Security

Last updated: 12 June 2026

Security and privacy are central to how SoNow is built. This page describes, in plain terms, how we protect data across the marketing website and the SoNow application.

Two Separate Systems

It helps to distinguish two things. This marketing website is a static site that simply presents information about SoNow — it holds no student, staff or guardian records. The data that institutes work with lives in the SoNow application platform, hosted on Amazon Web Services (AWS).

Where Product Data Lives

• Institute, staff, student and guardian data is stored and processed in the SoNow application backend on AWS.
• Data is scoped to each institute, so users can only access records belonging to their own institute.
• Access within an institute is governed by role-based permissions for administrators, teachers and employees.

Encryption

• All traffic to the website and application is encrypted in transit using HTTPS (TLS).
• Data held in the SoNow application backend is encrypted at rest.
• Secrets and credentials are kept in protected configuration, never in client-side code.

Access Controls

• Access to records is restricted to authenticated users within the relevant institute.
• Permissions follow the principle of least privilege based on each user's role.
• We limit and monitor administrative access to production systems.

Children's Data

Because SoNow holds data about students who are minors, we treat it with particular care. We do not use student data for advertising or behavioural tracking. How children's data is handled is described in our Privacy Policy.

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly by emailing grievance@sonow.in with details. We take all reports seriously and will respond as quickly as we can.