SECURITY
FIRST.
Student records and school data are sensitive. We engineer Sirath with security at every layer — not as an afterthought.
Encrypted at Rest & in Transit
All data is encrypted at rest using AES-256. All network communication uses TLS 1.2+. Credentials are hashed using bcrypt. Refresh tokens are stored securely.
Role-Based Access Control
Sirath has 10 system roles with fine-grained module permissions. Super Admins, School Admins, Teachers, and Parents each have precisely scoped access — no over-privileged accounts.
Authentication Security
Phone OTP authentication with JWT + short-lived refresh tokens. Sessions expire automatically. No password storage. All tokens are cryptographically signed.
Data Isolation
Each organization's data is fully isolated. Multi-tenancy is enforced at the database query level. One organization cannot access another's data through any path.
Audit Logging
Critical admin actions are logged with actor, timestamp, and context. Audit trails help administrators review changes and maintain accountability.
Infrastructure Security
Hosted on enterprise cloud infrastructure with automated backups, uptime monitoring, and disaster recovery. Database and application servers are in private networks.
RESPONSIBLE
DISCLOSURE.
If you discover a security vulnerability, please report it to us privately. We commit to responding within 48 hours and will not take legal action against good-faith researchers.
[email protected] →Please include: affected endpoint, steps to reproduce, potential impact, and your contact information. Do not access user data beyond what is necessary to demonstrate the issue.