School data is sensitive — student records, parent contacts, fee transactions, staff salaries. This page explains, in plain language, what Schoolwati does to keep that data safe.
Account and login security
- Passwords are stored using industry-standard one-way protection. Even Schoolwati's own team cannot read a user's password.
- After repeated wrong-password attempts, accounts are temporarily locked. This blocks automated guessing without locking out genuine users for long.
- Sign-in sessions are tied to your device and expire when no longer in use.
Your school's data stays yours
Each school using Schoolwati is fully isolated from every other school on the platform. There is no path through which one school's information can reach another school's staff — by accident or by design.
This applies to students, fees, attendance, staff records, communications, and reports — everything you store stays inside your school's space.
Role-based access inside your school
Not everyone in your school needs to see everything. Institution admins can control:
- Who can view financial records
- Who can mark attendance, and for which classes
- Who can add or edit student records
- Who can export data
- Who can change roles or settings
These restrictions are enforced at the system level, not just hidden in menus — meaning a restricted user cannot reach blocked data even if they try alternate routes.
Activity history
Every sensitive change — admitting a student, modifying a fee, exporting records, updating a staff role — is recorded with who did it, when, and what changed. Institution admins can review this history at any time under Reports → Audit Log.
This serves both as a daily oversight tool and as evidence if anything ever needs to be investigated.
Protection against abuse
Public-facing forms such as admission enquiries, support tickets, and password reset are protected against automated bots, spam submissions, and repeated requests from the same source. This keeps the platform fast and reliable for genuine users and prevents low-effort scraping of contact information.
Safe file uploads
Photos, documents, and ID uploads are validated for type, size, and content before being accepted. Stored files are kept in a separate area from the main database, with safe-serving rules so files cannot be misused.
Secure connections and backups
- All traffic between your browser and Schoolwati is encrypted in transit using current industry standards.
- The recommended Schoolwati deployment includes regular off-site backups for disaster recovery. Schools using Schoolwati's managed hosting get this by default.
Your data, your control
- Export at any time — institution admins can request a full export of their school's data by opening a support ticket. Data is delivered in a standard spreadsheet format, typically within one business day.
- No silent retention — if you leave the platform, a complete export is provided first and the data is then removed.
- No sale, no sharing — Schoolwati does not sell, rent, or share student or parent data with third parties. There are no advertising trackers running on the platform.
Reporting a concern
If you notice anything that looks like a security issue, email security@schoolwati.com with a short description of what you saw. We acknowledge reports within one business day and follow up directly.