Trust & Security
How we keep your study data safe and secure.
🔐 How Your Data Is Protected
Encryption at Rest
Your most sensitive data — teacher feedback notes and date of birth — are encrypted using military-grade AES-256 encryption. This means even if our database were accessed by an unauthorized person, they would not be able to read your personal information without the encryption keys. Your study notes, exam results, and progress are stored securely on encrypted servers.
Encryption in Transit
All communication between your device and SuperStudies is encrypted using HTTPS/TLS. This means your data cannot be intercepted or read while traveling over the internet. Your login credentials and study sessions are protected from the moment you connect.
Secure Deletion
When you delete data from SuperStudies, it's permanently removed from our systems — not just hidden. Parents can request complete deletion of their child's account and all associated data at any time. We don't keep secret copies or archive deleted personal information beyond our disaster recovery window.
👁️ Content Safety Guardrails
SuperStudies uses AI-powered guardrails to keep your study environment safe and appropriate:
Profanity Filtering
Inappropriate language is detected and flagged. We maintain a safe, respectful learning environment for all students.
Prompt Injection Detection
We detect attempts to manipulate the AI tutor into behaving inappropriately. The AI stays focused on education.
Personal Information Detection
The system detects if you accidentally share email addresses, phone numbers, or other PII. We warn you before sending such data.
CBSE Board-Focused Scope
The AI tutor is trained to help with CBSE Board subjects. Questions far outside curriculum scope are gently redirected to learning.
🔑 Who Can Access What
Your Study Data
Only you can see your own study sessions, notes, and exam results. Your conversations with the AI tutor are private to you.
Student Uploaded Data
Your personal study data — such as student notes, teacher feedback, exam results, and progress — is kept private. Teachers/tutors can only view feedback notes they wrote. They cannot see other teachers' notes, other students' data, or your private study sessions.
Parent/Guardian Access
Parents can only see their child's progress and grades. They cannot access your conversation history with the AI tutor (respecting your privacy as you grow older). Parents can request their child's data or delete the account entirely.
🛡️ Account Security
🔑 Passwordless by Design
SuperStudies uses email magic links — there are no passwords on our platform, period. When you want to sign in, we send a unique, time-limited link to your email. Click it and you're in.
This is a genuine security advantage, not just a convenience feature:
- No passwords to steal — our database contains no password hashes. Even if someone accessed our database, there are no credentials to extract.
- No credential stuffing — attackers cannot use passwords leaked from other sites to access your account here, because there is no password to stuff.
- No phishing for passwords — we never ask for a password, so fake login pages have nothing to harvest.
- Each link is single-use and expires — intercepted or forwarded links cannot be reused.
What We Store for Authentication
The only personal identifier we need to authenticate you is your email address. No passwords, no security questions, no recovery codes. Authentication is handled by Firebase Authentication (Google's enterprise identity platform), which issues a signed, short-lived token that our servers verify on every request.
Brute-Force Protection
If someone repeatedly attempts to sign in with incorrect magic links, the account locks for 1 hour after 5 failed attempts. This prevents automated attacks even in the passwordless model.
Session Security
Your login session is secure and tied to your device. If you log out, your session ends immediately. We automatically log you out after a period of inactivity for extra safety.
📊 What We Don't Collect
We believe less data is safer data. SuperStudies does NOT collect:
- Behavioral tracking: We don't track your mouse movements, clicks, or browsing patterns.
- Location data: We don't know where you are.
- Device fingerprinting: We don't track your device ID or unique identifiers.
- Behavioral ads: We never sell your data to advertisers. Your study habits stay private.
- Excessive logs: We only keep logs necessary for security and support.
⚖️ Your Data Rights (DPDP Act 2023)
Under the Digital Personal Data Protection Act, 2023, you have legal rights over your data as a Data Principal. You'll need to be signed in to use these.
📨 Request a Copy of Your Data Parent or student
Under DPDP Act Sections 11 and 12 you can request a complete copy of all the data we hold about you, in a machine-readable format if you'd like. Email [email protected] from the email address on your account, and we'll respond within 30 days (usually much sooner).
🗑️ Delete Your Account Parent only
Parents can permanently delete their account at any time — this also deletes every linked student account they've added, including all study notes, exam results, AI Tutor transcripts and Snap & Mark submissions (DPDP Act Section 12 — right to erasure). Students who want to leave should ask their parent, or contact us at [email protected]. Request account deletion.
✅ Security Practices
- Regulatory Compliance: We comply with the Digital Personal Data Protection Act 2023, store all Indian user data in India (GCP asia-south1), and follow Indian children's data protection rules for users under 18.
- ICO Guidance: We follow Information Commissioner's Office guidance on data protection.
- Regular Security Reviews: We continuously review our security practices and fix vulnerabilities.
- Automated Encryption: Sensitive fields are encrypted automatically without manual action.
Questions About Security?
If you have concerns about your data or our security practices, please contact us.
Contact Security TeamFor general support: [email protected]