Security your institute can defend on paper
This page is maintained by manchi.tech to answer common security and privacy questions. It describes controls currently enabled in the platform — not a third-party certification.
Uptime SLA
Median API latency
Backup retention
RTO / RPO
What's enabled by default
Every institute on manchi.tech gets these controls on day one — no add-on required.
AES-256 at rest
All student, fee and attendance records are encrypted at rest with per-tenant key isolation.
TLS 1.3 in transit
Every request between the app, mobile clients and biometric nodes uses TLS 1.3 with HSTS enforced.
Role-based access
Granular RBAC across owners, admins, faculty, accounts and parents. Field-level masking on PII.
Full audit trails
Every write action carries who, what, when and from where. Exportable for internal reviews.
Data residency
Primary storage in ap-south-1 (Mumbai) with encrypted backups across multiple Indian availability zones.
Backups & recovery
Point-in-time recovery up to 30 days. Daily encrypted snapshots retained for 90 days.
Where we stand today
Honest status on the frameworks institutes ask about most.
DPDP-aligned
Consent capture, purpose limitation, data-principal rights and grievance officer flow follow India's DPDP Act, 2023.
ISO 27001 (in progress)
Information Security Management System scoped and internal audits underway. Certification targeted for H2 2026.
Incident response
24-hour internal notification, 72-hour customer notification for confirmed personal data incidents. Post-mortems shared with affected institutes.
Report a vulnerability
We welcome coordinated disclosure from security researchers. Email security@manchi.tech with steps to reproduce. We'll acknowledge within 2 business days and keep you posted through remediation. Please avoid tests that degrade service for live institutes.