Trust & Security

SecurityBuilt-in, always-on, and accountable.

SquareCampus is a school OS and school management platform built for student data security—combining data residency in India, encryption, audit trails, and continuous monitoring to protect daily campus operations. It is the foundation for operational trust when teams are under pressure.

Encryption everywhere

TLS 1.3 in transit, AES-256 at rest, keys rotated.

Observable & auditable

Immutable audit logs across admin, finance, and student data.

Zero trust posture

MFA, RBAC, IP controls, and least-privilege by design.

Operational posture

India data residency, quarterly DR drills, and a defined breach notification policy backed by a dedicated response team.

Committed

Uptime SLA

Defined

Breach notify

India

Data residency

External VAPT annually + continuous monitoring.

Security Infrastructure

Multi-layered security architecture protecting your institution's data at every level.

Data Encryption

Bank-grade encryption protecting your data at every layer

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Encrypted database backups
  • Key rotation and management protocols

Access Controls

Granular permissions ensuring only authorized access

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • IP whitelisting for admin access
  • Session management and auto-logout

Audit & Monitoring

Complete visibility into every action and change

  • Immutable audit logs for all data changes
  • Continuous security monitoring and alerts
  • Real-time threat detection
  • Automated anomaly detection

Data Residency

Your data stays in India, under Indian jurisdiction

  • All data stored in India (AWS Mumbai / Azure India)
  • No cross-border data transfers by default
  • Compliance with data localization norms
  • Option to choose specific data center regions

Backup & Recovery

Reliable disaster recovery to protect against data loss

  • Daily automated backups with encryption
  • Uptime SLA commitments with redundancy
  • Point-in-time recovery capabilities
  • Tested disaster recovery procedures

Incident Response

Rapid response protocols for security events

  • Defined breach notification protocol
  • Dedicated incident response team
  • Clear escalation procedures
  • Post-incident analysis and reporting

Internal Operational Security

Security is not only about the platform. We apply operational controls across devices, identity, and data-sharing to support enterprise procurement and RFP requirements.

Device & Endpoint Security

We use enterprise-grade endpoint management and endpoint protection to secure the devices that access your data.

  • Company-managed laptops enrolled in UEM/MDM
  • Full-disk encryption enforced (e.g., FileVault or BitLocker)
  • Endpoint detection and response (EDR) on corporate endpoints
  • Controlled browser and SaaS access policies to reduce data leakage
  • Remote device lock and wipe on loss or exit
  • USB/external storage restrictions where applicable for sensitive roles

Identity & Access Controls

Access is tightly governed to help ensure only the right people can reach sensitive systems and data.

  • MFA enforced for internal and administrative access
  • Least-privilege access with role-based controls
  • Separation of duties for billing, finance, and admin workflows
  • Offboarding controls: access revoked, tokens rotated, and device wipe for company-owned assets
  • Conditional access based on device compliance posture

Data Loss Prevention & Secure Sharing

Policies and monitoring help prevent accidental exposure of student PII and sensitive exports.

  • Guardrails to reduce accidental sharing of student data
  • DLP rules can block uploads of sensitive exports to personal email or drives where applicable
  • Audit logs for export and download operations
  • Secure sharing workflows designed to keep data within approved channels

Compliance Framework

Built to align with Indian data protection regulations and industry standards.

Digital Personal Data Protection Act (DPDPA) 2023

Aligned

Our platform is designed to align with India's primary data protection legislation, with controls for consent, data subject rights, and processing transparency.

IT Act 2000 & IT Rules

Compliant

We maintain compliance with Indian information technology regulations, including reasonable security practices for sensitive personal data.

RBI Payment Guidelines

Compliant

Payment processing aligns with Reserve Bank of India guidelines for digital transactions, UPI, and card payments.

ISO 27001 (In Progress)

Ready

We are pursuing ISO 27001 certification for information security management systems, with current practices aligned to the standard.

Regular Security Audits

We conduct annual third-party Vulnerability Assessment and Penetration Testing (VAPT) to identify and address potential security vulnerabilities before they become issues.

Your Data, Your Control

We believe you should have complete control over your institutional data.

Data Portability

Export your complete data anytime in standard formats. No lock-in, no hassle.

Right to Deletion

Request deletion of student or staff data in compliance with DPDPA and institutional policies.

Access Transparency

Complete audit logs showing who accessed what data, when, and why.

Data Processing Agreement

Clear contractual commitments on how we process and protect your data.

Security Assurance & Documentation

We can provide security documentation and supporting materials under NDA to help with procurement, vendor assessments, and onboarding.

Available on request

  • Security architecture overview
  • Data flow diagram
  • Subprocessor list
  • Incident response process summary
  • Pen-test/VAPT summary letter (available upon completion of the latest assessment)
  • Vendor security questionnaire support

Request the security packet

We share documentation, summaries, and answers to vendor security questionnaires within one business day.

Request Security PacketTalk to Sales

Legal & policy documents

Public policy documents remain available for review at any time.

Privacy PolicyData Processing AddendumTerms of Service

Security FAQ

Quick answers for procurement teams, IT leaders, and administrators.

Where is data hosted?View

SquareCampus is hosted in India by default, with data residency in India and no cross-border transfers unless explicitly requested.

How is data encrypted?View

We use TLS 1.3 for data in transit and AES-256 for data at rest, including encrypted backups and regular key rotation.

Who can access data?View

Access is role-based and least-privileged. Only authorized staff with MFA can reach administrative systems, and all access is logged.

What happens if a device is lost?View

Company-managed devices can be locked or wiped remotely, and access tokens are revoked to prevent further access.

Do you support vendor security questionnaires?View

Yes. We provide questionnaire support and can share security documentation and summaries on request.

Need a security review or have questions?

Our team can walk you through our security architecture, provide audit reports, or arrange a dedicated security review for your institution's requirements.

Email Security Team

Security Disclosure: If you discover a security vulnerability in SquareCampus, please report it to security@squarecampus.com. We take all reports seriously and will respond promptly. We appreciate responsible disclosure and will work with you to address any issues promptly.