• Scolaro relies on established cloud infrastructure to host its services.
• Communications use encryption in transit, and stored data benefits from encryption-at-rest mechanisms.
• Backups and redundancy mechanisms support service availability.

• User authentication relies on secure session and password management mechanisms.
• Access to data is role-based and restricted to the permissions required.
• Students, teachers, and administrators only see the data within their authorized scope.

• Technical logs help trace certain sensitive actions and support auditing.
• Role changes and certain privileged actions may be controlled and logged.
• Logs help detect anomalies and support investigations when a problem occurs.

• The codebase follows input validation practices and aims to reduce exposure to common vulnerabilities.
• Critical dependencies should be maintained and reviewed regularly.
• Code review and technical verification contribute to risk reduction.

• User sessions are managed with time-limited tokens.
• Mechanisms can invalidate sessions at logout or after inactivity.
• Measures such as rate limiting and application controls help prevent abuse and some classes of attack.

• We collect only the data required for the pedagogical operation of the platform.
• Data is retained for a reasonable period based on its use and applicable obligations.
• Backup and restoration mechanisms support data integrity and availability.

• When some features rely on third-party providers, contractual and technical safeguards are sought.
• Transfers are limited to what is strictly necessary and must align with the applicable framework, including Law 25.
• Data is minimized or anonymized where possible before transfer.

• Monitoring tools help detect anomalies, suspicious behavior, and certain technical incidents.
• Alerts may be triggered to enable a timely response.

• Scolaro maintains an incident response framework to analyze, contain, and correct security issues.
• When required, affected people or institutions may be informed in line with applicable legal obligations.
• Corrective measures are intended to reduce immediate impact and prevent recurrence.

• Scolaro must maintain a level of security appropriate to the platform and its data.
• Users must protect their credentials, use strong passwords, and report suspicious activity.
• Educational establishments must manage access and apply their own internal policies.

If you suspect a security issue or discover a vulnerability, use the contact form and clearly indicate that it is a security report.

• Do not attempt to exploit the vulnerability beyond what is necessary to demonstrate it.
• Do not access data that does not belong to you.
• Do not modify or delete data.