ASAMAN
Contact Us

Terms & Conditions

Clear guidelines that define how Asaman works and protects its users.

Data Protection And Security Overview

Effective Date: Oct 28th, 2025

Our Data Protection and Security Overview provides comprehensive information about the technical and organizational measures we implement to protect user data, including encryption, access controls, and incident response procedures.

  • Purpose

    • This document provides schools, administrators, and partners with a summary of how Asaman Technologies Ltd. protects, manages, and processes information on its platform. Asaman's mission is to enable educational institutions to operate confidently in a secure, privacy-first digital environment.

  • Our Commitment

    • Security and privacy are at the core of Asaman's design. We apply international standards, robust encryption, and transparent data-handling practices to ensure every School retains full control and ownership of its data. Asaman acts as a Data Processor, while each subscribing School is the Data Controller. Information is processed solely on behalf of the School and in accordance with the laws of its jurisdiction.

  • Governance And Compliance Framework

    • Asaman's governance model aligns with major global privacy and security frameworks. Data-protection policies, risk assessments, and staff security training are reviewed annually.

    • ISO/IEC 27001-2022: Information Security Management
    • SOC II: Service Organization Controls for SaaS operations
    • GDPR (EU) / UK-GDPR: General Data Protection Regulation
    • PIPL (China): Personal Information Protection Law
    • FERPA / COPPA (USA): Student data privacy and child protection
    • Singapore PDPA: Personal Data Protection Act
  • Infrastructure And Data Hosting
    • Global ArchitectureAsaman's multi-region, redundant cloud infrastructure operates on trusted global providers:
      • Asia-Pacific: AWS Singapore, Azure Hong Kong
      • Europe: AWS Frankfurt, Azure Netherlands
      • North America: AWS Virginia
      • Mainland China: Alibaba Cloud (Aliyun) - ICP-compliant regional environment
    • Data Residency
      • Data remains within the region selected by the school.
      • No cross-border transfer occurs without the school's written authorization.

  • Data Security

    LayerCore Protections
    Network & PerimeterFirewalls, intrusion detection & prevention, DDoS protection, and continuous monitoring.
    ApplicationSecure development lifecycle (OWASP-based), code reviews, and automated vulnerability scanning.
    EncryptionTLS 1.3 for data in transit, AES-256 for data at rest, and key management via cloud KMS.
    Access ManagementRole-based permissions, least-privilege model, and multi-factor authentication for administrators.
    Operational Security24/7 monitoring, incident-response plan, change-management, and patching policies.
    Physical SecurityData centers certified to ISO 27001 and SOC II, with biometric and CCTV controlled access.
  • Data Backup And Continuity
    • Full encrypted backups are performed daily; incremental backups are performed hourly.
    • Backups are stored in the same geographic region as the primary data.
    • Retention follows a rolling 30-day cycle.
    • Disaster Recovery objectives: Recovery Time Objective (RTO) ≤ 12 hours; Recovery Point Objective (RPO) ≤ 4 hours.
    • Regular restoration tests are conducted to confirm data integrity.
  • Access, Auditing, And Monitoring
    • All administrative access is logged and reviewed.
    • Audit trails record user and system activity for accountability.
    • Annual internal audits evaluate compliance with security and privacy policies.
    • Penetration testing is conducted by independent assessors at least once per year.
  • Incident Response And Breach Management
    • Immediate containment and internal escalation within one hour of detection.
    • Assessment and notification to affected Schools within 48 hours once confirmed.
    • Remediation and documentation of corrective measures.
    • Post-incident review to prevent recurrence.
  • Sub-Processors And Third Parties

    • Asaman engages only vetted sub-processors for hosting, messaging, or analytics functions. Each provider:

    • Schools retain ownership of all student, parent, and staff data
    • Asaman never sells or transfers data for advertising
    • Schools may export or delete their data at any time
    • Data Subject rights (access, correction, deletion, portability) are handled through the School, with Asaman’s assistance as Processor
  • Staff Awareness And Confidentiality

    • Every employee and contractor:

    • Signs confidentiality and data-protection agreements
    • Receives onboarding and annual privacy/security training
    • Is bound by disciplinary policy for non-compliance
  • Compliance Documentation

    • Upon request, Asaman provides to contracted Schools:

    • ISO 27001 readiness summary and audit evidence
    • Data-Processing Agreement (DPA)
    • Security and Privacy Policy documents
    • Results of external penetration tests (executive summary)
  • Contact And Jurisdiction
    • Security & Privacy Office: Asaman Technologies Ltd.
    • Email: support@asaman.net
    • Website: www.asaman.net
    • Governing Law: Singapore
  • Commitment Statement

    • Asaman Technologies Ltd. guarantees that every byte of school, teacher, parent, and student data is protected by design and by default. Our systems are designed to meet international standards for privacy, transparency, and operational excellence, enabling schools to focus on learning, not risk.