Security at PathPilot India

We take the security of your family's data seriously. Here's how we protect the information you trust us with.

Data Encryption

All data transmitted between your browser and our servers is encrypted using TLS 1.3. Data stored in our database is encrypted at rest using AES-256. Passwords are hashed using bcrypt with a salt factor of 12 — we never store plaintext passwords.

Authentication & Access Control

We use Supabase Auth for secure session management with JWT tokens. Role-based access control (RBAC) ensures students, parents, and admins can only access data relevant to their role. All API endpoints enforce Row-Level Security (RLS) at the database layer.

Privacy by Design

We collect only the data necessary to provide our service. We do not store Aadhaar numbers or any government identity documents. Parents can only view data for students they are explicitly linked to. All profile data can be exported or deleted at any time.

Infrastructure Security

PathPilot India is hosted on Supabase's cloud infrastructure in compliance with Indian data localization requirements. We use automated security scanning, regular dependency updates, and penetration testing. Our infrastructure is protected by enterprise-grade firewalls and DDoS mitigation.

Incident Response

In the event of a security breach, we will notify affected users within 72 hours as required by applicable data protection laws. We maintain an incident response plan and conduct quarterly security reviews. All security events are logged and monitored.

Responsible Disclosure

If you discover a security vulnerability, please report it to security@pathpilotindia.com. We take all reports seriously and will acknowledge receipt within 24 hours. We ask that you do not publicly disclose the issue until we have had a chance to address it.

Our Security Commitments

  • No Aadhaar numbers or government IDs are stored on our platform
  • Parent accounts can only access data for linked children (with student approval)
  • All admin actions are logged in our audit trail
  • User data is never sold to third parties
  • You can request full data export or deletion at any time
  • We comply with India's Information Technology Act, 2000 and IT (Amendment) Act, 2008

Questions about security? security@pathpilotindia.com

Privacy PolicyTerms of ServiceData Deletion