Security

Your School's Data Is Protected

We treat student and school data with the highest level of security and privacy. Enterprise-grade protection built for the Indian education system.

AES-256 Encryption
India-Based Servers
99.95% Uptime SLA
No Data Selling
Our Commitments

Security Certifications & Standards

DPDP Compliant
India's Digital Personal Data Protection Act
TLS 1.3 in Transit
All data encrypted in motion
AES-256 at Rest
Strong encryption for stored data
India Data Residency
All data stored in Indian data centres
Role-Based Access
Granular permissions. Least privilege model.
Audit Logs
Every action is logged and timestamped
Annual Pen Testing
Third-party penetration tests yearly
Zero Data Selling
We never sell or share data with third parties
Security Architecture

How We Protect Your School

Data Encryption

  • TLS 1.3 for all data in transit
  • AES-256 for all data at rest
  • Database-level encryption on all student records
  • Secure key management with rotation
  • Backups are encrypted before storage

Access Control

  • Multi-factor authentication (MFA)
  • Role-based permissions (Principal, Teacher, Admin)
  • Session timeout after inactivity
  • IP allowlisting for admin accounts
  • Complete audit trail of all changes

Infrastructure Security

  • Hosted on India-based cloud (Azure India)
  • Multi-tenant isolation (your data, your school only)
  • Daily automated backups, 90-day retention
  • Web Application Firewall (WAF)
  • DDoS protection at network level

Monitoring & Response

  • 24/7 automated security monitoring
  • Anomaly detection and alerting
  • Security incident response team
  • Breach notification within 72 hours
  • Regular vulnerability scanning

Third-Party Audits

  • Annual penetration testing by certified firms
  • Independent code review for critical modules
  • Vendor security assessments
  • Compliance review against DPDP Act
  • Audit reports available on request

Student Data Protection

  • Student data never sold to third parties
  • Data minimisation — we collect only what we need
  • Parental consent workflows for sensitive data
  • Right to erasure — full data deletion on request
  • Compliant with India's DPDP Act 2023
FAQ

Security Questions Answered

Where is our school's data stored?

All ExamActive data is stored in Microsoft Azure data centres located in India (Central India and South India regions). No data is stored or transferred outside India without explicit customer consent.

Can our data be accessed by ExamActive employees?

Strict access controls mean only essential engineering and support staff can access school data, and only when required for support purposes. All such accesses are logged and audited. Support staff cannot access exam questions or student results without a specific support ticket..

What happens to our data if we cancel?

You can export all your data at any time in standard formats (CSV/Excel/PDF). After account closure, we retain data for 90 days for potential reinstatement, then permanently delete all data. We provide written confirmation of deletion on request.

How do you handle a security breach?

In the event of a security incident, we follow a documented incident response plan. Affected customers are notified within 72 hours as required by the DPDP Act. We provide detailed reports on what happened, what data was affected, and what corrective actions were taken.

Is ExamActive DPDP Act compliant?

Yes. ExamActive is designed in compliance with India's Digital Personal Data Protection (DPDP) Act 2023. This includes consent management, data minimisation, purpose limitation, and right-to-erasure implementations. We publish annual transparency reports.

Questions About Security? We're Happy to Chat.

Our security team can provide detailed documentation, compliance reports, and custom security assessments.

Contact Security Team Book a Demo