Trust by construction, not by promise.

India-resident — your cloud, your choice

Indian institution data is hosted entirely within India. Deploy on AWS, Google Cloud, Azure, or your own private cloud.

GCC-resident — your cloud, your choice

GCC institution data stays in the Middle East. Choose from AWS, Google Cloud, Azure, or a private data centre.

On-premise & private cloud

Fully on-premise and private-cloud deployments supported — same codebase, your hardware, your network boundary.

TLS 1.2+ in transit, AES-256 at rest

All traffic uses TLS 1.2 or higher. Databases, object storage, and backups are encrypted at rest with customer-isolated keys.

Multi-tenant by design

Every record carries an InstitutionId enforced at the database layer. Application bugs cannot leak data across institutions.

Encrypted, geo-redundant

Daily encrypted backups retained for 35 days. Point-in-time recovery available for the last 7 days, stored in a separate region.

Role-based access

• Granular roles per module — Admissions, Academics, Fees, HR, Payroll
• Per-class and per-section scoping
• Optional SSO via Google Workspace and Microsoft 365
• Optional MFA for administrative roles

Operator access controls

• Production access limited to a small, named on-call team
• Mandatory MFA on all internal systems
• Every action logged with operator identity
• Access revoked within 1 business day of role change or exit

Private VPC, WAF protected

Production runs inside a private VPC. CDN + WAF in front of all public endpoints. No direct internet exposure for application servers.

SAST + SCA in CI

Every pull request runs static analysis and dependency scanning. Findings above a severity threshold block merge.

Continuous monitoring

Container images and OS packages scanned daily. Critical issues patched within 72 hours.

RPO < 1h, RTO < 4h

Recovery Point Objective under 1 hour, Recovery Time Objective under 4 hours. Tested annually.