TeachPilot TeachPilot
Features Blog Security About
  • Features
  • Blog
  • Security
  • About

Security

Effective 1 May 2026 · Veridian AI India Private Limited

Terms Privacy Cookies Security

On this page

  1. Commitment
  2. Architecture
  3. Authentication
  4. Access control
  5. Data protection
  6. Application security
  7. Operations & monitoring
  8. AI features
  9. Shared responsibility
  10. Report an issue
  11. Contact

Schools trust TeachPilot with staff and student information. This page describes security measures implemented in the product and infrastructure as of the effective date—not marketing aspirational claims. It complements our Privacy Policy and Terms of Service.

1. Our commitment

Veridian AI India Private Limited designs TeachPilot for educational institutions that need practical, modern safeguards: strong authentication options, organization-scoped access, encrypted transport, hardened session handling, and careful handling of operational telemetry. We continuously improve controls as the product evolves.

  • Multi-tenant schools — organization isolation, roles, permissions, and audit-oriented records
  • Modern authentication — passwords with policy controls, passkeys, social sign-in where enabled, optional bot checks, and two-factor authentication
  • Hardened cloud delivery — production systems run on professionally managed infrastructure with encrypted transport and access-controlled storage
  • Privacy-aware operations — operational monitoring is configured to avoid capturing secrets; product analytics can mask sensitive input where session insights are used

2. Platform overview

  • Application — the learning platform at https://lms.teachpilot.in
  • APIs and services — authenticated backends that power courses, accounts, notifications, and related features
  • Content and media — secure storage for course files, images, and video used in teaching
  • Realtime classroom tools — live activities such as quizzes, discussions, and collaborative boards
  • Optional AI assistance — curriculum-support features available to authorized educators

We intentionally do not publish a full technical inventory of vendors, databases, or hosting components. Procurement teams may request additional detail under NDA. Service status is published at https://status.teachpilot.in.

3. Authentication and sessions

  • Password authentication with organization-configurable length and complexity rules, and optional checks that help block known compromised passwords without sending full passwords to third parties
  • Passkeys with user verification where supported by the user’s device
  • Social / institutional sign-in (for example Google or Microsoft) when an organization enables those methods
  • Two-factor authentication, including organization policies that can require it for privileged roles (such as admins, heads of department, and teachers)
  • Secure session cookies that are not readable by page scripts, with production secure transport settings and server-side session validation
  • Cross-site request protections for signed-in actions
  • Rate limiting on login, recovery, and second-factor flows
  • Optional bot protection on sensitive authentication steps
  • Session management — users can sign out and, where available, review or revoke other active sessions

4. Authorization and tenancy

  • Multi-tenant design with organization identifiers on educational and collaboration data
  • Organization membership roles and custom roles with permission grants
  • Course-level roles (for example teacher, student, TA, designer, observer)
  • Administrative audit events capturing security-relevant actions with actor and context metadata
  • Automated tests for data isolation between organizations in the codebase

5. Data protection in transit and at rest

  • Encryption in transit for connections to TeachPilot sites and APIs (HTTPS / TLS)
  • Encryption at rest for primary application data and stored course files, using industry-standard protections provided by our infrastructure platform
  • Password hashing — passwords are never stored in plaintext
  • Controlled media access for private video and course assets (authorized, time-bound access rather than open public links where configured)
  • Authorized uploads for large course materials using short-lived upload permissions
  • Internal service authentication so browser credentials are not reused for backend-to-backend jobs

Customer-managed encryption keys and on-premises deployment are not part of the standard hosted offering described here.

6. Application security practices

  • Security-focused HTTP response headers (for example content-type sniffing protection, framing controls, and restricted browser permissions)
  • Restricted cross-origin access for credentialed API calls
  • Invitation and authentication secrets handled as digests or short-lived tokens rather than long-lived cleartext where applicable
  • Separation of public marketing surfaces from authenticated product systems to reduce blast radius

7. Operations and monitoring

  • Error monitoring configured to avoid collecting request bodies, cookies, and other secret-bearing fields
  • Product analytics in the learning app, with safeguards such as input masking for session insights where enabled
  • Specialized service providers for infrastructure, email, media, analytics, and similar functions — engaged under appropriate contracts (see Privacy Policy for categories)

We do not publish a public bill of materials for hosting, databases, or third-party tools. We also do not claim third-party audit certifications on this page unless and until they are formally obtained and published. If your institution requires a security questionnaire, data processing agreement, or confidential subprocessors list for procurement, contact sales@teachpilot.in or legal@teachpilot.in.

8. Security considerations for AI features

AI-assisted curriculum tools process only the content required for a requested job (for example document text or course objectives) through our controlled AI pipeline and supporting providers. Treat AI features as processing channels: avoid pasting secrets or unnecessary sensitive personal data into source documents. Educators should review generated material before classroom use.

9. Shared responsibility

Institutions and users share responsibility for overall security:

  • Assign admin roles carefully and review memberships regularly
  • Enable strong auth options and require 2FA for privileged roles
  • Use institution email domains and invitation workflows thoughtfully
  • Configure organization policies (password rules, session lifetime, allowed auth methods) to match your risk profile
  • Educate staff and students about phishing and account hygiene
  • Manage device access, especially on shared lab computers (sign out after use)

10. Reporting a security issue

If you believe you have found a vulnerability in TeachPilot, please email legal@teachpilot.in with a responsible disclosure report (include steps to reproduce, impact, and contact details). Please do not access data that is not yours or disrupt other customers’ service while testing.

For privacy incidents or data subject requests, use privacy@teachpilot.in.

11. Contact

Veridian AI India Private Limited
Vijayawada, Andhra Pradesh, India
Security / legal: legal@teachpilot.in
Privacy: privacy@teachpilot.in
Sales / procurement: sales@teachpilot.in

Effective 1 May 2026. This overview may be updated as controls change; the effective date will be revised when material updates are published.

Last updated 1 May 2026.

TeachPilot TeachPilot

Product

Lesson Planning Student Tracking Analytics Resource Library Request a demo

Resources

Documentation Blog Changelog Support

Legal

Terms Privacy Cookies Security

Company

About Contact

Connect

X LinkedIn GitHub
© 2026 Veridian AI India Private Limited