Document Security

Your documents are locked by design.

Passport copies, transcripts, and IPA documents are among the most sensitive files you will ever share. Here is exactly how PathPort protects them.

Security controls

Private encrypted storage

All documents are stored in private buckets — not publicly accessible URLs. Retrieval requires a time-limited signed link generated server-side. A direct URL to your passport copy cannot be guessed or scraped by anyone outside the system.

Encryption at rest and in transit

Documents are encrypted at rest using AES-256 on Supabase infrastructure hosted in Singapore (AWS ap-southeast-1). All data in transit is encrypted via TLS 1.2+. Unencrypted document transfers do not occur at any stage.

Role-based access control

Only your enrolled college and PathPort administrators with a logged, verifiable reason can retrieve your documents. Student-facing download links are generated per-request and expire after 60 minutes. Colleges cannot access documents for applications they did not originate.

Row-level security (RLS)

PathPort's database enforces row-level security at the database layer — not just the application layer. This means even if an application bug occurred, database queries from one college or student cannot return rows belonging to another.

Document storage reference

DocumentStoredWho can accessRetention
Passport copyYes — private bucket, per-student prefixYour enrolled college + PathPort admin7 years (statutory requirement)
Academic transcripts & mark sheetsYes — private bucketYour enrolled college + PathPort admin7 years
Offer letter (from college)Yes — scoped to college + applicationStudent + enrolled college + PathPort admin7 years
IPA / Student Pass documentYes — scoped to college + applicationStudent + enrolled college + PathPort admin7 years
Payment proof / receiptYes — private bucketStudent + enrolled college + PathPort admin7 years
Bank statement / financial proofYes — private bucketEnrolled college + PathPort admin only7 years

To report a security concern

Email pathportsg@gmail.com with the subject line "Security concern". Include as much detail as possible. PathPort acknowledges all security reports within 24 hours.

PathPort Advisor
Talk to us on WhatsApp