Contact

Email security@schoolconsole.net. We monitor this mailbox during business hours (IST). Auto-acknowledge within 24 hours; first substantive response within 5 business days.

Scope

• In scope: www.schoolconsole.net, our customer-facing portal, the mobile applications, and the public APIs.
• Out of scope: staff personal sites, social-media accounts, third-party services we integrate with (please report those to their vendors).

Safe harbour

We will not pursue legal action against researchers who:

• Make a good-faith effort to avoid privacy violations, destruction of data, and interruption of our service.
• Only interact with accounts you own or with explicit permission of the account holder.
• Don't exploit a finding beyond what's necessary to demonstrate it.
• Give us a reasonable window — typically 90 days — to remediate before public disclosure.

What we ask in your report

• A clear, reproducible description of the issue.
• Proof-of-concept (screenshots, video, or short script).
• Your assessment of impact.
• How we should credit you, if at all.

What you can expect from us

• An acknowledgement within 24 hours.
• A substantive update within 5 business days.
• A fix or mitigation plan, with timeline.
• Credit (if you want it) on our acknowledgements page when the fix ships.