Security
Security and privacy are not features. They are foundations.
Edmired is being built so schools, families, and students can trust the platform with their most sensitive context: a child’s learning.
Architecture principles
- Privacy-by-design: minimum data collection, role-scoped access, explicit consent.
- Encryption in transit (TLS 1.2+) and at rest for all data stores.
- Server-only secrets; no credentials shipped to the client.
- Strict input validation on every API surface.
- Rate limiting, honeypots, and bot mitigation on public forms.
- Comprehensive HTTP security headers, including CSP, HSTS, X-Frame-Options, COOP, Permissions-Policy.
Compliance roadmap
- India DPDP Act alignment.
- FERPA & COPPA awareness for international deployments.
- SOC 2 Type II is planned as we scale into institutional contracts.
- Data residency options for institutional buyers.
Responsible AI
- Source-grounded student responses, not open-internet generation.
- Teacher-in-the-loop trust progression for AI content.
- Model usage logged and auditable per institution.
Reporting a vulnerability
Found something? Use our contact form and choose the Security topic. We acknowledge reports within 72 hours and credit responsible disclosure.
Next step
Bring Edmired into your evaluation cycle.
Request a walkthrough for your team or join early access if you want to shape the product as we expand pilots.