How does Studoos work?

Upload your documents online, choose a pickup time, and collect your prints from campus vendors without waiting in queues.

Are there student discounts?

Yes, we offer exclusive student discounts and special deals for campus printing services.

Absolutely. We use top-grade security measures to protect your documents and payment information.

SECURITY POLICY

INTRODUCTION

Last updated July 11, 2025

At Onebook Technologies, doing business as Studoos ("Company," "we," "us," "our"), we are committed to protecting the security and privacy of our users' data. This Security Policy outlines the comprehensive security measures we implement to safeguard your information across our platform, including our website at http://www.studoos.com ("Site") and our mobile application Studoos ("App").

We are a student-first platform that streamlines campus printing by connecting students with trusted print vendors near their college. Through the Studoos app and website, students can upload documents, customize print settings, pay online, and place orders with verified vendors for fast, queue-free pickup or delivery.

You can contact us by phone at 6381594869, email at support@studoos.com, or by mail to 03/01-87, Nangavalli Main Road, Tharamangalam, Salem, Tamilnadu 636502, India.

DATA ENCRYPTION

Database Encryption (AES)

We use Advanced Encryption Standard (AES) encryption to protect sensitive data stored in our databases. AES is a symmetric encryption algorithm that provides strong security for data at rest. All sensitive information, including personal data, payment information, and uploaded documents, is encrypted using AES-256 encryption before being stored in our secure databases.

Our AES implementation includes:

AES-256 encryption for maximum security
Secure key management and rotation
Encrypted backups and disaster recovery
Field-level encryption for sensitive data
Transparent data encryption (TDE) for database files

Client-Side Encryption (RSA)

For data transmitted between your device and our servers, we implement RSA (Rivest-Shamir-Adleman) encryption. RSA is an asymmetric encryption algorithm that uses public and private key pairs to secure data transmission. This ensures that sensitive information, such as login credentials, payment details, and uploaded documents, is protected during transmission.

Our RSA implementation includes:

RSA-2048 encryption for secure transmission
Public key infrastructure (PKI) management
Certificate-based authentication
Secure key exchange protocols
End-to-end encryption for sensitive communications

NETWORK SECURITY

Transport Layer Security (TLS)

All communications between your device and our servers are protected using TLS 1.3 encryption. This ensures that data transmitted over the internet is secure and cannot be intercepted by unauthorized parties. Our TLS implementation includes:

TLS 1.3 protocol for maximum security
Strong cipher suites and key exchange
Certificate pinning for additional security
Perfect Forward Secrecy (PFS)
Regular security audits and updates

Secure Sockets Layer (SSL)

Our website and API endpoints are protected with SSL certificates to ensure secure connections. All data transmitted between your browser and our servers is encrypted, providing an additional layer of security for sensitive information.

ACCESS CONTROL

Authentication

We implement multi-factor authentication (MFA) for all user accounts to prevent unauthorized access. Our authentication system includes:

Strong password requirements
Two-factor authentication (2FA)
Session management and timeout
Account lockout after failed attempts

Authorization

We use role-based access control (RBAC) to ensure that users can only access the data and features they are authorized to use. This includes:

User role management
Permission-based access control
Principle of least privilege
Regular access reviews
Audit logging for all access attempts

DATA PROTECTION

Data Classification

We classify data based on sensitivity and implement appropriate security measures for each category:

Public Data: Information that can be freely shared
Internal Data: Business information with limited access
Confidential Data: Sensitive information requiring protection
Restricted Data: Highly sensitive data with strict controls

Data Retention

We implement strict data retention policies to ensure that personal information is not kept longer than necessary. This includes:

Automated data deletion schedules
Secure data disposal procedures
Regular data lifecycle reviews
Compliance with legal retention requirements

INFRASTRUCTURE SECURITY

Server Security

Our servers are protected with multiple layers of security:

Firewall protection and intrusion detection
Regular security patches and updates
Vulnerability scanning and penetration testing
Secure configuration management
24/7 security monitoring

Cloud Security

We use secure cloud infrastructure with enterprise-grade security features:

Multi-region data replication
Automated backup and disaster recovery
DDoS protection and mitigation
Load balancing and failover systems
Compliance with industry standards

INCIDENT RESPONSE

Security Monitoring

We maintain continuous security monitoring to detect and respond to potential threats:

Real-time threat detection
Automated alert systems
Security information and event management (SIEM)
Regular security assessments
Incident response team on standby

Breach Notification

In the event of a security breach, we have established procedures to:

Immediately assess and contain the breach
Notify affected users within 72 hours
Report to relevant authorities as required
Provide support and guidance to affected users
Conduct post-incident analysis and improvements

COMPLIANCE AND CERTIFICATIONS

Data Protection Regulations

We comply with applicable data protection regulations, including:

General Data Protection Regulation (GDPR)
Personal Data Protection Bill (India)
Payment Card Industry Data Security Standard (PCI DSS)
ISO 27001 Information Security Management
Industry-specific security requirements

Regular Audits

We conduct regular security audits and assessments to ensure compliance and identify areas for improvement:

Annual security assessments
Third-party penetration testing
Vulnerability assessments
Compliance audits
Security training and awareness programs

USER RESPONSIBILITIES

While we implement comprehensive security measures, users also have responsibilities to maintain security:

Use strong, unique passwords
Enable two-factor authentication
Keep devices and software updated
Be cautious of phishing attempts
Report suspicious activity immediately
Log out of accounts when not in use
Use secure networks when accessing the platform

SECURITY UPDATES

We regularly update our security measures to address emerging threats and vulnerabilities. This includes:

Regular security patches and updates
Implementation of new security technologies
Enhanced encryption protocols
Improved authentication methods
Updated security policies and procedures

CONTACT US

If you have any questions about our security measures or suspect a security issue, please contact us immediately at:

Onebook Technologies
03/01-87, Nangavalli Main Road, Tharamangalam
Salem, Tamilnadu 636502
India
Phone: 6381594869
Email: security@studoos.com

For general support inquiries, please contact us at support@studoos.com.

This Security Policy is reviewed and updated regularly to ensure it reflects our current security practices and complies with applicable regulations.