EduProEduPro
Security at every layer

Built like a bank.
Trusted like a school.

Every student record, every exam result, every parent payment — protected by the same engineering standards used by Nigerian fintechs.

Six pillars

How your data stays safe

Strict tenant isolation

Every record carries a tenant_id. Row-level security on every query. Cross-tenant data leakage is architecturally impossible.

Encryption everywhere

AES-256 encryption at rest. TLS 1.3 in transit with modern ciphers, HSTS, and HTTP/3.

JWT auth with rotation

Short-lived access tokens (15 min) + rotating refresh tokens. Tokens revoked instantly on logout.

Immutable audit logs

Every privileged action is logged with actor, target, IP, and timestamp. Logs are append-only.

Role-based access

Admin, teacher, student, parent — each with fine-grained, principle-of-least-privilege permissions.

Lagos-based hosting

Data resident in Nigeria via MainOne data centers. No cross-border data transfer by default.

Compliance

Frameworks we follow

NDPR

Nigerian Data Protection Regulation

Full compliance with NITDA's data protection framework — registered as a Data Controller.

GDPR

General Data Protection Regulation

EU-aligned data handling for schools serving international students.

ISO 27001

Information Security Management

In active certification. Audited annually by a third party.

PCI DSS

Payment Card Industry Data Security

Card data never touches our servers — handled by Paystack (Level 1 certified).

Operational practices

Continuous protection,
not one-time hardening

Daily encrypted backups

30-day retention. Restorable to any point in the last 7 days.

Incident response

24/7 on-call rotation. 4-hour SLA on critical issues.

Penetration testing

Quarterly external pentest by a CREST-certified firm.

DDoS protection

Cloudflare in front of every endpoint with bot management.

Your data, your rights

You own everything you put into EduPro. We're custodians — never owners.

  • Export all your data anytime — JSON, CSV, or SQL dump.
  • Permanently delete your tenant and all data within 24 hours of request.
  • See exactly what data we collect and why in our Privacy Policy.
  • Know the moment we change our data handling (60-day notice).

Report a vulnerability

Found a security issue? We pay bounties from ₦50k to ₦2M depending on severity.

security@edupro.ng →

Built for procurement,
trusted by parents.