Access control
- Role-based permissions — granular permissions synced across every module via a central registry.
- Role templates — apply permission sets quickly for teachers, bursars, registrars, and more.
- Workspace isolation — admins, teachers, and class teachers switch contexts without shared UI clutter.
- Portal middleware — students and parents only see data linked to their accounts.
Authentication
- Laravel Fortify with secure password hashing
- Two-factor authentication (optional per user)
- Idle session lock with animated lock screen — configurable timeout in school settings
- Account status checks and forced password reset flows
Data protection
- HTTPS recommended for all production deployments
- Cookie consent with essential/functional/analytics categories
- Medical and counselling records restricted to authorized welfare staff
- Audit-friendly activity logging across sensitive operations
Operational security
Deploy on your own infrastructure for full data sovereignty. Store credentials in server-side environment configuration, never commit secrets to source control, and follow our production checklist for cache, queue, and backup policies.