Data Security

Last updated March 5, 2026

Protecting student data is a core responsibility at Porashona. We implement industry-standard security practices to ensure your information remains safe, private, and available when you need it.

Encryption

In Transit

All data transmitted between your device and our servers is encrypted using TLS 1.3. This includes quiz data, authentication tokens, voice chat signaling, and analytics events.

At Rest

Data stored on our servers is encrypted using AES-256 encryption. Database backups are also encrypted and stored in geographically separate locations for disaster recovery.

Infrastructure Security

Our application runs on cloud infrastructure with enterprise-grade security certifications. We use isolated virtual networks, firewalls, and intrusion detection systems. All server access requires multi-factor authentication and is logged for audit purposes.

Access Controls

• Role-based access control (RBAC) limits data access to authorized personnel only
• Production database access is restricted and requires approval
• All administrative actions are logged and reviewed
• API endpoints are authenticated and rate-limited
• Phone number verification ensures only authorized users access their accounts

Application Security

• Input validation and sanitization on all user-facing endpoints
• Protection against common vulnerabilities (SQL injection, XSS, CSRF)
• Regular dependency updates and vulnerability scanning
• Secure session management with token rotation

Data Retention

We retain your quiz and progress data for as long as your account is active, so you never lose your learning history. If you delete your account, all personal data is permanently removed within 30 days. Anonymized, aggregated analytics data may be retained for product improvement.

To request account deletion, visit our Delete Your Account page or email [email protected] and include the phone number associated with your account so we can verify your identity.

Incident Response

We maintain an incident response plan that includes detection, containment, investigation, and notification procedures. In the event of a data breach that affects your personal information, we will notify affected users within 72 hours through the app and via registered phone numbers.

Student Data Protection

As an educational platform, we take extra care with student data. We do not use student quiz data for advertising. AI model training uses anonymized data only. We do not share individual student performance data with third parties.

Compliance

We regularly review our security practices against industry standards and applicable regulations. Our goal is to meet or exceed the expectations set by data protection frameworks relevant to our users in Bangladesh and internationally.

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly to [email protected]. We appreciate the security research community and will acknowledge valid reports.