At thegurucool.ai, the security of your data is our top priority. We are committed to protecting the personal and professional information of teachers, school leaders, and all users of our platform through best-in-class technical safeguards and responsible data practices.
1. Infrastructure Security
- Cloud hosting: Our platform is hosted on industry-leading cloud infrastructure (AWS) with built-in physical and network security.
- Data centres: All data is stored in secure, access-controlled environments that comply with international standards.
- Redundancy and uptime: Our systems are designed for high availability and fault tolerance.
2. Data Encryption
- In transit: All data transmitted between your device and our servers is encrypted using HTTPS with TLS 1.3.
- At rest: Sensitive user data is encrypted before storage using strong encryption algorithms (e.g., AES-256).
- Password storage: Passwords are hashed using industry-standard algorithms (e.g., bcrypt). We never store plaintext passwords.
3. Access Controls
- Role-based access control (RBAC): Internal access to user data is limited to authorised personnel based on their roles and responsibilities.
- Authentication: User accounts are protected by strong password requirements and session management protocols.
- Monitoring: Access logs are actively monitored for unusual or unauthorised activity.
4. Backups and Disaster Recovery
- Automated backups: Regular encrypted backups are performed to protect against data loss.
- Disaster recovery: We maintain recovery procedures to ensure business continuity in the event of a system failure.
5. Application Security
- Secure development lifecycle: Code is reviewed and tested to prevent vulnerabilities like XSS, CSRF, and SQL injection.
- Third-party audits: We plan to engage external security experts to perform penetration testing and security reviews prior to full platform launch.
- API security: All public APIs are rate-limited, authenticated, and logged.
6. Compliance and Data Privacy
- PDPA (Singapore): We adhere to the Personal Data Protection Act for the collection, use, and disclosure of personal data.
- GDPR alignment: We follow key principles of the GDPR, including user consent, data minimisation, and the right to access and delete data.
- Data localisation: We can accommodate specific country-level hosting and storage requirements where necessary.
7. Responsible Disclosure
We welcome responsible disclosure of security vulnerabilities. If you believe you have discovered a security issue on our platform, please contact us at admin@thegurucool.ai.
Please include a clear description and steps to reproduce the issue. We take all reports seriously and will respond promptly.
8. Ongoing Improvements
Security is never done. As we grow, we will:
- Continuously monitor and patch vulnerabilities
- Train our team on secure coding and data handling
- Invest in third-party audits and certifications as appropriate
Contact
If you have any questions or concerns about our security practices, please contact us here.