Security
Security Policy
At Nisaab360, the security and protection of institutional, staff, teacher, and student data is a high priority.
We use security practices and technical measures designed to help protect information from:
- Unauthorized access
- Misuse
- Loss
- Alteration
- Unauthorized disclosure
- Security threats
- Improper access to restricted information
1. Data Encryption
We use appropriate security measures to help protect data during transmission and storage.
These measures may include:
-
Encryption in Transit
- Data transmitted between supported applications, browsers, and servers is protected using HTTPS and TLS (Transport Layer Security).
-
Secure Data Storage
2. Infrastructure Security
Nisaab360 uses cloud-based infrastructure and security measures designed to protect the platform and its data.
Infrastructure security measures may include:
- Secure cloud hosting
- Network security controls
- Firewall rules
- Restricted administrative access
- Environment and configuration protection
- Security monitoring
- Logging and auditing where applicable
- Protection against unauthorized network access
- Regular infrastructure and software updates
Access to critical infrastructure and platform administration is restricted to authorized personnel.
3. Access Control and Authentication
Access to Nisaab360 is controlled through authentication, user roles, permissions, and institution-level access restrictions.
Security measures may include:
4. Role-Based Data Access
Different users have different levels of access depending on their role and responsibilities.
For example:
Users are not permitted to:
- Access data that does not belong to them or that they are not authorized to view.
- Bypass role-based permissions.
- Attempt to gain unauthorized administrative access.
- Use another person's account without authorization.
- Share protected or restricted information without permission.
5. Password and Account Security
Users are responsible for helping protect their own accounts.
Users should:
- Keep passwords private.
- Use strong and unique passwords.
- Avoid sharing accounts with other people.
- Protect devices used to access Nisaab360.
- Log out from shared or public devices where appropriate.
- Report suspicious or unauthorized account activity.
- Keep account and contact information accurate where required.
Nisaab360 is not responsible for unauthorized access resulting from:
- Shared passwords
- Weak passwords
- Compromised user devices
- Voluntary account sharing
- Failure to protect login credentials
6. Application Security
Nisaab360 is designed with security controls intended to protect platform functionality and user information.
Application security measures may include:
- Protected API routes
- Authentication checks
- Authorization checks
- Role-based permissions
- Input validation
- Secure configuration practices
- Restricted administrative operations
- Error handling
- Security-related logging where applicable
- Dependency updates and maintenance
7. Vulnerability Management
We work to identify, assess, and address security vulnerabilities that may affect Nisaab360.
Security and maintenance practices may include:
- Reviewing software dependencies
- Updating outdated packages
- Applying security patches
- Reviewing platform configurations
- Testing important security controls
- Investigating reported security issues
- Addressing identified vulnerabilities based on their severity and potential impact
No software system can be guaranteed to be completely free from vulnerabilities. However, we aim to respond responsibly to identified security risks.
8. Monitoring and Security Logs
Where appropriate, Nisaab360 may maintain technical, security, or audit-related logs to help:
- Detect unauthorized access
- Investigate suspicious activity
- Troubleshoot technical problems
- Protect platform integrity
- Improve platform reliability
- Respond to security incidents
Access to security-related information is restricted according to operational requirements and authorized roles.
9. Third-Party Services
Nisaab360 may use trusted third-party services for certain technical operations, such as:
- Cloud hosting
- Data storage
- Notification delivery
- Infrastructure services
- Security-related services
- Other technical functionality
Where third-party services are used, information may be processed only as reasonably necessary to provide the relevant platform functionality.
The security and availability of third-party services may also be subject to their own policies, infrastructure, and operational practices.
10. Security Incident Response
If a security issue or suspected incident is identified, we may take appropriate actions to protect the platform and its users.
These actions may include:
- Investigating suspicious activity
- Restricting affected accounts
- Temporarily suspending access
- Revoking active sessions or authentication credentials
- Applying security updates or fixes
- Restricting affected platform features
- Taking other reasonable measures to protect data and platform integrity
Institutions and users should report suspected security issues as soon as reasonably possible.
11. Institution and User Responsibilities
Security is a shared responsibility.
Institutions are responsible for:
- Providing access only to authorized users.
- Managing user accounts and roles appropriately.
- Removing or restricting access when it is no longer required.
- Ensuring that staff and students use the platform responsibly.
- Reporting suspected unauthorized access or security incidents.
Users are responsible for:
- Protecting their login credentials.
- Using only their assigned accounts.
- Following institution and platform security requirements.
- Avoiding attempts to bypass security controls.
- Reporting suspicious activity.
12. Responsible Security Reporting
If you believe you have discovered a security vulnerability or security-related issue in Nisaab360, please report it responsibly.
When reporting a security issue:
- Provide a clear description of the issue.
- Include the affected feature or area of the platform.
- Provide steps to reproduce the issue where possible.
- Avoid accessing, modifying, downloading, or exposing data that does not belong to you.
- Do not publicly disclose the vulnerability before it has been reviewed and addressed.
- Do not use the issue to disrupt the platform or harm users.
We appreciate responsible reports that help improve the security of Nisaab360.
13. Security Limitations
While we take reasonable steps to protect the platform and its data, no website, mobile application, server, network, cloud service, or digital system can guarantee absolute security.
Security may also depend on factors outside the direct control of Nisaab360, including:
- User device security
- Password strength
- Account sharing
- Internet service providers
- Third-party infrastructure
- Institution security practices
- User behavior
Users and institutions should follow appropriate security practices when accessing and using the platform.
14. Updates to This Security Policy
This Security Policy may be updated from time to time to reflect changes in:
- Platform features
- Security practices
- Technical infrastructure
- Operational requirements
- Security threats
- Applicable requirements
The latest version will be made available through the website, app, or another appropriate platform location.
15. Contact Us
For security concerns, vulnerability reports, or platform-related inquiries, contact:
- Email: Workwithhussnainahmad@gmail.com
- Website: appsbyhussnain.vercel.app
