Every item below is live in production. We pilot at El Camino Real Charter — you can demo the running system before signing anything.
Live in production
Every cross-user data read, every grade change, every AI call, every login. Append-only at the Postgres layer — even an admin account cannot edit history. Denied access attempts logged with the same fidelity.
Live in production
For any student, see every AI call that referenced them: actor, feature, model, content hashes, timestamp. Answer parent transparency requests in under a minute.
Live in production
Create, role-change, soft-delete users. Demote-before-delete protections. Soft-delete preserves the audit trail. Restore with one click.
Live in production
Reset a staff member's MFA when they lose their phone. The user is forced to re-enroll on next login. Every MFA reset is audited.
Live in production
Schoolwide announcements with priority (LOW / NORMAL / HIGH / URGENT), date ranges, role targeting. Auto-pushes to dashboards.
Live in production
Define bell schedule per day of week. Special schedules for assemblies, finals, half days. Drives attendance and gradebook periods automatically.
Live in production
Issue and track hall passes systemwide. See current passes out, time elapsed, return-by status. Patterns flagged.
Live in production
Filed by teachers and staff, encrypted at rest, reviewed by admins. Discipline workflow: open → escalated → resolved.
Live in production
California state reporting fields and exports baked in. Per-student demographic, program, enrollment, exit, and assessment data ready for upload.
Live in production
Auto-generate California-compliant attendance letters at thresholds (3, 6, 9 absences). Mail or email; both audited.
Live in production
Download every record we hold on every student in one JSON file, on demand. SOPIPA-mandated right to leave with your data, made one click.
Live in production
Pre-built reports for state, district, internal. Plus a CSV export for any list you can see in the UI.
We name what we have not built so you can plan against reality. If one of these is critical for your school, tell us — we prioritise by pilot-school request.
On roadmap
Live two-way sync with PowerSchool, Infinite Campus, Aeries, Skyward. CSV import is available today; live API integration is next.
On roadmap
If you run more than one site, a district-level dashboard rolling up enrollment, attendance, discipline, and risk metrics. Per-site drill-in.
On roadmap
Auto-generated board-of-trustees report packets: enrollment, attendance, discipline trends, demographics, performance — exportable to PDF, themable to your board's preferences.
On roadmap
Student lunch accounts, cafeteria scan-in, payment processing, fee tracking. End the separate-vendor sprawl.
On roadmap
Pattern detection across discipline categories, time-of-day, day-of-week, by demographic. Equity audit built in.
On roadmap
Drag-and-drop builder for any cross-table report a state or auditor asks for. Save and re-run.
On roadmap
REST API for any data your district's ETL needs. Webhooks on every meaningful event. OAuth 2.0.
On roadmap
SAML 2.0 + OIDC support. Map IdP groups to Nova roles automatically.
On roadmap
Your school's colors, your school's logo on the login page, your school's bell-ringer photo on the dashboard.
The architecture decisions that protect this role specifically, not the generic security copy.
When the district CISO, the school's lawyer, or an auditor asks "prove it," you have a screen to show them. The audit log demonstrates exactly who accessed what. The AI usage trail demonstrates exactly what student data was sent to a third party. The threat model document at scripts/ops/THREAT_MODEL.md describes every attacker we've defended against and every gap we acknowledge.
When a parent invokes their FERPA rights, the response is under five minutes — they get a self-service portal, they get an export, they get a disclosure log, and the whole exchange is audited. No paper trail to lose.
When your school leaves Nova — whether because we failed you or because a board chose differently — you take your data with you in one click. SOPIPA-compliant JSON export, all tables, all relationships intact.
And when an attacker eventually tries something, you see it in real time on the audit-log dashboard with the denied attempts in red.
Nova is a small team. When you email [email protected] you reach a founder. We'll send you a working demo login, the threat model document, and a draft DPA we co-built with K-12 EdTech counsel.