Security and privacy,
engineered into every layer.
Security, ownership and accountability are not promises bolted on at the end — they are design principles, present from the first line of code to the running deployment. And as institutions handle the personal data of children and families, our platforms are built to support your obligations under India’s Digital Personal Data Protection Act, 2023.
Defence in depth,
by design.
Every platform is protected across application, network and data layers — on the principle of least privilege, with everything logged and recoverable.
Three-layer security
Defence in depth across the application, network and data layers of every system.
Role-based access control
Controlled permissions on the principle of least privilege — users see only what they should.
IP-logged & encrypted
Every session is recorded and access is encrypted end to end, in transit and at rest.
Audit-friendly tracking
Secure activity trails provide full visibility and support review and accountability.
Backup discipline
Server-side protection with disciplined, scheduled and verified backups.
Secure deployment
Hardened, India-hosted cloud deployment with secure, monitored integrations.
Built to support your
data-protection duties.
India’s Digital Personal Data Protection Act, 2023 (DPDP Act) sets out how the personal data of individuals — here, students, parents and staff — must be handled. Because schools and institutions process the data of children, the Act’s protections matter deeply. Our platforms are engineered to help you meet these obligations, with the institution in control of its data at every step.
Clear roles under the Act
Your institution is the Data Fiduciary — you decide why and how personal data is processed. OnMouseClick acts as a Data Processor, handling that data only on your documented instructions, never for our own purposes.
Your institution
Data Fiduciary
OnMouseClick
Data Processor
Consent & clear notice
Tools to capture consent and present clear, plain-language notice about what data is collected and why — free, specific, informed and revocable.
Protection of children’s data
Designed to support verifiable parental consent and to avoid behavioural tracking or targeted advertising directed at children, as the Act requires.
Purpose limitation & minimisation
Personal data is processed only for the purposes you define, and the platform helps you collect only what is genuinely needed.
Data-principal rights
Supports access, correction and erasure of personal data, and a clear route for grievances — helping you honour individuals’ rights.
Reasonable security safeguards
Encryption, role-based access, IP logging and monitoring provide the technical safeguards expected of a responsible processor.
Breach readiness
Detection, logging and containment support timely notification to the Data Protection Board and affected individuals where required.
Retention & erasure
Data is retained only as long as the purpose requires; on completion or contract end, it can be erased — with no lock-in.
Data localisation
Personal data is hosted in India, supporting institutional and regulatory expectations on residency.
Note: OnMouseClick.com provides technology designed to help institutions meet their obligations under the DPDP Act, 2023. This page is provided for general information and is not legal advice; institutions should assess their own compliance with their advisors. Specific safeguards are implemented according to each engagement.
We build the technology.
You own the data.
Your institution’s data is its own — always your property, always under your control. OnMouseClick acts only as a secure technology partner. No lock-in, no uncertainty: just data that is protected, portable and accountable.
Institution-owned data
It belongs to you — full stop.
Client-end backups
Regular backups can be kept at your end.
Structured export
Take your data out in clean, usable formats.
Role-based access
Only authorised users ever reach data.
Audit-friendly
Secure trails track important activity.
Transparent handling
Ownership and access, always made clear.
Security and privacy you
can explain to any parent.
Talk to us about how our security architecture and DPDP-aligned design protect your community’s data.