Security & Trust

Security

Knwdle takes platform security seriously and works to protect school, staff, student, parent, and organisational data through reasonable technical and operational safeguards.

AWS infrastructureRole-based accessEncrypted in transitResponsible disclosure
Read policyContact us
At a glance
Quick summary of this page
Last updated
March 7, 2026
Security email
security@knwdle.com
Acknowledgement
Within 24 business hours
Infrastructure
AWS (S3 + RDS)
Summary

To report a vulnerability, email security@knwdle.com with a clear description, reproduction steps, and your contact info. Please do not publicly disclose before we have a chance to respond.

Last updated: March 7, 2026

Knwdle takes platform security seriously and works to protect school, staff, student, parent, and organisational data through reasonable technical and operational safeguards.

1. Security Approach

Our current security approach includes measures such as:

  • authenticated access and session controls;
  • role-based permissions and access restriction;
  • HTTPS / encrypted connections in transit where supported;
  • AWS-hosted infrastructure;
  • file storage using S3 and database infrastructure using RDS;
  • restricted access to production systems;
  • logging, auditability, and operational review.

2. Reporting Security Issues

If you believe you have found a security vulnerability in Knwdle, please report it to:

Security Email: security@knwdle.com

3. What to Include in a Report

  • a clear description of the issue;
  • steps to reproduce;
  • affected page, workflow, or endpoint;
  • screenshots, logs, or proof-of-concept details where appropriate;
  • your contact information so we can follow up.

4. Responsible Disclosure Rules

We welcome good-faith security research. However, you must not:

  • access, modify, exfiltrate, or delete data that is not your own;
  • perform destructive testing;
  • use social engineering, phishing, or physical intrusion;
  • attempt denial-of-service or service disruption;
  • publicly disclose the issue before giving us a reasonable chance to respond;
  • exploit a vulnerability beyond what is reasonably necessary to demonstrate it.

5. Response Process

We aim to acknowledge vulnerability reports within 24 business hours and will review valid reports as quickly as reasonably possible.

6. No Bounty Promise

Unless explicitly stated otherwise by Knwdle, security reports do not create an obligation to pay a bounty or reward.