Ontology data security and access controls
Ontology is CollegeVine's governed data environment for your institution's source data. It gives CollegeVine agents and applications consistent, controlled access to institutional data without connecting directly to your operational systems for every interaction. This article covers how that data is handled, who can access it, and what controls your institution has.
How your data enters the platform
Before any data moves, CollegeVine and your institution agree on which source systems and data subsets are included. Your institution then connects through one of three ingestion methods: a private network connection to the source database (VPN), an API or gateway endpoint, or a scheduled file transfer. In all three cases, your institution controls what is shared via the credentials provided CollegeVine and can stop future ingestion at any time by revoking said credentials, disabling network access, or stopping file transfers.
How your data is stored
Ingested data is stored in an institution-specific environment within Databricks, hosted on AWS. Each institution has a dedicated, physically isolated catalog. Your data is not accessible to or combined with data from other institutions. Downstream consumers, including CollegeVine agents and applications, query curated outputs from that catalog using credentials scoped to on your your catalog. They do not have direct access to your source systems or intermediate processing data.
Access controls
CollegeVine uses a role-based access control system that applies to both staff and agents through a unified framework:
Least privilege: No one receives access beyond what is required for a defined purpose.
Explicit escalation: Access above a baseline level requires explicit configuration.
Agents follow the same rules as users: An agent cannot access data that the staff function it serves is not authorized to see.
Auditable: Access configuration changes and sensitive data accesses are logged and reviewed.
Observability
CollegeVine tracks lineage through the Ontology pipeline, including which source systems contributed data, when it was ingested, and how it was mapped and processed. A partner-facing dashboard for viewing this lineage is in development. In the interim, this information is available internally and can be provided on request. Reach out to your CollegeVine rep if you have a specific audit or documentation need.
Stopping access
To stop future ingestion: Revoke your credentials, disable network access, or stop file transfers. This is within your control and takes effect immediately.
To remove previously ingested data: Data in your Databricks catalog is removed upon request to CollegeVine. A self-service option for this is on the roadmap but is not yet available.
Frequently asked questions
Can we see what data CollegeVine accesses and when?
Can we see what data CollegeVine accesses and when?
Lineage is tracked for every ingestion run and pipeline step. A partner-facing dashboard is in development. In the interim, we log agent activity to query the ontology, or your rep can provide audit documentation on request.
Can we shut off access immediately?
Can we shut off access immediately?
You can stop future ingestion immediately by revoking credentials or disabling network access. Removing data already in the platform requires a request to CollegeVine, which we handle promptly.
Is our data kept separate from other universities?
Is our data kept separate from other universities?
Yes. Each institution has a dedicated, isolated catalog. No data is shared across institutions.
Can agents access data our staff cannot?
Can agents access data our staff cannot?
No. Agent access is governed by the same system as human users and is bounded to the permissions configured for its specific function.