Skip to main content
Bell Path
Start free setup
Bell Path

Security

Security

How Bell Path protects school timetable data and manages administrative access, hosting, recovery, and incidents.

Operator
Dimitrios James Gregory Hooke ABN 59 429 101 462 trading as Bell Path Timetabling
Effective date
6 May 2026
Contents01–09
  1. 01Security approach
  2. 02Access controls
  3. 03Data protection
  4. 04Hosting and subprocessors
  5. 05ST4S readiness
  6. 06School procurement checks
  7. 07Backups and recovery
  8. 08Security incidents
  9. 09Reporting security concerns

Security approach

Bell Path is built for school operational data. We use layered controls across authentication, school workspace isolation, role-based access, server-side validation, monitoring, and administrative access review.

Access controls

  • Users authenticate before accessing a school workspace.
  • School roles control what a user can view or edit.
  • Platform administrator access is limited to authorised Bell Path personnel.
  • Administrative access to sensitive operational areas is logged for later review.
  • Users should remove staff who no longer need access and report suspected account compromise promptly.

Data protection

  • Bell Path uses HTTPS in production through its hosting and deployment providers.
  • The application validates API requests server-side and checks school membership before accessing school records.
  • Passwords are not stored in plain text.
  • Payments are handled through Stripe-hosted checkout rather than Bell Path storing card numbers.
  • Error monitoring and logs are used to diagnose reliability and security issues.

Hosting and subprocessors

Bell Path uses cloud infrastructure and service providers to operate the product. Data may be processed outside Australia depending on the provider and active deployment region.

Schools can review and print the Bell Path risk assessment at /risk-assessment for the current data residency and residual-risk summary.

A fuller printable school approval pack is available at /school-approval-pack.

Bell Path does not represent that it has completed ST4S, ISO 27001, SOC 2, or any other external certification unless a current written statement from Bell Path says so.

  • Railway for application hosting, database, Redis, deployment, and infrastructure services
  • Stripe for payment processing, hosted checkout, invoices, and subscription records
  • Resend for transactional email delivery where configured
  • Sentry for application error monitoring where configured
  • Google for optional Google sign-in and related authentication services

ST4S readiness

Bell Path keeps school-facing review material for ST4S-style questions: data categories, subprocessors, access controls, public sharing limits, retention and deletion assistance, and data minimisation guidance.

This readiness material is provided to help a school complete its own review. It must not be read as an ST4S badge, ST4S assessment result, Department endorsement, or sector approval.

School procurement checks

Schools should complete their own procurement, privacy, security, and sector approval checks before entering live school data. Bell Path can provide written responses to reasonable security and data handling questions during procurement.

Bell Path is intended to sit beside Department-provided systems as a specialist timetabling and operational-planning tool. Schools should confirm whether their sector provides an equivalent service before purchasing.

Backups and recovery

Backup and recovery settings are managed through the active infrastructure configuration. Bell Path does not use public website wording to promise a fixed backup retention period unless that posture has been verified in production.

Schools should keep their own copies of important exports and published timetable records according to their internal recordkeeping policies.

During timetable, staffing, or daily-cover crunch periods, schools should export the current published timetable and any critical cover outputs before relying on them offline.

Security incidents

If Bell Path becomes aware of a security incident affecting school data, we will investigate, take reasonable containment steps, and notify affected schools or regulators where required by law or contract.

Reporting security concerns

Report suspected security issues, unauthorised access, exposed credentials, or data handling concerns to hello@bellpath.com.au with enough detail for us to investigate.

Security | Bell Path