Security at TutorDesk
How we protect student records, parent phone numbers, and payment balances.
Data Encryption
All network traffic is encrypted using standard SSL/TLS (HTTPS) protocols in transit. Database data is encrypted at rest using AES-256 standards.
Row Level Security (RLS)
We implement strict Row Level Security policies at the PostgreSQL database layer. A tutor can only query their own students, calendar events, and payment logs.
Tokenized Parent Portals
Parents do not need password logins. They access invoices and reschedule requests via unique, cryptographically secure single-use tokens generated by the tutor.
Database Backups
We perform automated daily snapshot backups of our databases. Backup files are encrypted and stored in geographically isolated secure cloud storage.
Infrastructure Provider
TutorDesk runs its core infrastructure on industry-leading cloud service providers. Our primary database is hosted on Supabase, which complies with SOC2 Type II security standards, and our frontend interfaces are deployed via Vercel's high-performance serverless network.
Reporting Vulnerabilities
We take security reports seriously. If you discover a vulnerability or have a security concern regarding TutorDesk, please contact us directly at security@tutordesk.sg. We will investigate and address verified issues within 48 hours.