Security
Schools trust us with sensitive student, parent, and staff information every day. That trust is something we earn through engineering, not promises.
All data is encrypted at rest using AES-256 and in transit with TLS 1.2+. Database backups, file uploads, and API traffic are all covered.
Every user role -- admin, teacher, accountant, parent -- sees only what they need. Permissions are granular and auditable at every level.
All admin and staff accounts support 2FA via authenticator apps. Schools can enforce 2FA as a mandatory policy for all users.
Every login, data export, record change, and permission update is logged with timestamps and user identity. Logs are immutable and retained for 12 months.
Automated daily backups with point-in-time recovery. Backups are encrypted and stored in a geographically separate location from the primary data.
Defined incident response procedures with 72-hour breach notification. If something happens, you will know quickly and know exactly what we are doing about it.
Beyond the core pillars, these are the day-to-day practices that keep the platform secure.
If we ever experience a security incident that affects your school's data, we commit to notifying you within 72 hours with full transparency about what happened, what data was involved, and what we are doing to resolve it.
We are happy to walk you through our security practices, answer questions about compliance, or discuss your school's specific requirements.
