Role-separated portals
Administrators and students use purpose-built, separately authenticated surfaces. A student session can never reach an administrative route.
Security & data residency
Allocation decides who gets what. That makes it a system your committee will question, your IT team will audit, and your students will appeal. Here is exactly how Allotix is controlled — including what we do not claim.
Administrators and students use purpose-built, separately authenticated surfaces. A student session can never reach an administrative route.
Allocation, result publication and reporting are gated at the API layer, not just hidden in the interface. An action that is invalid for the current phase is refused by the backend.
Every record lives under its allocation event. Backend event membership is the authoritative access check for a student's data — not anything the browser asserts.
Firestore security rules deny client access outright. All institutional data flows through the backend using the Admin SDK, so there is no client-side path to the database.
Admin routes are protected by JWT. Student routes verify Firebase ID tokens. Internal task endpoints are protected by Cloud Tasks OIDC, so background work cannot be triggered externally.
Institutional and student records are stored and processed in Indian data centres — they do not leave the country.
Allotix checks your institutional email domain when students sign in. That check is there to guide people to the right login and to catch typos — it is a usability feature, and we do not present it as a security boundary. The boundary that actually holds is backend-verified event membership combined with a verified Firebase identity token. We would rather tell you that up front than have your IT team discover it during review.
Procurement
In India. Student and institutional records are stored and processed in Indian data centres and do not leave the country. Allotix runs on Firestore for data, Firebase Authentication for student identity, and Cloud Run for the backend.
Every record is scoped to an allocation event, and the backend checks event membership on each request as the authoritative access control. Firestore rules deny direct client access entirely, so the browser cannot query institutional data even if it tried — the backend is the only path in.
No, and we do not claim it does. The institutional email domain check exists to guide students to the right login and to catch typos. It is a usability feature. The real access boundary is backend-verified event membership combined with Firebase-verified identity tokens, which is what actually determines whether a request can read or write data.
No. Events move through explicit lifecycle phases, and the API refuses actions that are invalid for the current phase. Allocation can only run in the allocation phase, and results cannot be published until allocation has completed. These guards live in the backend, so they hold regardless of what the interface allows.
Yes. Every allocation run records the order students were processed in, the preferences they submitted, and the seat state at the moment each student was allotted. This is what allows an academic office to answer an appeal with evidence rather than an assertion.
We'll walk your IT and academic teams through the architecture, the data flows, and the deployment model on a call.