Trust & Security: The Foundation of Your Growth
Trust & Security: The Foundation of Your Growth
At Tutearn, we know that your tutoring center’s reputation is built on trust. When parents and students use your platform, they expect their personal information, payments, and private data to be handled with the highest security standards.
Security isn’t just a feature for us; it’s the engine that allows you to scale your vision across multiple branches and cities without ever worrying about a data breach.
1. Data Protection: Your Information, Encrypted
We don’t just store your data; we protect it using the latest industry standards.
Encrypted Passwords: Passwords are never stored in plaintext. We use bcrypt with 12 rounds of hashing, ensuring your login credentials remain secure.
Hashed API Keys: Our internal connections are protected by securely hashed keys to prevent unauthorized exposure.
HTTPS in Transit: Every byte of data sent between your device and our servers is encrypted using TLS (provided by Railway), so your communication is always private.
2. Access Control: Who Sees What?
We use a multi-layered approach to ensure that only authorized people have access to your tutoring center's resources.
JWT-Based Authentication: We use JSON Web Tokens (JWT)—the gold standard for secure logins.
Permission-Based Authorization: Access is strictly controlled based on user roles (Admin, Teacher, Parent). Users only see what they are authorized to see.
Multi-Tenant Data Isolation: Through PostgreSQL Row Level Security (RLS), your data is completely separated from other clients. There is zero risk of data leakage between different tutoring centers.
Email Verification: Every account must be verified via email before gaining access to the system, preventing unauthorized sign-ups.
3. Infrastructure: The Singapore Advantage
To provide the lowest latency and the strongest legal protection for Southeast Asian centers, we host our entire infrastructure in the Singapore Region.
Data Type | Storage Provider | Location |
Database (PostgreSQL) | Railway | Singapore |
File Uploads (Images, Docs) | AWS S3 | Singapore/Regional |
User Sessions / Tokens | PostgreSQL (Railway) | Singapore |
Payment Data | Stripe | PCI-Compliant Infrastructure |
4. Southeast Asian Compliance (PDPA & Beyond)
Managing tutoring centers across borders means navigating different privacy laws. Tutearn is built to keep you compliant.
Singapore PDPA: Fully compliant through our Singapore-based hosting.
Thailand PDPA: Singapore is an officially recognized and acceptable data transfer destination.
Malaysia PDPA: Our Singapore infrastructure meets the general standards for data residency.
Indonesia PDP Law: Compliant with the 2024 standards through contractual safeguards.
Philippines Data Privacy Act: Fully supported through standard contractual clauses (SCCs).
GDPR (EU): For international clients, we support Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPA).
Invest in your centre. See the return in your first week.
