Security

Data Protection & Security Measures

EduPilot prioritizes the security and privacy of student data through comprehensive security measures and industry best practices.

Authentication & Authorization

EduPilot uses JWT-based authentication with secure password hashing using bcrypt. All API endpoints are protected with proper authorization checks, and session tokens expire after 24 hours for enhanced security.

Data Encryption

All data transmission uses HTTPS/TLS 1.3 encryption. Sensitive data including passwords and personal information are encrypted at rest using industry-standard encryption algorithms. Database connections use SSL/TLS by default.

Database Security

The PostgreSQL database is secured with role-based access control, regular backups, and encrypted storage. All queries use parameterized statements to prevent SQL injection attacks.

Privacy Protection

Student data is never shared with third parties. Mental health logs are particularly sensitive and are accessible only to the individual student. All data processing complies with educational privacy standards.

Security Features

Application Security

Input validation and sanitization
Cross-Site Scripting (XSS) protection
Cross-Site Request Forgery (CSRF) tokens
Rate limiting on API endpoints

Infrastructure Security

Secure deployment on Vercel
Environment variable protection
Regular security updates
Monitoring and alerting

Compliance & Standards

GDPR compliance for data handling
FERPA considerations for educational data
OWASP security guidelines
Regular security audits

Security Reporting

If you discover a security vulnerability or have concerns about data privacy, please report it immediately.

Email: damilarematthew40@gmail.com

GitHub: Create a private issue

EduPilot. Department of Information Systems, FUTA.

Final year project by Adepitan M. and Adetoye S.