Trust

Security & compliance

Safeguarding student data is non-negotiable. MySchoolPilot is built with defense-in-depth from the ground up.

Access control

  • Role-based permissions — granular permissions synced across every module via a central registry.
  • Role templates — apply permission sets quickly for teachers, bursars, registrars, and more.
  • Workspace isolation — admins, teachers, and class teachers switch contexts without shared UI clutter.
  • Portal middleware — students and parents only see data linked to their accounts.

Authentication

  • Laravel Fortify with secure password hashing
  • Two-factor authentication (optional per user)
  • Idle session lock with animated lock screen — configurable timeout in school settings
  • Account status checks and forced password reset flows

Data protection

  • HTTPS recommended for all production deployments
  • Cookie consent with essential/functional/analytics categories
  • Medical and counselling records restricted to authorized welfare staff
  • Audit-friendly activity logging across sensitive operations

Operational security

Deploy on your own infrastructure for full data sovereignty. Store credentials in server-side environment configuration, never commit secrets to source control, and follow our production checklist for cache, queue, and backup policies.

Read about GDPR & data rights →