Security & compliance

Enterprise-grade security for global education

ez.school is built on a true enterprise security foundation: role-based access, activity logs, encryption, consent and strict per-institution isolation — so institutions can adopt it with confidence.

Core controls

Security that maps to how reviews actually work

A clear, layered model — so your security review is predictable, not a guessing game.

Role-based access control

Built-in roles, 80+ granular permissions and per-user overrides. Every screen and action is gated; the right people see exactly what they should.

Audit trails & sessions

Sensitive actions are logged with who/what/when. Active sessions are visible and revocable, with forced password change where required.

Encryption in transit & at rest

TLS for all traffic and encrypted storage for data and documents. Secrets and credentials are never exposed to non-owner roles.

Privacy & consent (DPDP/GDPR)

An explicit consent ledger for sensitive data (e.g. biometric attendance). No consent, no capture — recorded and revocable per person.

Strict institution isolation

Every institution runs on its own isolated database. Access across institutions is impossible by design and verified at every layer.

Immutability & period locks

Attendance and exam periods can be locked and payroll-frozen. Locked records reject edits — even via approvals — preserving an audit baseline.

Backups & recovery

Regular backups with recovery practices suited to institutional continuity, so a bad day never becomes a lost term.

Public verification

Certificates and ID cards carry signed QR codes anyone can verify — institution-specific, revocation-aware and rate-limited.

Compliance mapping

A practical control checklist

Share with your committee or review team — control areas and how ez.school covers them.

Control areaCoverage in ez.school
Access controlRole-based privilege defaults for admins, staff, students and parents; per-user overrides.
Audit & monitoringLogs for critical actions (logins, edits, issuance) suitable for investigations and reviews.
Data protectionEncryption in transit (TLS) and at rest for stored records and documents.
Data privacyConsent ledger for sensitive capture; secret values write-only and redacted from non-owner roles.
Institution isolationA dedicated database per institution; requests across institutions are rejected; ownership is enforced on every record.
Backup & recoveryRegular backups and recovery practices aligned to institutional continuity needs.
Identity integrationOptional SSO and directory alignment for campus-wide identity.

Specific certification needs? Talk to us about your jurisdiction and review requirements.

Certifications & assurance

Standards we build to — stated honestly

What is supported in the product today, where our controls map to a framework, and what formal attestation is underway.

  • GDPRSupported today

    Consent ledger, data-subject and retention workflows in product

  • India DPDPSupported today

    Purpose-limited capture, consent and revocation in product

  • Data residencySupported today

    Per-institution isolation with region options

  • ISO 27001Controls aligned

    Controls mapped to the standard

  • SOC 2In progress

    Formal third-party attestation planned

Statuses are current and updated as attestations complete — we never list a certification we have not been awarded.

The architecture question

Isolation that is structural, not just policy

Most multi-tenant school software keeps every customer in shared tables and relies on a filter — one missing clause away from showing another school's students. ez.school takes the stricter path: every institution runs on its own dedicated database. There is no shared student table to filter, no cross-institution query to get wrong. A request from one institution physically cannot read another's records.

This is also why groups trust the platform: each campus is isolated from its siblings by the same mechanism that isolates it from strangers — while reporting stays comparable because every campus runs the same model.

For review teams

Run your security review — we make it fast

Send your questionnaire

RFP security sections, review checklists, jurisdiction-specific questions — send them as they are.

Controls on real screens

A walkthrough maps each answer to the live control — roles, audit trails, locks — not to a slide.

Evidence for your file

You leave with the control checklist, isolation explanation and posture statements your committee needs.

Mention “security review” when you contact us and your questionnaire takes the fast lane.

Adopt ez.school with confidence

Bring your security checklist — we'll walk through the controls on real screens.