# Data Security Checklist

Use this checklist before drafting data-security language.

## Systems

- [ ] Learning platform / website:
- [ ] Survey system:
- [ ] Database:
- [ ] AI provider or API:
- [ ] File storage:
- [ ] Analysis environment:

## Identifiers

- [ ] Names
- [ ] Email addresses
- [ ] Student IDs
- [ ] IP addresses
- [ ] Account usernames
- [ ] Free-text responses that may contain identifiers
- [ ] Uploaded files that may contain identifiers

## Data categories

- [ ] Consent records
- [ ] Recruitment records
- [ ] Survey responses
- [ ] Interview/focus group transcripts
- [ ] Learning artifacts
- [ ] Artifact metadata
- [ ] Interaction logs / telemetry
- [ ] AI feedback text
- [ ] Learner-AI interaction text
- [ ] Grades or course records

## Protection

- [ ] Direct identifiers stored separately when feasible
- [ ] Access limited to approved study personnel
- [ ] Raw exports kept in controlled storage
- [ ] De-identified analysis files created for modeling
- [ ] Retention period stated
- [ ] Deletion or archival plan stated
- [ ] AI/API data flow described accurately
- [ ] Public reporting will use aggregate or de-identified examples

## Questions to resolve

1.
2.
3.