Cortex IOS Information Security Policy

Document ID:CTS-SEC-001
Version:1.0
Effective Date:29 June 2026
Last Updated:29 June 2026
Owner:Aionpixel Technologies Private Limited
Contents

At Cortex IOS, safeguarding educational information is one of our highest priorities.

Schools trust Cortex IOS with information relating to students, parents, teachers, school administrators, finance personnel, and institutional operations. We recognise the importance of this responsibility and are committed to implementing appropriate administrative, technical, and organisational safeguards to protect the confidentiality, integrity, and availability of the information processed through our platform.

Information security is incorporated into the design, development, deployment, and ongoing operation of Cortex IOS.

1. About Cortex IOS

Cortex IOS is a cloud-based School Operating System designed for K–12 educational institutions.

The platform integrates multiple operational functions, including:

Student Information Management

Admissions

Attendance

Academics

Learning Management

Fee Management

Accounting

Human Resource Management

Parent Communication

Reporting and Analytics

Mobile Applications

APIs and Integrations

Because these services support critical educational operations, security and privacy are embedded throughout the platform lifecycle.

2. Security Principles

Our information security programme is guided by the following principles.

Security by Design

Security is considered during solution architecture, software development, testing, deployment, and ongoing maintenance.

Privacy by Design

Privacy considerations are integrated into product design to support responsible handling of personal information throughout the platform lifecycle.

Least Privilege

Users receive only the level of access necessary to perform their authorised responsibilities.

Defence in Depth

Multiple layers of preventive, detective, and corrective controls are implemented to help reduce security risk.

Continuous Improvement

Our security practices evolve in response to emerging threats, technological developments, customer feedback, and regulatory expectations.

3. Protecting Educational Information

Cortex IOS is designed to support the secure processing of information relating to:

Students

Parents and Guardians

Teachers

School Staff

School Management

Financial Operations

Academic Records

Learning Activities

Depending on the services used by a School, this may include personal information, educational records, operational records, and technical information.

4. Access Control

Access to Cortex IOS is managed through role-based permissions.

Platform capabilities are made available according to the user's authorised role, responsibilities, and the configuration established by the subscribing School.

Examples of authorised roles include:

Parent

Student

Teacher

Accountant

School Administrator

Principal

Management

Support Personnel (where authorised)

Administrative access is restricted, monitored, and controlled.

5. Authentication and Account Security

To help protect user accounts, Cortex IOS supports security measures such as:

Individual user accounts.

Secure authentication.

Password protection.

Configurable password policies.

Session management.

Automatic session timeouts after periods of inactivity.

Multi-factor authentication where enabled or supported.

Users also share responsibility for protecting their credentials and authorised devices.

6. Encryption

Cortex IOS is designed to protect information using appropriate encryption technologies.

Security measures may include:

Encryption of information transmitted between users and the platform using secure communication protocols.

Encryption of information stored within supported infrastructure where appropriate.

Secure storage of authentication credentials using industry-recognised hashing techniques.

Controlled cryptographic key management practices.

7. Secure Software Development

Security is incorporated throughout the software development lifecycle.

Our development practices include measures such as:

Secure solution design.

Code reviews.

Input validation.

Authentication and authorisation controls.

Secure API development.

Dependency management.

Controlled release processes.

Ongoing maintenance and improvements.

8. Monitoring and Auditability

Cortex IOS supports monitoring and audit capabilities that assist Schools in maintaining accountability and investigating operational or security events.

Depending on the services enabled, the platform may record events such as:

User authentication.

Administrative activities.

Significant configuration changes.

Security-related events.

Access to sensitive information.

System-generated operational events.

Audit information supports operational oversight, troubleshooting, and security investigations.

9. Backup and Business Continuity

We implement backup and recovery processes designed to support operational resilience.

Our operational practices may include:

Scheduled backups.

Secure backup storage.

Recovery procedures.

Periodic review of backup processes.

Business continuity planning is reviewed as the platform evolves to support reliable service delivery.

10. Incident Response

Aionpixel maintains processes for identifying, assessing, investigating, and responding to information security incidents.

Our response approach includes:

Detection.

Assessment.

Containment.

Investigation.

Recovery.

Corrective actions.

Post-incident review.

Where a confirmed security incident affects customer information, we will work with the affected School in accordance with applicable contractual obligations and legal requirements.

11. Shared Responsibility

Security is a shared responsibility between Aionpixel, the subscribing School, and authorised users.

Aionpixel

Responsible for:

Platform development.

Infrastructure management.

Security monitoring.

Product maintenance.

Technical safeguards.

School

Responsible for:

User account management.

Role assignment.

Local device security.

Staff awareness.

Compliance with applicable educational requirements.

Users

Responsible for:

Protecting passwords.

Maintaining accurate information.

Using authorised devices.

Reporting suspected security concerns.

Following School policies.

12. Third-Party Services

Cortex IOS may integrate with carefully selected third-party service providers, including:

Payment gateways.

Cloud infrastructure providers.

Messaging services.

Authentication providers.

Communication platforms.

Service providers are selected based on operational requirements and are expected to maintain appropriate security standards relevant to the services they provide.

13. Continuous Improvement

Information security is an ongoing process.

Aionpixel regularly reviews and enhances the security of Cortex IOS to:

improve platform resilience;

address emerging cyber threats;

enhance customer confidence;

support regulatory expectations;

strengthen operational practices.

14. Contact Us

If you have questions regarding the security of Cortex IOS or wish to report a security concern, please contact:

Security Team

Aionpixel Technologies Private Limited

Email: security@aionpixel.com

For privacy-related enquiries:

privacy@aionpixel.com

For product support:

support@aionpixel.com

Related Documents

This Information Security Statement should be read together with:

Cortex IOS Product Privacy Policy

Parent & Guardian Privacy Notice

Student Privacy Notice

School Staff Privacy Policy

Platform Terms of Service

Cookie Policy

Version History

Version Date Description
1.0 29th June 2026 Initial Release