Security & trust
Your data. Your platform. Your rules.
Institutions trust their platforms with their whole memory — members, students, finances, histories. Here is exactly how we treat that responsibility.
Your data stays yours
Every record in your platform belongs to your institution. Export it at any time, in open formats. If we ever part ways, your data leaves with you.
Isolated by design
Each client platform runs in its own isolated environment with its own schema. Your data is never pooled with, or visible to, any other organisation.
Role-aware access
Permissions follow roles, not habits. A guardian sees their household. A teacher sees their classes. Leadership sees the whole — and nothing leaks sideways.
Encrypted throughout
Data is encrypted in transit (TLS) and at rest. Authentication is handled by a dedicated identity layer, never by hand-rolled password tables.
Backed up and recoverable
Automated backups with point-in-time recovery on managed infrastructure, so a mistake — ours or yours — is a rollback, not a catastrophe.
Accountable humans
You know exactly who builds and operates your platform. No ticket queues into the void — a direct line to the team that wrote every line.
In practice
Plain language, straight answers
Identity, done properly
Authentication runs on a dedicated identity layer with modern session handling. Password recovery, invitations, and sign-in flows are branded, audited paths — never improvised.
Least-privilege by default
Access is enforced at the data layer, not just hidden in the interface. Every query answers to the signed-in person’s role — so even a bug in a screen cannot leak another household’s records.
Managed, monitored infrastructure
Your platform runs on managed cloud infrastructure with automated patching, TLS everywhere, and separate production and preview environments. Changes ship through review, not straight to production.
Honest about scale
We are a focused studio, not a thousand-person vendor — and we treat that as a security feature. The people who built your platform are the people who answer when something matters. No tiers of support between you and the fix.
A note on honesty: we don't decorate this page with compliance badges we haven't earned. If your institution has specific regulatory requirements, raise them in discovery — we'll tell you plainly what we support today and what we'd put in place for you.
Ask us the hard questions.
Bring your board's security concerns to a discovery conversation. You'll get straight answers from the people who actually operate the infrastructure.