Inter-College
Start Free Trial
Enterprise-Grade Security

Security & Compliance

Your school's data is precious. Inter-College is built from the ground up with security, privacy, and compliance as core design principles — not afterthoughts.

AES-256 Encrypted
DPDP Act Compliant
SOC 2 In Progress
AWS Mumbai
99.9% Uptime SLA
Daily Backups
RBAC Enforced
Penetration Tested

Data Encryption

At Rest & In Transit

All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Database backups are encrypted with separate keys. Sensitive fields like Aadhaar numbers and bank details use application-level encryption with per-tenant keys.

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 for all data in transit
  • Per-tenant encryption keys for sensitive fields
  • Encrypted database backups with separate key management
  • HTTPS enforced across all endpoints and portals

DPDP Act 2023 Compliance

India's Data Protection Law

Inter-College is fully compliant with the Digital Personal Data Protection Act, 2023. We implement purpose limitation, data minimization, and provide tools for schools to manage consent and data subject requests from parents and students.

  • Lawful purpose for all data processing activities
  • Consent management tools for parent and student data
  • Data subject request handling (access, correction, deletion)
  • Data Processing Agreements available for all schools
  • Regular privacy impact assessments

SOC 2 Readiness

Audit in Progress

We are actively working toward SOC 2 Type II certification. Our security controls, monitoring, and incident response processes are designed to meet the Trust Services Criteria for security, availability, and confidentiality.

  • SOC 2 Type II audit in progress (expected Q3 2026)
  • Controls mapped to Trust Services Criteria
  • Continuous monitoring and alerting infrastructure
  • Formal incident response and escalation procedures
  • Annual penetration testing by certified third parties

Cloud Infrastructure

AWS Mumbai Region

Inter-College runs on Amazon Web Services (AWS) in the Mumbai (ap-south-1) region, ensuring data residency within India. We use auto-scaling, multi-AZ deployments, and containerized microservices for reliability and performance.

  • AWS Mumbai (ap-south-1) — data stays in India
  • Multi-AZ deployment for high availability
  • Auto-scaling to handle exam-result traffic spikes
  • Container orchestration with health checks
  • 99.9% uptime SLA for all plans

Backup & Disaster Recovery

Never Lose a Record

Automated daily backups with point-in-time recovery capability. Backups are stored in a separate AWS region for geographic redundancy. Our disaster recovery plan ensures service restoration within 4 hours (RTO) with less than 1 hour of data loss (RPO).

  • Automated daily backups with 30-day retention
  • Point-in-time recovery for database restoration
  • Cross-region backup storage for geographic redundancy
  • 4-hour Recovery Time Objective (RTO)
  • 1-hour Recovery Point Objective (RPO)

Role-Based Access Control

Principle of Least Privilege

Every user in Inter-College has a specific role with precisely defined permissions. Principals, teachers, accountants, and parents each see only what they need. Multi-tenant architecture ensures complete data isolation between schools.

  • Granular role definitions (Admin, Teacher, Accountant, Parent, etc.)
  • Custom permission sets for unique school requirements
  • Multi-tenant data isolation — schools never see each other's data
  • Audit logs for all sensitive operations
  • Session management with automatic timeout

Additional Security Measures

Beyond the six core pillars, here is what else we do to keep your data safe.

Vulnerability Management

Automated dependency scanning, code analysis with SAST tools, and a responsible disclosure program for external researchers.

Employee Security

Background checks for all employees. Security awareness training quarterly. Access to production systems limited to senior engineers only.

Secure Development

Code reviews required for all changes. Automated test suites. Staging environment that mirrors production for pre-release validation.

DDoS Protection

CloudFront CDN and AWS Shield protect against distributed denial-of-service attacks. Rate limiting on all API endpoints.

Data Residency

All primary and backup data stored in AWS Mumbai region (ap-south-1). No data leaves India. Compliant with data localization norms.

Incident Response

24-hour incident response team. Documented runbooks for all critical scenarios. Post-incident reviews with root cause analysis shared with affected customers.

Frequently Asked Questions

Where is my school's data stored?

All data is stored in AWS Mumbai (ap-south-1) region. Backups are replicated to a separate AWS region within India. No data leaves the country.

Can other schools see my data?

Absolutely not. Inter-College uses a multi-tenant architecture with complete schema-level data isolation. Each school's data is stored in a separate database schema with no cross-access possible.

What happens if I want to stop using Inter-College?

You can export all your data at any time in standard formats (CSV, Excel, PDF). Upon contract termination, we provide a complete data export and permanently delete all your data within 30 days, with written confirmation.

Is Inter-College compliant with DPDP Act 2023?

Yes. We implement all requirements of the Digital Personal Data Protection Act including purpose limitation, consent management, data minimization, and tools for handling data principal rights requests.

Do you conduct security audits?

Yes. We conduct annual penetration testing through certified third-party auditors. We also run continuous automated vulnerability scanning and have a SOC 2 Type II audit in progress.

Your school's data deserves the best protection

Join 500+ schools that trust Inter-College with their most sensitive data.

Start Free Trial Request Security Whitepaper