WhatsApp Us
Security

Data Protection & Theft Prevention

Last updated: January 1, 2025

How we protect your data

We treat your school's data with the highest level of security and responsibility.

256-bit AES Encryption

All data at rest and in transit is encrypted using industry-standard 256-bit AES encryption.

Secure Cloud Infrastructure

Hosted on ISO 27001 certified data centers with redundant backup systems.

Access Control

Role-based access ensures only authorized staff can view or modify sensitive data.

Regular Security Audits

Our systems undergo regular penetration testing and security audits by third-party experts.

Breach Notification

In the unlikely event of a data breach, we notify affected schools within 72 hours.

Data Ownership

Your school's data is 100% yours. We never sell, share, or use it for any commercial purpose.

1. Data We Collect

Mera School collects and processes only the data necessary to operate the school management system: - Student information: name, date of birth, class, parent/guardian contact - Staff information: name, designation, contact details - Financial data: fee records, payment history - Academic data: attendance, exam results, grades - User login credentials (encrypted)

2. Data Storage & Location

All data is stored on secure cloud servers located in Pakistan or within jurisdictions compliant with international data protection standards. We use encrypted databases with access controls and audit logs.

3. Data Theft Prevention

We implement multiple layers of protection against unauthorized access: - Two-factor authentication (2FA) available for all admin accounts - Session timeouts and automatic logouts - IP whitelisting for administrative access - Real-time monitoring for suspicious activity - Rate limiting on all API endpoints - Regular vulnerability assessments

4. Staff Access Controls

Access to school data is strictly role-based: - School admins can access all data for their school - Teachers can only access their assigned classes - Parents can only see their own child's data - Mera School staff have no access to your data unless you grant support access for troubleshooting

5. Data Retention & Deletion

Your data is retained for the duration of your subscription and for 90 days after cancellation to allow data export. After 90 days, all data is permanently deleted from our systems. You can request immediate deletion by contacting our support team.

6. Third-Party Services

We integrate with limited third-party services (SMS gateways, payment processors) that are bound by their own data protection policies. We do not share your data with third parties for marketing or analytics purposes.

7. Reporting a Security Issue

If you discover a security vulnerability or suspect unauthorized access to your data, please contact us immediately at security@meraschool.app. We take all reports seriously and respond within 24 hours.