Compliance · architectural, not bolt-on
Built for the auditor.
From the first line of code.
FERPA, HIPAA, COPPA 2.0, CMMC, SOC 2, GLBA, state student data laws, OSHA workforce records — MobileID.ai handles them all because the platform was architected to handle them, not retrofitted afterward.
FERPA
Family Educational Rights and Privacy Act
- Immutable, hash-chained, append-only audit log
- 3-year retention default, configurable to 10+ years
- Disclosure log with consent record reference
- Parent / eligible student right of access via cardholder portal
- Amendment request workflow routed to institutional FERPA officer
- Directory information opt-out at the data layer
HIPAA
Health Insurance Portability and Accountability Act
- Standard BAA at customer onboarding
- AES-256 at rest, TLS 1.3 in transit
- Role-based access with least-privilege defaults
- Quarterly access review built into the platform
- Pre-credential HIPAA training validation via LMS integration
- Auto-revocation on employment termination — no orphaned credentials
COPPA + State COPPA 2.0
Children's Online Privacy + Arkansas HB 1717, Utah, California
- Verifiable parental consent — multi-method
- Annual consent renewal with auto-expiry workflow
- Data minimization at minor records — identity only
- One-click parental deletion with audit-log preservation of deletion event
- Age-appropriate consent UX (children vs. teens in COPPA 2.0 states)
- Geographic awareness — state-of-residence drives consent flow
CMMC 2.0
Cybersecurity Maturity Model Certification (DoD)
- Level 1 compliant by architecture (15 foundational practices)
- Level 2 target Q4 2026 — NIST SP 800-171 aligned (110 practices)
- Data residency controls (US-only / US-Gov region)
- FIPS 140-2 validated encryption modules
- Multi-factor authentication enforced platform-wide
- Configuration change management with full audit
SOC 2 Type II
Service Organization Control 2
- Type I report Q4 2026 — point-in-time controls audit
- Type II report Q3 2027 — 6-month operational evidence
- All five Trust Services Criteria covered
- Auditor evidence package available to enterprise customers
- Continuous controls monitoring
GLBA
Gramm-Leach-Bliley Act (Financial Aid)
- Higher Ed financial aid data handling
- Bursar and TouchNet/Nelnet integration with audit trail
- Separation of education records (FERPA) and financial records (GLBA) at the data layer
GDPR / CCPA / CPRA
European + California Privacy
- Data residency: pin EU customer data to EU region
- Right to delete, right to know, right to opt out of sale (we never sell data)
- CCPA-compliant cardholder data handling
- Pipeda (Canada) supported via standard contracts
State School Disclosure Laws
Arkansas, California, Texas, Florida, Illinois, New York, more
- Configurable per-state rule library
- Trigger detection from identity / camera / SIS events
- Multi-channel delivery (SMS, email, push, printed letter)
- Delivery receipts captured for legal compliance
- Annual disclosure rights summary to parents
Stop running identity from a spreadsheet.
A 20-minute call. We show you the platform live, mapped to your systems. You decide if you want a 60-day pilot. No PowerPoint sales pitch.