Skip to main content FeatureBench User Guide

Security Posture

FeatureBench is an automated SolidWorks grading and feedback platform used by universities, businesses, and indepenent courses. This page outlines our security posture and the practices we follow to protect the data entrusted to us. While this is not an exhaustive breakdown of internal systems, it provides transparency into the controls we maintain across our platform.

Data We Handle

FeatureBench processes and stores the following categories of information:

  • Submission files such as SLDPRT and other CAD formats. Under normal operation, these files are not deleted. Submitted files are made available to the original student who submitted them, teachers and TAs who have access to the course, our internal tools & systems, and our internal team for debugging, analysis, and improving our service.
  • User account information, including names, emails, and passwords. Additionally, we store the user’s IP address and user agent to help us understand how our platform is being used and to ensure user accounts are secure.
  • Grades and feedback generated by instructors or by automated analysis. This data is stored securely and is only accessible to the instructor, TAs, and the student. Grade data is encrypted and is not human-readable to our team.
  • Network metadata, such as IP addresses, timestamps, user agents, and other request-level information.
  • Document metadata extracted from submitted files, including device usernames, last saved times, and last saved by fields. Even data not immediately extracted from the file could be pulled at a later time using the stored file.
  • Session recording for debugging, analysis, and making our service easier to use.

Infrastructure

FeatureBench operates on a combination of:

  • Hetzner and DigitalOcean compute, used for application services and background workers. All compute is located within the United States or Germany.
  • Cloudflare for DNS, TLS termination, secure public access, and external network security and protection. Among other services, FeatureBench uses the Cloudflare global CDN, so your content may be delivered from a different location depending on your location.
  • Postgres for primary relational data storage.
  • Redis for caching, ephemeral data, and queues.
  • S3-compatible object storage for submission files and associated assets.
  • Internal RabbitMQ for asynchronous, error-resilient workload processing, including making sure assignments are still graded even when the grader application is not available.

Authentication & Access

Users sign in using email and password credentials. FeatureBench implements basic role-based access controls to ensure features and data are accessible only to the appropriate user types within the application. Passwords are destructively hashed and salted, ensuring passwords are not stored in plaintext.

Encryption

FeatureBench applies encryption at multiple layers:

  • In transit: All communication between clients and FeatureBench services occurs over HTTPS.
  • At rest: Data stored in our databases and object storage systems uses the native encryption capabilities provided by our infrastructure providers.

Application Practices

FeatureBench follows a set of baseline security practices that support predictable and safe operation:

  • Isolated processing environments for automated grading tasks.
  • Internal messaging for background workflows using RabbitMQ.
  • Controlled access to user data through the application’s permission model.
  • Segregation of systems so file processing, API handling, and storage each operate independently.

Commitment to Users

Our goal is to maintain a security posture that is appropriate for an academic-focused platform while being transparent about how FeatureBench operates. We review our systems periodically and update internal practices as our platform grows and evolves.

For questions about this page or FeatureBench’s security posture, please contact us directly.