Security & Compliance

Your School Data is Protected

EBingwa uses bank-grade encryption, daily automated backups, and strict tenant isolation controls to keep your school's records safe. Built with Kenyan school operational workflows and privacy expectations in mind.

90.90%
Guaranteed Uptime
0-Bit
AES Encryption
0x Daily
Automated Backups
0%
Role Isolation

Data Protection

We take school data protection seriously. Your records are encrypted, isolated on secure servers, and never shared with third parties.

Encryption in Transit & at Rest

All data transmitted between your devices and EBingwa servers is encrypted using modern TLS 1.3. Data stored in our databases is encrypted at rest using AES-256 encryption—the same standard used by banks and financial institutions.

  • TLS 1.3 encryption for all active sessions
  • AES-256 encryption for secure stored data
  • Encrypted API endpoints with token verification
  • Regular security patches and active firewalls

Automated Backups

Your school's data is automatically backed up multiple times per day. Backups are stored in geographically distributed locations to ensure data availability even in case of regional outages.

  • Multiple daily automated backups
  • Geographically distributed backup storage
  • Point-in-time recovery available
  • 30-day backup retention period

Role-Based Access Control

Control exactly who can see and modify what information. Assign roles (Principal, Bursar, Teacher, Guardian) with granular permissions. Every action is logged in an audit trail.

  • Granular administrative permission system
  • Pre-defined roles (Principal, Bursar, Teacher, Parent)
  • Custom role creation and profile locking
  • Complete audit trail of all core system adjustments

Password Policies

Strong password requirements and optional two-factor authentication (2FA) keep accounts secure. Passwords are hashed using bcrypt and never stored in plain text.

  • Minimum complexity requirements enforced
  • Bcrypt password hashing protects login codes
  • Secure session timeout on inactive tabs
  • Fast password reset via verified emails

Compliance & Privacy

EBingwa complies with data protection regulations and respects your school's privacy.

Data Ownership

You own your data. You can export all your school's information at any time in standard formats (CSV, Excel, PDF). Built with Kenyan school operational workflows and privacy expectations in mind, ensuring administrative peace of mind.

Privacy First & ODPC Alignment

Strictly aligned with the Office of the Data Protection Commissioner (ODPC) guidelines. EBingwa staff only access your data when explicitly authorized for support. Every single access session is logged and fully audited.

Security Frequently Asked Questions

Find answers to common questions about how we protect your school's information.

Who owns the data uploaded to EBingwa?

Your school owns 100% of your data. EBingwa acts as a data processor under the Office of the Data Protection Commissioner (ODPC) in Kenya. You can export your data at any time and request its permanent deletion if you choose to leave the platform.

How often is school data backed up?

We perform automated backups every 6 hours to multiple secure locations. This ensures that even in the unlikely event of a server failure, your records remain safe and recoverable.

Is our data encrypted?

Yes. All data is encrypted using industry-standard AES-256 at rest and TLS 1.3 during transit. This is the same level of security used by modern banking applications.

Can EBingwa staff see our student records?

Access is strictly limited. Our support team can only view your data if you explicitly grant permission during a support request. All such access is logged and reviewed.

Is EBingwa compliant with Kenya's Data Protection Act?

Yes. We have designed our systems to comply fully with Kenya’s Data Protection Act (2019) and international security standards like GDPR. Built with Kenyan school operational workflows and privacy expectations in mind, learner data is safely locked under tenant isolation in secure server environments.

What happens if a teacher loses their phone?

Administrators can instantly revoke access for any user account from the school dashboard. Since data is stored in the cloud and not on the device, the records remain secure.

How do you prevent unauthorized login attempts?

We use rate limiting, account lockout policies, and notify administrators of suspicious login activity. We also support two-factor authentication (2FA) for sensitive accounts.

Can we recover deleted records?

The system includes a "soft-delete" feature for many records, allowing administrators to restore accidentally deleted data within a certain timeframe before permanent removal.

Have Security Questions?

We're transparent about our security practices. If you have specific questions about data protection, backups, or compliance, we're happy to discuss them.

Setup My School Email Our Support Team