Security Policy

Ezaalah, operated by 4 SYSTEMS Digital Solutions ("Company," "we," "our," "us"), is committed to safeguarding the confidentiality, integrity, and availability of user and student data.

This Security Policy should be read together with our Privacy Policy, Data Processing Agreement, FERPA Statement, and COPPA Statement.

Our security practices are based on the following principles:

• Confidentiality: Ensuring that personal and student data is accessible only to authorized individuals.
• Integrity: Protecting data from unauthorized modification or corruption.
• Availability: Maintaining reliable and uninterrupted access to the Service.

• Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest.
• Secure Communications: HTTPS is enforced across all user interactions.
• Updates: Regular patching and updates are applied to servers, databases, and third-party components.

We partner with trusted infrastructure providers to deliver secure and reliable services:

• Amazon Web Services (AWS) – primary hosting and compute environment.
• Cloudflare – content delivery network (CDN), firewall, and DDoS protection.
• Supabase – database, authentication, and managed APIs.
• Firebase (Google) – analytics and performance monitoring.
• Google Cloud Platform – backup and infrastructure services.

All providers implement physical and network security controls consistent with industry standards.

• Role-based access ensures only authorized staff can access sensitive systems.
• Admin accounts are protected with multi-factor authentication (MFA).
• Access rights are reviewed and revoked when no longer necessary.

• Activity logs are maintained to record administrative and system events.
• Systems are monitored for unusual behavior or unauthorized access attempts.
• Logs are protected against tampering.

• Uploaded and processed files are automatically deleted after 30 days.
• Personal data and account information are deleted upon request (see Privacy Policy).
• Backup data is securely purged on a rolling basis.

In the event of a suspected or actual data breach:

1. Immediate containment and investigation steps are initiated.
2. The Controller (school, district, or parent) is notified without undue delay (see DPA).
3. Remediation measures are applied, and lessons learned are incorporated into security improvements.

Users play an important role in maintaining security:

• Protect login credentials and do not share accounts.
• Report suspicious activity to security@ezaalah.com immediately.
• Use the Service only in compliance with the Acceptable Use Policy.

For security-related concerns, vulnerability reports, or incident notifications:

• Email: security@ezaalah.com
• Address: Durham, NC 27703, USA