🔒 Security & Privacy

Your school's data.
Safe. Secure. Yours.

We treat your school's data the way you would — protected, private, and always under your control.

🔒

Your Data, Your Control

  • Dedicated database per school — never shared, never co-mingled
  • Export everything as CSV anytime from every module
  • Delete your account → data permanently removed within 30 days
  • We never sell, rent, or share your data — ever
🛡️

Encryption Everywhere

  • HTTPS/SSL on every page, every request
  • Aadhaar numbers encrypted at rest (AES-256)
  • Passwords bcrypt-hashed (never stored in plain text)
  • Medical info, income, sensitive fields encrypted
💾

Daily Automated Backups

  • Every school backed up every 24 hours
  • 30-day backup retention
  • Disaster recovery plan tested quarterly
  • Point-in-time restore available on request
🇮🇳

Data Stays in India

  • Servers located in Mumbai / Bangalore
  • Indian data protection compliance
  • Razorpay for payments (RBI-compliant)
  • No data transfer outside India without your consent
🔑

Role-Based Access Control

  • Teachers see only their assigned classes
  • Parents see only their own children
  • Accountants see only financial data
  • Every super-admin access is logged and audited
📱

Parent & Student Privacy

  • Students cannot see other students' data
  • Parent-teacher messages are private 1-on-1
  • No public sharing of photos or student info
  • COPPA-aligned data handling for minors

For your IT person

The technical details that matter for due diligence.

Framework
Laravel 13 (PHP 8.3)
Authentication
Laravel Sanctum 4 (24h tokens)
Multi-tenancy
stancl/tenancy v3 (battle-tested)
Permissions
spatie/laravel-permission v7
Database
MariaDB with dedicated DB per tenant
Payments
Razorpay (RBI + PCI-DSS compliant)
OTP
MSG91 WhatsApp Business API
Push
Firebase Cloud Messaging (FCM)
Rate limiting
6 req/min on auth endpoints
Input validation
FormRequest layer, every endpoint
OWASP protections
CSRF, XSS, SQL injection built-in
Security audit
Completed April 2026, all findings resolved

Security FAQ

Where is my school's data stored?
On Indian servers in Mumbai/Bangalore, with daily automated backups. Your data never leaves India.
Can you see my school's data?
Only with your written permission (for support). All super-admin access is logged and audited. We do not sell, rent, or share your data under any circumstances.
What happens to my data if I leave?
Export everything as CSV anytime. After cancellation, your data is permanently deleted within 30 days, or immediately on request.
Are parents' phone numbers safe?
Yes. Phone numbers are stored encrypted, never shared with third parties, and we never use them for our own marketing.
What if SchoolCare gets hacked?
We follow industry best practices (HTTPS, encryption at rest, bcrypt, rate limiting, audit logs). If a breach does happen, we'll notify affected schools within 48 hours and publish a full incident report.
What about Aadhaar compliance?
Aadhaar numbers are optional. If collected, they're encrypted with AES-256 at rest, never displayed in plain text except to the school admin, and never sent to third parties.
Do you have a data processing agreement?
Yes. Available on request. Email privacy@schoolcare.app.

Questions about security?

We take data protection seriously. If you're evaluating SchoolCare for a large school and need a deeper security review, we're happy to help.

Email privacy@schoolcare.app Read Privacy Policy