Security & Privacy
Your students' data is protected by multi-layer security and strict access controls.
Multi-tenant isolation
Every school's data lives in its own logical partition. A teacher at School A can never query, list, or even discover students at School B. Cross-school access is impossible at the database level.
Role-based access control
Built-in roles (school admin, teacher, accountant, librarian, parent, student) plus custom roles per school. Class teachers see only their sections; subject teachers see only the classes they teach; parents see only their children.
Encryption in transit and at rest
All connections enforce TLS 1.2+. Sensitive fields (Aadhaar, bank account, medical) are stored masked or encrypted at rest. Database backups are encrypted.
Audit trail on every action
Every meaningful change — fee collected, marks edited, student transferred, parent linked — is logged with the user who did it, timestamp, and before/after values. Admins can search the trail any time.
Dual approval for sensitive actions
Configurable two-person approval for high-stakes changes — fee waivers, mark corrections, refunds. Either party alone cannot complete the action.
Geo, IP, and time-window guards
Restrict logins by country, IP range, or time of day. Detect and flag suspicious activity (impossible travel, unusual hours, brute-force).
Emergency access
Time-bounded "break-glass" access for incident response — every minute of access is logged and reviewed.
India data residency
Servers in India. Data never leaves the country unless you explicitly export it.
Compliance & best practices
Architected to align with India's Digital Personal Data Protection Act. Periodic security reviews. Vulnerability disclosure programme.
Have a security question or want to report a vulnerability? Email security@vidyasuite.com. We respond within 48 hours.