LoginSign Up

Security

How CoursePilot protects accounts, sessions, and platform integrity.

Report a security issue

If you find a vulnerability, report it through /contact with “Security Report” in the subject.

Authentication security

  • HttpOnly cookie-based authentication (tokens are not stored in localStorage).
  • CSRF protection for unsafe requests.
  • Refresh-on-401 flow to reduce session disruption while maintaining safety.

Platform protections

  • Role-based access control (Guest/Student/Tutor/Moderator/Admin).
  • Publishing workflow enforced by staff for course content quality control.
  • Audit-friendly server logs for incident investigation (where applicable).

Account safety tips

  • Use a strong password and avoid reusing passwords across sites.
  • Log out on shared devices.
  • Report suspicious activity immediately.

Data handling

CoursePilot uses secure hosting and trusted service providers for storage and media. For privacy details, see the Privacy Policy.