Enterprise-Grade Security

Security & Compliance

ScholarSync is built with security at its core — not as an afterthought. Every layer of the platform is designed to protect student data, ensure institutional privacy, and meet the highest standards of compliance.

DPIIT Recognised Startup

ScholarSync is officially recognised by the Department for Promotion of Industry and Internal Trade (DPIIT), Government of India.

Data Protection

Multiple layers of protection to keep institutional and student data secure.

End-to-End Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Sensitive fields like student records, grades, and personal information are encrypted at the application level using Fernet symmetric encryption.

Multi-Tenant Data Isolation

Each institution’s data is completely isolated using PostgreSQL Row-Level Security (RLS). No institution can ever access another institution’s data — even at the database query level.

Role-Based Access Control

Five distinct user roles (Super Admin, Org Admin, Teacher, Student, Parent) with granular permissions. Every API endpoint enforces role and organization checks before processing.

Platform Security

Security controls built into every layer of the platform.

Authentication & Session Management

JWT-based authentication with token binding, signature verification, and Redis-backed token blacklisting. Session tokens include device and IP binding to prevent hijacking.

Session & Activity Monitoring

Every login, document access, and assessment attempt is logged with timestamps, device info, and IP addresses. Admins can monitor active sessions and force logout if needed.

Proctoring Data Security

All proctoring data (face liveness, gaze tracking, tab switching) is processed in real time and stored securely. No raw biometric data is retained — only integrity scores.

Student Data Privacy

Transparent data practices built around student safety.

What We Collect

Only what’s necessary — name, email, class enrollment, assessment scores, and learning progress.

What We Don’t Do

We never sell student data. We never share it with third-party advertisers. We never use it for purposes beyond the institution’s educational goals.

Parental Visibility

Parents can see their child’s academic data, attendance, and progress — but cannot access other students’ information.

Designed for compliance with

DPDP Act 2023FERPACOPPAGDPR

Frequently Asked Questions

Common questions about our security and data practices.

Have questions about security?

We're happy to discuss our security practices in detail.