous learner ID, rather than a name or email address.

  • Provider-controlled storage

    We can transfer audio and transcripts to your preferred storage (e.g., SharePoint) so Vocina does not retain assessment data for longer than it takes to conduct an assessment.

  • Data deletion

    Learners and providers can request a full account data deletion at any time by contacting Scarlatti.

  • Independent security testing:

    In addition to rigorous internal testing, we have engaged third-party testing providers to conduct penetration testing on the Vocina API, with an intention to repeat testing regularly (e.g., annually/after major changes).

  • Working towards ISO 27001:

    Scarlatti has contracted with Vanta and is progressing an ISO 27001 certification programme.

At a glance

Vocina is built for institutional use so access, oversight, and outcomes fit real teaching and training environments.

  • No OpenAI accounts required

    Learners and staff access Vocina through your organisation’s setup - no individual OpenAI accounts needed.

  • Institution-managed access and usage

    Access and usage are provisioned by the provider, supporting managed rollouts and predictable delivery.

  • Learner IDs (not personal identifiers)

    Vocina can operate using an anonymous learner ID rather than names or email addresses.

  • Educator visibility and auditability

    Conversations are recorded and available to authorised educators/administrators to support oversight and review.

  • Automatic flags when support is needed

    The platform can flag learners who behave inappropriately, appear to need support, or do not meet required expectations so staff can follow up.

  • LMS integration (including grade passback where supported)

    Vocina supports Moodle and Totara integrations with grade passback. For other LMS platforms, contact us and we’ll confirm the best integration pathway for your environment.

  • Provider-controlled data storage options

    Audio and transcripts can be transferred to your preferred storage so data lives where your organisation expects it to. Where Vocina temporarily retains audio/transcripts to complete delivery, this is typically only a few days.

Designed for education providers

Depending on your setup, Vocina may handle:

  • Audio (learner speech) and transcripts

  • Assessment material (e.g., questions, grades, rubrics)

  • A learner identifier (preferably an anonymous learner ID).

What data Vocina handles

Vocina runs on Google Cloud Platform infrastructure hosted in Sydney, Australia. Learner audio (and related transcripts) are processed using OpenAI services, under OpenAI’s applicable security and data-handling controls.

Where data is stored and processed

Where data is transferred back to the provider, learners can use the provider’s existing channels to access, correct, or request deletion of their information.

Access and learner rights

We align our practices with recognised security expectations, including:

  • Internal security reviews and remediation

  • Third-party testing engagements and repeat testing after major changes

  • An ISO 27001 certification programme underway with Vanta

Security assurance

Questions from procurement or IT teams?

We’re happy to help. If you’d like more detail on hosting, access controls, retention, testing, or documentation for due diligence, get in touch - we’ll point you to the right information and talk it through.