Data Tier Definitions
Who can do this:Super AdminDirectorCase ManagerCoordinatorGrant WriterVolunteer
Goal: Understand the four data tiers that control how student information is stored and accessed.
Tier 1 — Encrypted
Access: Super Admin only
| Field | Storage | Display |
|---|---|---|
| Social Security Number (SSN) | Encrypted at rest with pgcrypto | Masked as ***-**-1234 in UI |
- SSN is never displayed in full in the interface
- Only Super Admins can decrypt and view the full SSN
- The encryption key is stored separately from the database
🛑 IMPORTANT:
Never ask a student for their SSN unless absolutely required for a specific grant. Never write an SSN in an email, text, or note. Always enter it directly into VoTech.
Tier 2 — Restricted
Access: Case Manager + Super Admin only
| Fields |
|---|
| ACE (Adverse Childhood Experiences) scores |
| ACE comments and exit interview responses |
| Life stories |
| Case notes |
- All Tier 2 data is append-only — records cannot be deleted
- Every access is logged in the audit trail
- Case notes have timestamps and author attribution
🛑 IMPORTANT:
Tier 2 data reflects a student's most sensitive personal experiences. Never discuss ACE scores or case note contents with anyone who doesn't have Tier 2 access. Never screenshot or copy this data.
Tier 3 — Sensitive
Access: All authorized staff at the student's location
| Fields |
|---|
| Justice involvement (current, former, never) |
| Disability status and type |
| LGBTQ identification |
| Foster care status |
| Homeless status |
| Spiritual milestones |
- Scoped by location — you can only see Tier 3 data for students at your location
- Used in aggregate for grant reporting
- Handle with care in conversations and meetings
Tier 4 — Standard
Access: All authorized staff at the student's location
| Fields |
|---|
| Name, date of birth, gender, ethnicity |
| Contact information (address, phone, email) |
| Education status and school info |
| Program enrollment and category |
| Attendance records |
| Certifications |
| Employment status |
- The most broadly accessible tier
- Still protected by location scoping and role-based access
- Grant Writers can access Tier 4 (and Tier 3) data for reporting
- Grant Writers cannot query the raw
studentstable — they are routed through thestudents_grant_safeview which excludes SSN, ACE data, case notes, and life stories (FERPA restriction F-004) - Grant Writers are also restricted from Tier 3 keys: justice involvement, disability status, LGBTQ identification, and foster care status
Quick Reference
| Tier | Sensitivity | Access | Special Rules |
|---|---|---|---|
| 1 | Encrypted | Super Admin only | Encrypted at rest, masked in UI |
| 2 | Restricted | Case Manager + Super Admin | Append-only, audit logged |
| 3 | Sensitive | All staff at location | Location-scoped |
| 4 | Standard | All staff at location | Location-scoped |