Security

How we protect your data

Our Commitment to Security

At Tutionwale, the security of your data is our top priority. We handle sensitive information including student records, attendance data, financial transactions, and personal details. We employ industry-leading practices to ensure your data remains safe and protected.

Infrastructure Security

🔒 SSL/TLS Encryption

All data transmitted between your browser and our servers is encrypted using TLS 1.3 (256-bit encryption).

🛡️ Firewall Protection

Multi-layered firewall protection with DDoS mitigation to prevent unauthorized access and attacks.

💾 Daily Backups

Automated daily backups with point-in-time recovery capability. Backups are encrypted and stored in multiple locations.

🏢 Secure Hosting

Hosted on enterprise-grade infrastructure with 99.9% uptime SLA and SOC 2 compliance.

Application Security

  • Authentication: Secure session management with CSRF protection on all forms. Multi-factor authentication support for admin accounts.
  • Authorization: Role-based access control (RBAC) ensures users can only access data relevant to their role (SuperAdmin, Admin, Teacher, Student/Parent).
  • Data Isolation: Multi-tenant architecture with strict data separation. Each tuition centre's data is completely isolated from others.
  • Input Validation: All user inputs are validated and sanitized to prevent SQL injection, XSS, and other common attacks.
  • API Security: API endpoints are protected with token-based authentication (Laravel Sanctum) and rate limiting.

Payment Security

  • Payment processing is handled by PCI DSS compliant payment gateways
  • We never store credit card or debit card numbers on our servers
  • Payment data is tokenized and processed through secure, encrypted channels
  • Transaction verification and fraud detection mechanisms are in place

Data Privacy Practices

  • Encryption at Rest: Sensitive data is encrypted in our database
  • Minimal Data Collection: We only collect data necessary for service delivery
  • Access Logging: All access to sensitive data is logged and monitored
  • Employee Access: Strict access policies limit which team members can access production data
  • Data Deletion: Data is securely deleted when accounts are terminated

Incident Response

In the unlikely event of a security incident:

  • Affected users will be notified within 72 hours
  • The root cause will be investigated and documented
  • Corrective measures will be implemented immediately
  • A post-incident report will be shared with affected parties

Responsible Disclosure

If you discover a security vulnerability in our platform, please report it responsibly by contacting us at:

Email: info@tutionwale.in

We appreciate and recognize security researchers who help us keep our platform safe. Please do not exploit vulnerabilities or access data belonging to other users.

Questions?

If you have questions about our security practices, please contact us at:

Email: info@tutionwale.in
Phone: +91-8668370257