Trust & Security

Security at ArkaX

Student data is sensitive. We treat it that way. Below is an overview of how we protect information across the platform.

DPDPA 2023 aligned

TLS encryption

Hashed credentials

Role-based access

Zero data sharing

Audit-ready

Encryption in transit

All connections to ArkaX use Transport Layer Security (TLS 1.2+). This protects data while it travels between your device and our servers from interception or tampering.

Encryption at rest

Data stored on the platform is encrypted at rest using the encryption built into our cloud infrastructure provider (Google Cloud / Firebase). Sensitive credentials such as passwords are hashed and salted using industry-standard algorithms — they are never stored in plain text and cannot be recovered, only reset.

Access controls

Role-based access (RBAC) — students, parents, counselors, school administrators, and ArkaX operations each have separate roles with explicitly scoped permissions.
Session isolation — when a user signs out or switches accounts on a shared device, their session is fully invalidated.
Production access is restricted to authorised personnel and is audited.

Infrastructure

ArkaX is hosted on Google Cloud Platform / Firebase, operating in regional data centres with the security certifications standard for GCP infrastructure (ISO 27001, SOC 2, etc., as published by Google). We benefit from Google's underlying physical security, network protection, and platform hardening.

Data minimisation

We collect only the information needed to deliver the service. We do not collect biometric data, location tracking, or behavioural advertising signals. We do not sell or share student data with third parties for marketing.

Children's data

Most ArkaX users are minors. We process their data only with verifiable parental consent or school authorisation, and we do not show advertisements or engage in profiling that could cause detrimental effect on a child, in line with the Digital Personal Data Protection Act, 2023.

Vendor management

Service providers that help us run the platform (e.g., cloud hosting, transactional email delivery) are bound by contractual confidentiality obligations and are reviewed for their own security practices.

Reporting a vulnerability

If you have discovered a security vulnerability in ArkaX, please report it responsibly. Email [email protected] with details and steps to reproduce. We commit to acknowledging genuine reports within 5 business days and will work in good faith to address valid issues. Please do not publicly disclose details until a fix has been deployed.

Continuous improvement

Security is not a one-time effort. We routinely review configurations, update dependencies, and refine practices as the platform evolves and as the threat landscape changes.

Contact

For security questions or concerns:

ArkaX Career Guidance LLP
Email: [email protected]