Safety & Security

Vocina is built for guided learning and assessment conversations. We use layered safeguards so interactions stay appropriate, the experience is consistent for learners, and educators remain firmly in control.

We take security and privacy seriously and keep things simple: collect only what’s needed, protect it well, and give providers control over where assessment data lives.

Safety

How we support confident assessment

  • Structured conversations that stay aligned to your task and learning outcomes

  • Learners explain their thinking to show understanding in their own words

  • Clear evidence for educators - records and summaries that support review

  • Human oversight - educators can review and override outcomes as needed

Layers of safeguards

  • Prompt design
    Our base prompts are tested and iterated to ensure agents shut down inappropriate conversations.

  • Latest models
    We use the most advanced models which include resistance to prompt injection and built-in safeguards.

  • Conversation issue flagging
    We automatically review conversations for a variety of inappropriate behaviour and flag these conversations for follow-up.

  • Automated conversation testing

    We run automated tests on our agents by simulating conversations to ensure appropriate responses to different situations.

Transparency for learners

We recommend clear learner information (what Vocina does, what’s recorded, and how it’s used) and consent wording as part of any pilot.

Want to go deeper?

If your organisation has specific requirements (academic integrity expectations, moderation settings, or risk reviews), we’re happy to share more detail and walk you through our safeguards. Get in touch and tell us what your team needs.

Security

At a glance

  • Minimal personal information

    Vocina can run using an anonymous learner ID, rather than a name or email address.

  • Provider-controlled storage

    We can transfer audio and transcripts to your preferred storage (e.g., SharePoint) so Vocina does not retain assessment data for longer than it takes to conduct an assessment.

  • Data deletion

    Learners and providers can request a full account data deletion at any time by contacting Scarlatti.

  • Independent security testing:

    In addition to rigorous internal testing, we have engaged third-party testing providers to conduct penetration testing on the Vocina API, with an intention to repeat testing regularly (e.g., annually/after major changes).

  • Working towards ISO 27001:

    Scarlatti has contracted with Vanta and is progressing an ISO 27001 certification programme.

Designed for education provider

Vocina is build for institutional use so access, oversight and outcomes fit real teaching and training environments.

  • No OpenAI/Google accounts required

    Learners and staff access Vocina through your organisation’s setup - no individual OpenAI/Google accounts needed.

  • Institution-managed access and usage

    Access and usage are provisioned by the provider, supporting managed rollouts and predictable delivery.

  • Learner IDs (not personal identifiers)

    Vocina can operate using an anonymous learner ID rather than names or email addresses.

  • Educator visibility and auditability

    Conversations are recorded and available to authorised educators/administrators to support oversight and review.

  • Automatic flags when support is needed

    The platform can flag learners who behave inappropriately, appear to need support, or do not meet required expectations so staff can follow up.

  • LMS integration (including grade passback where supported)

    Vocina supports Moodle and Totara integrations with grade passback. For other LMS platforms, contact us and we’ll confirm the best integration pathway for your environment.

  • Provider-controlled data storage options

    Audio and transcripts can be transferred to your preferred storage so data lives where your organisation expects it to. Where Vocina temporarily retains audio/transcripts to complete delivery, this is typically only a few days.

What data Vocina handles

Depending on your setup, Vocina may handle:

  • Audio (learner speech) and transcripts

  • Assessment material (e.g., questions, grades, rubrics)

  • A learner identifier (preferably an anonymous learner ID).

Where data is stored and processed

Vocina runs on Google Cloud Platform infrastructure hosted in Sydney, Australia. Learner audio (and related transcripts) are processed using OpenAI and/or Google services, under their respective security and data-handling controls.

Access and learner rights

Where data is transferred back to the provider, learners can use the provider’s existing channels to access, correct, or request deletion of their information.

Security assurance

We align our practices with recognised security expectations, including:

  • Internal security reviews and remediation

  • Third-party testing engagements and repeat testing after major changes

  • An ISO 27001 certification programme underway with Vanta

Questions from procurement or IT teams?

We’re happy to help. If you’d like more detail on hosting, access controls, retention, testing, or documentation for due diligence, get in touch - we’ll point you to the right information and talk it through.