SECURITY & PRIVACY

Trust starts with clear boundaries and predictable behavior

QuizTem is designed to keep organizations, roles, assessment history, and update operations within explicit product-owned safeguards.

PRODUCT SAFEGUARDS

Security principles built into the workflow

These controls reflect current product behavior—not external certification claims.

Organization scoping

Keep school and program data inside eligible boundaries.

Role-aware access

Use QuizTem memberships for authorization.

History protection

Preserve attempts, answers, and results.

Safe updates

Validate packages before applying code changes.

IDENTITY & ACCESS

Preserve the host identity model.

QuizTem uses the host Laravel authentication configuration while granting product access through QuizTem memberships.

No duplicate-user design

Flows should not create a second user for the same email.

Membership authorization

QuizTem roles remain product-specific.

Role workspaces

Administrators, teachers, and students see relevant areas.

Access model

Host authentication · QuizTem authorization

Identity

Resolved through Laravel auth

Product roles

Granted through memberships

Data boundary

Membership + assignment + enrollment + organization

Student access

Active eligible context

Educator review

Role and organization scoped

ORGANIZATION BOUNDARIES

Keep learning data in the correct workspace.

Student exams, assignments, attempts, reviews, and results stay scoped to active memberships and organization context.

Eligible membership

Access begins with an active product membership.

Assignment scope

Learners see exams assigned to them or active classes.

Authorized review

Educators review only eligible organization data.

ASSESSMENT INTEGRITY

Viewing history must not rewrite it.

Read-only exam and result pages do not create attempts, save answers, recalculate scores, or mutate assignments.

Read-only review

Opening a result does not change the outcome.

Draft mutation guards

Question edits stop when history makes them unsafe.

Publish readiness

Incomplete authoring cannot transition to published.

Integrity guards

Protect active assessments and learner history

Review behavior

No hidden mutations

Authoring behavior

Guarded by exam state

Update safeguards

Release metadata · staging · checksum · backup

Package target

fklavyenet/quiztem runtime

Migrations

Skipped by default for web apply

PACKAGE UPDATES

Treat update application as a guarded operation.

QuizTem’s package-safe update path expects a newer compatible release, checksum verification, staging checks, allowlist scanning, runtime target validation, and backup.

Compatible release

Apply only an eligible newer package.

Artifact verification

Validate checksum and package contents.

Controlled target

Apply to the active QuizTem package path.

CLEAR SCOPE

What this page does—and does not—claim

Security communication should stay precise and verifiable.

Product behavior

This page describes controls implemented in QuizTem workflows.

Host responsibility

The Laravel host owns infrastructure, authentication setup, and environment operations.

No certification claim

No SOC 2, ISO, or similar certification is asserted here.

No legal substitute

Contact the team for deployment-specific and policy questions.

Have a security or deployment question?

Tell us about your Laravel environment, organization structure, and assessment workflow.