Security & Privacy

Your data security is our top priority at SmartGradeAI POLIMAS

256-bit Encryption
PDPA Compliant
ISO 27001 Standards

Security Overview

SmartGradeAI implements enterprise-grade security measures to protect all user data and ensure the integrity of the educational assessment process at POLIMAS.

Last Security Audit: December 2024 - All Systems Secure Active Protection

Data Protection Measures

End-to-End Encryption

All data transmitted between your device and our servers is encrypted using industry-standard TLS 1.3 protocol with 256-bit AES encryption.

TLS 1.3 AES-256 RSA-2048

Secure Authentication

Multi-layer authentication system with password hashing using bcrypt algorithm, session management, and optional two-factor authentication (2FA).

Data Backup & Recovery

Automated daily backups with redundant storage across multiple secure locations. Recovery Time Objective (RTO) of less than 4 hours.

Access Control

Role-based access control (RBAC) ensuring users only access data relevant to their role. All access attempts are logged and monitored.

Privacy Policy

Information We Collect

Data Type Purpose Retention Period
Personal Information
Name, Email, Student/Staff ID		 Account creation and identification Duration of enrollment/employment + 1 year
Academic Data
Quiz responses, Grades, Submissions		 Educational assessment and grading Academic year + 5 years (archive)
Usage Data
Login times, IP addresses, Device info		 Security monitoring and system optimization 90 days
Communication
Support tickets, Feedback		 User support and system improvement 2 years

Your Rights

  • Right to access your data
  • Right to correct inaccurate data
  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to erasure (where applicable)

Compliance & Certifications

PDPA Malaysia

Fully compliant with Personal Data Protection Act 2010

ISO 27001

Information Security Management Standards

MQA Standards

Malaysian Qualifications Agency compliance

GDPR Ready

Aligned with international privacy standards

Technical Security Features

Application Security
  • SQL Injection Prevention
  • Cross-Site Scripting (XSS) Protection
  • CSRF Token Validation
  • Input Sanitization & Validation
  • Secure Session Management
Infrastructure Security
  • Firewall Protection (WAF)
  • DDoS Mitigation
  • Regular Security Patches
  • 24/7 Security Monitoring
  • Intrusion Detection System (IDS)

Security Incident Response

1. Detection

Automated monitoring systems detect potential security incidents within minutes

2. Assessment

Security team evaluates the severity and scope of the incident

3. Containment

Immediate action to prevent further damage or data exposure

4. Resolution

Fix vulnerabilities and restore normal operations

5. Notification

Affected users notified within 72 hours as per PDPA requirements

Security Best Practices for Users

Strong Passwords
  • Minimum 12 characters
  • Mix of letters, numbers, symbols
  • Unique for SmartGradeAI
  • Change every 90 days
Account Security
  • Never share login credentials
  • Enable 2FA when available
  • Log out when finished
  • Report suspicious activity
Safe Browsing
  • Use secure networks
  • Avoid public WiFi
  • Check for HTTPS
  • Keep browser updated

Report Security Concerns

Email Security Team

security@polimas.edu.my

Response within 24 hours
Emergency Hotline

04-979 8000 ext 1234

24/7 for critical issues
Bug Bounty Program

Report vulnerabilities

Rewards up to RM1000

Policy Updates

Last Updated: January 15, 2025

This security and privacy policy is reviewed quarterly and updated as needed to reflect changes in technology, regulations, and best practices. Users will be notified of any significant changes via email and system notifications.

Note: By using SmartGradeAI, you agree to this Security & Privacy Policy. If you have any questions or concerns, please contact our security team.