Your Data,
Our Top Priority
DPDP compliant, bank-grade encryption, and Indian data residency. We take security and privacy seriously so you don't have to worry.
Multi-Layered Security Architecture
Every layer designed to protect your sensitive educational data
DPDP Compliance
Fully compliant with India's Digital Personal Data Protection Act 2023
- Data processed only with explicit consent
- Right to access, correct, and delete data
- Clear data retention policies
- Breach notification within 72 hours
Bank-Grade Encryption
256-bit SSL encryption for all data in transit and at rest
- TLS 1.3 for all connections
- AES-256 encryption at rest
- Encrypted backups
- End-to-end encryption for sensitive data
Indian Data Residency
All your data is stored exclusively on servers in India
- Data centers in Mumbai & Bengaluru
- Complies with data localization requirements
- No cross-border data transfer
- Sovereign control over your data
Access Control
Advanced role-based access control and authentication
- Multi-factor authentication (MFA)
- Role-based permissions
- Session management
- Audit logs for all access
Privacy by Design
Privacy built into every feature from the ground up
- Minimal data collection
- Pseudonymization of student data
- No third-party data sharing
- Privacy impact assessments
Infrastructure Security
Enterprise-grade infrastructure with 99.9% uptime SLA
- Regular security audits
- Automated vulnerability scanning
- DDoS protection
- Regular penetration testing
Fully Compliant with India's DPDP Act 2023
We don't just meet compliance requirements—we exceed them to protect your rights
Purpose Limitation
We collect and use data only for specific, explicit educational purposes. No hidden agendas.
Data Minimization
We collect only what's necessary. If we don't need it for your teaching, we don't ask for it.
Accuracy
You have the right to correct any inaccurate data. We provide easy tools to manage your information.
Storage Limitation
Data is retained only as long as necessary. You can request deletion at any time.
Integrity & Confidentiality
Your data is protected with state-of-the-art security measures and access controls.
Accountability
We're responsible for compliance and can demonstrate it through regular audits and reports.
Your Rights Under DPDP
Right to Access
You can request a copy of all your personal data we hold at any time.
Right to Correction
You can update or correct any inaccurate information about you.
Right to Erasure
You can request deletion of your data, and we'll comply within 30 days.
Right to Portability
You can export your data in a standard format to use elsewhere.
Right to Withdraw Consent
You can withdraw consent for data processing at any time.
Right to Grievance Redressal
You can file complaints about data handling with our Data Protection Officer.
Committed to Global Security Standards
Our roadmap includes industry-leading certifications
DPDP Act 2023
Full compliance with India's data protection law
IT Act 2000
Compliant with Indian IT regulations
ISO 27001
International information security standard
SOC 2 Type II
Security, availability, and confidentiality controls
Have Questions About Data Protection?
Our dedicated Data Protection Officer is here to address all your privacy and security concerns.
Contact Our DPO:
Email: dpo@brightschool.ai
Response Time: Within 48 hours
Grievance Redressal: Escalations handled within 30 days as per DPDP Act
Security Best Practices for Users
While we protect your data, here's how you can stay even safer
Do Enable MFA
Always enable multi-factor authentication for an extra layer of security on your account.
Do Use Strong Passwords
Create unique, complex passwords with a mix of letters, numbers, and symbols.
Do Review Permissions
Regularly review what data you're sharing and with whom within your school.
Do Report Issues
If you notice anything suspicious, report it to our security team immediately.
Your Data is Safe With Us
Start using BrightSchool AI with confidence. DPDP compliant, secure, and built for Indian schools.