My College Roomie understands that data security and student data privacy is of utmost importance to its Institution and student clients.  We have therefore taken extensive security measures to ensure that all data housed within the My College Roomie platform and its servers is effectively and efficiently protected.


FERPA Compliance

My College Roomie takes efforts to ensure compliance with the Family Educational Rights & Privacy Act. While FERPA typically applies (and was created to apply) to Institutions and their policies on the disclosure of student information, My College Roomie has taken steps to ensure we mimic and support such policies when it comes to student data.

As such, the only authorized viewers of student data are Institution faculty members with MCR accounts, and MCR administrators acting as Customer Support and Site Maintenance personnel, all of whom are covered under contracting agreements and non-disclosures to protect customer data. Within our service contract agreements, My College Roomie agrees not to disclose student data to outside parties with the exception of the following situations:

  • To comply with a judicial order or lawfully issued subpoena;
  • To appropriate officials in cases of health and safety emergencies; and
  • To state and local authorities, within a juvenile justice system, pursuant to specific State law.


Safeguards against “data leaks”:

  • Data Storage – The MCR data is stored on a database on a managed virtual machine hosted by Grindflow Management and located at ViaWest in Denver, CO. We also have a deployment strategy that sandboxes data to independent servers per client/college.Risk prevention is at the core of our File and Database Integrity Verification Service, which protects critical IT configurations by aligning them with access and security best practices and policies. We mix integrity monitoring with comprehensive compliance and network security policy management allowing us to comb through a complete audit trail and perform a full forensic analysis on your systems and data.
  • Strict password policy for users
  • Network Security – A hybrid of network security measure including Intrusion Detection and Prevention, Virtual Private Network, and Firewall Services. Our Managed Network Security protects the network against external attacks and stops unauthorized access to protect against worms, Trojans, and other malicious data from entering the network. The network is monitored by experts 24x7x365.
  • Secure login through SSL encryption
  • Anti-spam protections – Acts as a filter to ensure no spam attempts are successful.
  • Industry-Leading 24x7x365 Firewall Monitoring – This ensures that any malicious attempts to access the secure server or its data are stopped immediately. Our security measure includemultiple security zones, onsite monitoring, VPN availability, security policy audits, firewall patching and updates, network address translation, and onsite hardware sparing in the event of a failure.
  • Routine security updates and maintenance applied to applications – This ensures our security measures and features are always up to industry standard.
  • Server security is to the level of PCI-compliance SAQ-D standards – This ensures that any and all sensitive data is encrypted and stored per industry standard.
  • Data protection – Backups are performed daily and have 3 months of rolling storage.