Legal

Security Policy

How we design, operate, and continuously improve security across the Kurspad platform.

Last Updated: June 2026

01

Introduction

At Kurspad, security is a fundamental part of how we design, develop, and operate our learning management platform.

We recognize the responsibility that comes with protecting educational records, student information, institutional data, and learning content. This Security Policy outlines the measures we take to safeguard information processed through the Kurspad platform.

This document is intended to provide transparency regarding our security practices and commitment to protecting customer data.

02

Security Principles

Kurspad's security program is built around the following principles:

  • Confidentiality of user and institutional data
  • Integrity of educational records and platform information
  • Availability of services and learning resources
  • Continuous monitoring and improvement of security controls
  • Compliance with applicable privacy and security requirements

03

Infrastructure Security

Kurspad utilizes professionally managed cloud infrastructure designed to provide high levels of reliability, scalability, and security.

Security controls may include:

  • Network segmentation
  • Firewall protection
  • Infrastructure monitoring
  • Redundant systems
  • Secure hosting environments
  • Availability protection mechanisms
  • Continuous system health monitoring

Access to production environments is restricted to authorized personnel with legitimate business needs.

04

Data Encryption

Kurspad employs encryption technologies to protect data in all states.

Data in Transit

All communications between users and Kurspad systems are encrypted using industry-standard Transport Layer Security (TLS). This includes:

  • User authentication
  • Platform usage
  • Data transfers
  • Administrative access

Data at Rest

Stored data may be encrypted using modern encryption standards designed to protect information against unauthorized access. Encryption protections may apply to:

  • Educational records
  • User account information
  • Uploaded documents
  • Database storage
  • Backups

05

Access Control

Kurspad follows the principle of least privilege. Access to systems and information is granted only when necessary to perform authorized responsibilities.

Security controls include:

  • Role-based access permissions
  • User authentication requirements
  • Administrative access restrictions
  • Session management controls
  • Audit logging
  • Access reviews

Institutions may assign permissions based on organizational roles such as:

  • Administrators
  • Teachers
  • Staff
  • Students
  • Parents or guardians

06

Authentication Security

To protect user accounts, Kurspad may implement:

  • Secure password requirements
  • Password hashing and storage protections
  • Account lockout protections
  • Suspicious login monitoring
  • Multi-factor authentication capabilities
  • Session expiration controls

Users are responsible for maintaining the confidentiality of their credentials.

07

Application Security

Security is integrated throughout the software development lifecycle. Security practices may include:

  • Secure coding standards
  • Code review procedures
  • Security testing
  • Vulnerability assessment
  • Dependency monitoring
  • Security patch management

Known security vulnerabilities are prioritized according to risk and addressed in a timely manner.

08

Monitoring and Logging

Kurspad maintains logging and monitoring systems designed to identify security issues and operational anomalies. Monitoring may include:

  • Authentication activity
  • Administrative actions
  • Platform performance
  • Security events
  • System errors
  • Unauthorized access attempts

Logs are retained for operational, security, auditing, and compliance purposes.

09

Backup and Disaster Recovery

Kurspad maintains backup procedures designed to support business continuity and data recovery. Measures may include:

  • Automated backups
  • Redundant storage systems
  • Recovery procedures
  • Infrastructure resiliency planning
  • Service restoration processes

Backup retention periods may vary based on operational requirements and customer agreements.

10

Data Retention and Deletion

Data is retained only for as long as necessary to:

  • Provide services
  • Maintain educational records
  • Fulfill contractual obligations
  • Comply with legal requirements

Upon contract termination, institutions may request export or deletion of eligible data in accordance with applicable agreements and retention requirements.

11

Third-Party Service Providers

Kurspad may engage trusted third-party providers to support platform operations. Providers are selected based on operational and security requirements and may include:

  • Cloud infrastructure providers
  • Payment processors
  • Communication services
  • Monitoring providers
  • Customer support systems

Third-party providers are expected to maintain appropriate security measures and contractual confidentiality obligations.

12

Employee Security Practices

Personnel with access to customer information are subject to internal security and confidentiality requirements. Security practices may include:

  • Access restrictions
  • Confidentiality obligations
  • Security awareness training
  • Role-based permissions
  • Ongoing security responsibilities

Access is limited to individuals who require it to perform authorized duties.

13

Incident Response

Kurspad maintains procedures for identifying, investigating, containing, and responding to security incidents. Response activities may include:

  • Incident detection
  • Risk assessment
  • Containment measures
  • Remediation efforts
  • Recovery procedures
  • Customer notification where appropriate

Where required by law or contractual obligations, affected institutions will be notified of material security incidents within a reasonable timeframe.

14

Vulnerability Reporting

We encourage responsible disclosure of security vulnerabilities. Individuals who discover potential security issues are encouraged to report them to us directly.

🔒security@kurspad.com

Reports should include sufficient information to allow investigation and verification.

We request that researchers avoid actions that may disrupt services, access unauthorized information, or affect customer data.

15

Customer Responsibilities

Institutions and users play an important role in maintaining security. Customers are responsible for:

  • Protecting account credentials
  • Using strong passwords
  • Managing user permissions appropriately
  • Reviewing access rights regularly
  • Reporting suspected security incidents promptly
  • Maintaining security of devices used to access Kurspad

16

Continuous Improvement

Security threats evolve continuously.

Kurspad regularly reviews and improves its security practices, technologies, and procedures to address emerging risks and maintain a secure learning environment.

17

Contact

For security-related questions or concerns, please reach out to us:

Kurspad Security Team