Security Policy.

Effective Date: 01.08.2025

Last Updated: 21.08.2025

At thegurucool.ai, the security of your data is our top priority. We are committed to protecting the personal and professional information of teachers, school leaders, and all users of our platform through best-in-class technical safeguards and responsible data practices.

1. Infrastructure Security

  • Cloud Hosting: Our platform is hosted on industry-leading cloud infrastructure (AWS) with built-in physical and network security.

  • Data Centers: All data is stored in secure, access-controlled environments that comply with international standards.

  • Redundancy & Uptime: Our systems are designed for high availability and fault tolerance.

2. Data Encryption

  • In Transit: All data transmitted between your device and our servers is encrypted using HTTPS with TLS 1.3.

  • At Rest: Sensitive user data is encrypted before storage using strong encryption algorithms (e.g., AES-256).

  • Password Storage: Passwords are hashed using industry-standard algorithms (e.g., bcrypt). We never store plaintext passwords.

3. Access Controls

  • Role-Based Access Control (RBAC): Internal access to user data is limited to authorized personnel based on their roles and responsibilities.

  • Authentication: User accounts are protected by strong password requirements and session management protocols.

  • Monitoring: Access logs are actively monitored for unusual or unauthorized activity.

4. Backups & Disaster Recovery

  • Automated Backups: Regular encrypted backups are performed to protect against data loss.

  • Disaster Recovery: We maintain recovery procedures to ensure business continuity in the event of a system failure.

5. Application Security

  • Secure Development Lifecycle: Code is reviewed and tested to prevent vulnerabilities like XSS, CSRF, and SQL injection.

  • Third-Party Audits: We plan to engage external security experts to perform penetration testing and security reviews prior to full platform launch.

  • API Security: All public APIs are rate-limited, authenticated, and logged.

6. Compliance & Data Privacy

  • PDPA (Singapore): We adhere to the Personal Data Protection Act for the collection, use, and disclosure of personal data.

  • GDPR Alignment: We follow key principles of the GDPR, including user consent, data minimization, and the right to access and delete data.

  • Data Localization (if required): We can accommodate specific country-level hosting and storage requirements where necessary.

7. Responsible Disclosure

We welcome responsible disclosure of security vulnerabilities. If you believe you’ve discovered a security issue on our platform, please contact us at:

admin@thegurucool.ai

Please include a clear description and steps to reproduce the issue. We take all reports seriously and will respond promptly.

8. Ongoing Improvements

Security is never “done.” As we grow, we will:

  • Continuously monitor and patch vulnerabilities

  • Train our team on secure coding and data handling

  • Invest in third-party audits and certifications as appropriate

Contact

If you have any concerns or questions about our security practices, please contact us here.