Your password is never stored in plain text. We use a strong, modern hashing algorithm so that even if our database were ever compromised, your actual password would remain unreadable.

We also enforce a strict password policy: minimum 8 characters with a mix of uppercase, lowercase, numbers, and symbols. We also check that it isn't too similar to your email address.

Every connection to Schedule Hub is encrypted. We enforce HTTPS across the entire platform, and strict transport headers ensure your browser always connects securely, no exceptions.

Login sessions are short-lived and automatically renewed in the background, reducing the window of exposure. Cookies are secured with modern protections so they can't be stolen or misused.

If someone tries to guess your password, rate limiting kicks in and blocks repeated attempts. We also use verification challenges to stop automated bots.

We use role-based permissions throughout the platform. Students, teachers, and admins each see only what they need. Sensitive API responses are never cached, and we apply strict content security policies to prevent cross-site attacks.

Your data is regularly backed up in encrypted form. Development and production environments are fully separated, and secrets are managed through secure environment variables, never hard-coded.

We run automated dependency scanning to catch vulnerabilities early and use error monitoring to detect issues in real time.

If you believe you've found a vulnerability, please reach out privately. We'll investigate and keep you updated.