Security and Data Integrity

Institutional-grade protection for high-volume tutoring centers.

Secure your intellectual property and client data with infrastructure hosted in the Singapore region.

The Operational Standard

Center reputation is built on the security of operational data. High-volume centers require an infrastructure that protects personal information, transaction records, and proprietary curriculum with the highest technical standards.

Security is the foundation that allows you to maintain total command over your center across multiple branches and cities without the risk of data compromise.

Data Protection and Encryption

1. Information Security in Transit and at Rest

We protect your data using modern encryption and industry-standard protocols.

• Bcrypt Password Hashing

  Passwords are never stored in plaintext. The OS uses bcrypt with 12 rounds of hashing, ensuring that login credentials remain secure and inaccessible to unauthorized parties.
  
  

• TLS Encryption in Transit

  Every byte of data sent between your device and our servers is encrypted using TLS. Your communication is always private and protected from interception during transit.
  
  

• Hashed API Security

  Internal system connections are protected by securely hashed keys, preventing unauthorized exposure of your workspace environment.

Access Control and Isolation

2. Multi-Layered Permission Architecture

We utilize a multi-layered approach to ensure that only authorized personnel have access to specific center resources.

• JWT-Based Authentication

  The system uses JSON Web Tokens (JWT) for secure session management. This is the industry standard for ensuring that every login is verified and authenticated.
  
  

• PostgreSQL Row Level Security (RLS)

  Through RLS, your data is physically and logically separated from all other users. There is zero risk of data leakage between different tutoring centers.
  
  

• Role-Based Authorization

  Access is strictly controlled based on user roles (Admin, Staff, Tutor, Client). Users only see the data and tools they are authorized to use, protecting sensitive financial records and student information.
  
  

• Mandatory Email Verification

  Every account must be verified via email before gaining access to the system, ensuring the integrity of your user database and preventing unauthorized sign-ups.

Infrastructure and Regional Hosting

3. The Singapore Advantage

To provide the lowest latency and the strongest legal protection for Southeast Asian centers, we host our entire infrastructure in the Singapore Region.

• Database Storage (PostgreSQL)

  Hosted on Railway in Singapore for high-speed performance and data residency compliance.
  
  

• File and Document Storage

  Client records, images, and documents are stored on AWS S3 within the Singapore/Regional hub.
  
  

• Payment Data Security

  All transaction records are handled through PCI-Compliant Infrastructure. This ensures that client financial details are managed securely in your local currency.

Regional Privacy Compliance

4. PDPA and Southeast Asian Standards

Managing tutoring centers across borders requires adhering to various privacy laws. The Tutearn OS is built to keep your institution compliant with regional regulations.

• Singapore PDPA

  Fully compliant through our centralized Singapore-based hosting.
  
  

• Thailand PDPA

  Compliant. Singapore is an officially recognized and acceptable data transfer destination for Thai center operations.
  
  

• Indonesia PDP Law

  Meets the 2024 standards for data protection through contractual safeguards and regional processing.
  
  

• Philippines Data Privacy Act

  Fully supported through Standard Contractual Clauses (SCCs) to ensure high-level data governance.
  
  

• Vietnam and Malaysia

  Our infrastructure meets general regional standards for data residency and secure cross-border processing within the ASEAN ecosystem.
  
  

Security Operational FAQ

• Does Tutearn store our clients' credit card information?

  No. All sensitive financial data is processed through PCI-compliant gateways. We do not store full card numbers on our servers, ensuring your clients' financial safety.
  
  

• Can we audit who accessed specific data?

  Yes. The system maintains audit logs for administrative actions, allowing you to see which staff members have accessed or modified sensitive information.
  
  

• Is our data backed up regularly?

  Yes. The OS includes automated daily backups to ensure that your center's records are protected and can be restored in the event of an emergency.