Skip to content

Security

Built for institutions that handle student data.

Exam data is sensitive. Student performance profiles are personal. The infrastructure that holds them should be built with that weight in mind.

Data integrity

Every answer submitted through Pinaka is checksummed at the point of capture. Every submission is timestamped with server-side verification. Every result is independently auditable.

Stateful and stateless concerns are separated by design across 9 independently deployable infrastructure stacks. A scoring deployment cannot affect exam delivery. A reporting failure cannot affect data collection.

Infrastructure

Pinaka runs on serverless architecture with no single point of failure. The platform is load-tested to 250,000 concurrent users. Uptime is maintained at 99.99% by architecture, not by manual intervention.

All data is encrypted in transit (TLS 1.2+) and at rest. Infrastructure is hosted on production-grade cloud providers with SOC 2 certified data centres.

Student privacy

Pinaka processes student data strictly on behalf of the institution. We do not use student data for advertising, profiling outside the exam context, or any purpose beyond what the institution has authorised.

Each institution's data is logically isolated. One institution cannot access another's student records, exam content, or analytics.

Compliance

Pinaka is designed to be compliant with India's Digital Personal Data Protection Act, 2023 (DPDP). For students under 18, parental consent mechanisms are built into the platform as required by law.

Institutions retain ownership of their data at all times. Data can be exported or deleted on request.

Exam integrity

Pinaka monitors 10 behavioural signals during exams, including tab switches, device changes, and copy-paste attempts. All monitoring is browser-native. No camera required. No software install. Integrity without intrusion.

Incident response

In the event of a data breach affecting personal data, we will notify affected institutions and individuals without unreasonable delay. A detailed report will be submitted to the Data Protection Board of India within 72 hours of becoming aware of the breach, as required by the DPDP Act.

Our incident response process includes immediate containment, root cause analysis, affected party notification, and a post-incident review to prevent recurrence.

Responsible disclosure

If you discover a security vulnerability in our website or infrastructure, we ask that you report it to us responsibly. Please email security@vidhar.com with details of the vulnerability. Include steps to reproduce, if possible.

We ask that you:

  • Give us reasonable time to investigate and address the issue before public disclosure
  • Avoid accessing, modifying, or deleting data that does not belong to you
  • Act in good faith to avoid disrupting our services

We will acknowledge your report within 48 hours and provide an estimated timeline for resolution. We will not pursue legal action against researchers who follow these guidelines.

Security contact

For security-related inquiries, vulnerability reports, or to request our detailed security documentation, contact us at security@vidhar.com.