Trust & Privacy
This page is maintained by the Certificate Management Cell team to answer common security and privacy questions about how the application handles staff and student information. It describes current app-visible practices and is editable project content — it is not an independent certification or audit.
Access & Authentication
The application requires sign-in for all administrative and staff workflows. New staff accounts start in a pending state and must be approved by an administrator before they can access student data.
Roles are stored separately from user profiles and checked on the server for every protected action. Sign-in supports email and password.
Data Protection
Student records and uploaded documents are kept in a private backend and are not publicly listable. Document files live in a private storage bucket and are served through time-limited links to authorized staff.
Database access is restricted by row-level security policies so that only authenticated, approved staff and administrators can read student information.
Data We Process
The application processes the student details that the institution enters for admission and certificate workflows (such as name, contact, course, fee records, and submitted documents) and the contact details of staff accounts that use the system.
Data is used solely to operate the Certificate Management workflow for the institution. Specific retention windows and deletion procedures are set by the institution's records policy — contact the administrator for details.
Hosting & Subprocessors
The application is hosted on the Lovable platform with a managed Supabase backend (authentication, database, and file storage). These platform providers operate the underlying infrastructure; the institution remains the data controller for student records.
Describing these platform capabilities is not a Lovable-issued certification.
Shared Responsibility
The Lovable and Supabase platforms provide the underlying hosting, authentication, and storage controls. The Certificate Management Cell team is responsible for who is approved as staff, how data is entered, and how records are shared or exported. Staff users are responsible for keeping their sign-in credentials confidential.
Contact
For privacy questions, data requests, or to report a suspected security issue with the application, contact the Certificate Management Cell administrator at your institution. The administrator can update this page with the preferred contact address.
This content is maintained by the application owner and may be edited at any time. It does not represent an independent audit, certification, or guarantee.