Skip to main content
Bell Path
Bell Path

Security

Security

How Bell Path protects school timetable data and manages administrative access, hosting, recovery, and incidents.

Operator
Dimitrios James Gregory Hooke ABN 59 429 101 462 trading as Bell Path Timetabling
Effective date
25 April 2026
Contents01–07
  1. 01Security approach
  2. 02Access controls
  3. 03Data protection
  4. 04Hosting and subprocessors
  5. 05Backups and recovery
  6. 06Security incidents
  7. 07Reporting security concerns

Security approach

Bell Path is built for school operational data. We use layered controls across authentication, school workspace isolation, role-based access, server-side validation, monitoring, and administrative access review.

Access controls

  • Users authenticate before accessing a school workspace.
  • School roles control what a user can view or edit.
  • Platform administrator access is limited to authorised Bell Path personnel.
  • Administrative access to sensitive operational areas is logged for later review.
  • Users should remove staff who no longer need access and report suspected account compromise promptly.

Data protection

  • Bell Path uses HTTPS in production through its hosting and deployment providers.
  • The application validates API requests server-side and checks school membership before accessing school records.
  • Passwords are not stored in plain text.
  • Payments are handled through Stripe-hosted checkout rather than Bell Path storing card numbers.
  • Error monitoring and logs are used to diagnose reliability and security issues.

Hosting and subprocessors

Bell Path uses cloud infrastructure and service providers to operate the product. Data may be processed outside Australia depending on the provider and active deployment region.

  • Railway for application hosting, database, Redis, deployment, and infrastructure services
  • Stripe for payment processing, hosted checkout, invoices, and subscription records
  • Resend for transactional email delivery where configured
  • Sentry for application error monitoring where configured
  • Google for optional Google sign-in and related authentication services

Backups and recovery

Backup and recovery settings are managed through the active infrastructure configuration. Bell Path does not use public website wording to promise a fixed backup retention period unless that posture has been verified in production.

Schools should keep their own copies of important exports and published timetable records according to their internal recordkeeping policies.

Security incidents

If Bell Path becomes aware of a security incident affecting school data, we will investigate, take reasonable containment steps, and notify affected schools or regulators where required by law or contract.

Reporting security concerns

Report suspected security issues, unauthorised access, exposed credentials, or data handling concerns to hello@bellpath.com.au with enough detail for us to investigate.

Security | Bell Path