Security for structured school operations

EdixPark is a school management platform. Our security work focuses on protecting the platform, login flow, tenant boundaries, core operations, and the reliability schools depend on every day.

This page explains our current security approach in plain language. It is meant to support understanding and future review. It is not a certification statement, legal advice, or a promise that risk can be removed entirely.

We aim to be clear and careful: security is important, but responsible communication matters too.

• EdixPark protects the platform and its shared infrastructure.
• Each school operates inside its own workspace with controlled access.
• Schools also play an important role in protecting accounts, users, and school-managed records.

EdixPark is structured so schools use separate workspaces rather than a shared open environment. Under normal platform use, one school should not be able to view or operate inside another school’s workspace.

Tenant separation is part of the platform’s core security approach because schools need clear boundaries around their daily records, users, and operational data.

• School activity is scoped to the correct workspace after authentication.
• Tenant boundaries are part of the platform’s core protection model.
• Unexpected cross-workspace access would be treated as a serious security concern.

Users reach EdixPark through authenticated accounts. Once signed in, access is limited by the user’s role and the school workspace they are authorized to use.

This helps make sure users work only with the modules, records, and actions their role permits, rather than gaining broad access by default.

• Users sign in through controlled login flows.
• Permissions are tied to role assignments and workspace scope.
• Not every user should see the same data or controls inside a school workspace.

EdixPark protects the platform, but each school still decides which administrators, teachers, finance users, staff, parents, or other approved users should have access.

Administrators should make sure permissions match real responsibilities and should remove or reduce access when it is no longer needed.

• Approve users carefully and assign roles deliberately.
• Review active users and remove old or unnecessary access promptly.
• Make sure billing, administrative, and academic access are handled appropriately for each role.

Security is not only about account access. It also includes how the service is maintained, updated, monitored, and supported over time.

EdixPark may use operational controls, maintenance processes, troubleshooting, and platform review practices to support reliability and protect core operations.

• Controlled attention around sensitive platform functions.
• Service maintenance and updates as the product evolves.
• Operational reviews and troubleshooting to help keep the system stable and usable.
• Continuity-minded practices that help support recovery and service health.

EdixPark may review platform events, logs, and operational signals when needed to detect misuse, investigate suspicious behavior, troubleshoot technical issues, or protect the reliability of the service.

These practices are part of platform protection and abuse prevention. They are not meant to turn ordinary school use into unnecessary surveillance, but to help protect the service and respond when something appears wrong.

• Monitoring may help identify misuse, instability, or suspicious access patterns.
• Logging may support troubleshooting, platform review, and incident investigation.
• Protective review may be used when abuse or operational risk needs attention.

EdixPark protects the platform environment, but schools remain responsible for the records they enter, the users they approve, and the way school data is handled inside their own operations.

A school should decide carefully who can access sensitive records, what information should be entered, and how staff should manage school-owned data responsibly.

• Use strong passwords and protect account credentials.
• Limit access to people who genuinely need it.
• Train staff to handle school records carefully and appropriately.
• Review what information is uploaded and whether it should be stored in the platform.

EdixPark may rely on trusted third-party services for infrastructure, communications, payments, or other service support functions.

Where payment processing is involved, some payment-related handling may occur through approved payment providers rather than being managed entirely inside EdixPark’s own application environment.

• Third-party services may support hosting, messaging, payments, or operational tooling.
• Those services can affect availability, delivery timing, or support response in some situations.
• EdixPark still reviews and manages platform operations with those dependencies in mind.

Platform availability may be affected from time to time by maintenance, internet conditions, third-party service issues, urgent fixes, or security-related work.

EdixPark may adjust or limit access where necessary to apply updates, protect the service, investigate unusual behavior, or reduce platform risk.

• Maintenance may be planned or urgent depending on the issue involved.
• Security improvements may sometimes require service changes or temporary access limits.
• Availability work is part of keeping the platform dependable over time.

If EdixPark identifies a serious platform issue, we may investigate, take appropriate protective action, and communicate with affected schools when needed.

If you believe you found a vulnerability or security concern, contact EdixPark with a clear description. Please do not attempt to expose data, test another school’s workspace, or change information that does not belong to you.

• Describe the issue clearly and share only what is needed to help us understand it.
• Do not access, delete, copy, or expose records that are not yours.
• Do not use a possible issue as a reason to disrupt the service or probe other workspaces.

Strong platform controls help, but schools still need clear internal discipline around account use, staff access, and school record handling.

A school can reduce avoidable risk by keeping its user list current, reviewing permissions regularly, and making sure staff understand how to handle school information properly.

• Use strong passwords and avoid sharing credentials casually.
• Remove access when staff leave or change responsibilities.
• Review who can see academic, finance, and administrator records.
• Report suspicious activity quickly instead of waiting for it to become a larger issue.

If you are a school owner, administrator, staff member, or platform user with a security-related question, concern, or report, contact EdixPark and we will guide you to the right next step.

Questions about internal user behavior or school-specific access decisions may still need to be handled by the school first, while EdixPark supports platform-level security questions and service follow-up.

• Contact the school first for internal user or permission decisions managed directly by the school.
• Contact EdixPark for platform security questions, suspicious activity concerns, or service protection follow-up.