SECURITY POLICY

Security Policy

At TopSyllabus, we are committed to protecting student, parent, and educational data using industry-standard security practices and continuous monitoring.

Last Updated: May 2026

1. Our Security Commitment

At TopSyllabus.ai, we prioritize the security of your data, especially sensitive educational information. This policy outlines the security measures we use to protect our platform and users.

2. Data Encryption

  • All data transmission uses TLS 1.3 encryption
  • Data at rest encrypted using AES-256
  • Encryption keys managed using industry best practices
  • Regular key rotation protocols

3. Access Controls

  • Multi-factor authentication available
  • Role-Based Access Control (RBAC)
  • Regular access reviews and audits
  • Principle of least privilege enforced

4. Infrastructure Security

  • Hosted on secure cloud infrastructure
  • Regular security patches and updates
  • Firewalls and intrusion detection systems
  • DDoS protection measures

5. Application Security

  • Regular security testing and code reviews
  • OWASP Top 10 vulnerability protection
  • Input validation and sanitization
  • Secure API design principles

6. Data Backup and Recovery

  • Daily automated backups
  • Geographically distributed backup storage
  • Regular recovery testing
  • Disaster recovery plans in place

7. Employee Security

  • Background checks for employees
  • Security awareness and training programs
  • Confidentiality agreements
  • Limited access to production systems

8. Incident Response

  • 24/7 security monitoring
  • Defined incident response procedures
  • Notification within 72 hours of confirmed breaches
  • Regular incident response drills

9. Compliance

  • GDPR compliant practices
  • SOC 2 Type II certification (in progress)
  • Regular third-party security audits
  • Compliance with educational data protection laws

10. Vulnerability Management

  • Regular vulnerability scanning
  • Responsible disclosure program
  • Timely patching of identified vulnerabilities
  • Security researcher acknowledgments

11. Physical Security

  • Data centers with 24/7 security
  • Biometric access controls
  • Environmental monitoring systems
  • Redundant power and cooling

12. Third-Party Security

  • Vendor security assessments
  • Data processing agreements
  • Regular third-party reviews
  • Limited data sharing

13. User Security Responsibilities

We Recommend Users:

  • Use strong and unique passwords
  • Enable two-factor authentication
  • Keep browsers and devices updated
  • Report suspicious activities immediately

14. Security Contact

To report security concerns or vulnerabilities, contact our security team:

Security Contact

Email: security@topsyllabus.ai

We aim to respond within 24 hours.

15. Bug Bounty Program

We welcome responsible vulnerability disclosures from security researchers. Please contact our security team for additional details.

16. Continuous Improvement

We continuously review and improve our security practices to address emerging threats and maintain the highest standards of educational data protection.

Company Information

Email: info@topsyllabus.ai

Innopas Technology Services Pvt Ltd
Chennai, Tamilnadu, India