Introduction
This Security Policy governs your use of Smart School App ("the Platform"), a multi-tenant School Management SaaS operated by Raei Technologies ("we", "us", "our") from Bangalore, Karnataka, India. By registering, subscribing to, or otherwise accessing the Platform you agree to this document. If you do not agree, please stop using the Platform.
Data Encryption
All network traffic uses TLS 1.2 or higher. Data at rest is stored on encrypted volumes provided by our cloud infrastructure partner.
Password Hashing
Passwords are hashed using industry-standard one-way algorithms with a per-user salt. Plain-text passwords are never stored, logged or transmitted to us.
Role-Based Access Control
The Platform enforces fine-grained role-based access control. Each user is granted only the minimum permissions necessary for their role (Super Admin, School Admin, Principal, Accountant, Class Teacher, Subject Teacher, Parent, Student, etc.).
Multi-Tenant Isolation
Every table that holds school data is protected by Postgres Row Level Security. Queries are automatically scoped to the signed-in user's school, so one tenant cannot read or modify another tenant's data even in the event of an application bug.
Database Security
Database access is restricted to a small number of authorised engineers using short-lived credentials. All administrative queries are logged and reviewed.
Secure Backups
Backups are encrypted at rest and are stored in a separate account with restricted access. Restoration is tested periodically.
Audit Logs
Sensitive actions (login, permission changes, fee payments, mark entry, data exports) are recorded in an append-only audit log with actor, timestamp and IP address.
API Security
Every request to the Platform is authenticated using a signed bearer token issued after successful sign-in. Rate-limits and abuse detection protect against brute-force attacks.
Secure Authentication
We support email and password sign-in with strong password rules, optional one-time passwords (OTP) delivered by email or SMS, and single-sign-on via approved identity providers where applicable.
Responsible Disclosure
If you believe you have found a security vulnerability, please report it in confidence to support@raeitech.com. We will acknowledge within two (2) business days and work with you to remediate.
Contact Us
Questions, requests, or concerns about this document can be sent to us:
- Company: Raei Technologies
- Address: Bangalore, Karnataka, India
- Email: support@raeitech.com
- Website: https://app.raeitech.com