Trust Center
Data Processing & Ownership
Clear ownership, processing roles and lifecycle practices for school data in Veriti.
Data Ownership
Schools own the data they enter into Veriti. Veriti never claims ownership of student, parent, staff or school administrative records. Customer data remains under the school’s control as Responsible Party.
Data Processing
Veriti processes school data solely to provide agreed platform functionality, deliver support, and meet contractual and legal obligations. Processing is performed on behalf of the school as Operator.
Processor Obligations
As Operator, Veriti processes personal information in accordance with school instructions and applicable agreements, applies appropriate security safeguards, and does not use customer data for unrelated commercial purposes such as sale or AI model training.
Data Export
Authorised school administrators can export relevant records through product export capabilities. For subscription termination or bulk migration needs, schools may request assistance exporting their data in a usable format.
Access Requests
Data subject access and related requests should generally be handled by the school as Responsible Party. Veriti supports schools by providing Operator assistance where access to platform data is required to fulfil a lawful request.
Retention
Active school accounts retain data for as long as the subscription remains active, unless the school deletes records earlier. Retention after termination follows contractual terms and any lawful retention requirements communicated by the school.
Deletion
When schools delete records or request account closure, Veriti removes or anonymises production data from live systems according to operational procedures. Deletion from encrypted backups occurs as backups age out of the retention window.
Customer Offboarding
On termination, schools may request a data export and subsequent deletion or anonymisation of production data in line with contractual and operational procedures. Residual copies in backups expire according to backup retention.
Legal Obligations
Where Veriti is required by law to retain or disclose information, we do so only to the extent required and, where legally permitted, inform the affected school.
Audit Support
During active procurement or contractual review, Veriti can support reasonable audit and due-diligence requests with architecture summaries, questionnaires and operational documentation under appropriate confidentiality arrangements.
Breach Notification Philosophy
Where customer data may be materially affected by a security incident, Veriti follows documented incident response procedures and communicates with affected customers as appropriate.
Backup Lifecycle
Backups exist for resilience and disaster recovery. They are not an alternate production dataset for routine access. Backup copies expire according to the configured retention period and are protected with the same infrastructure access controls as live systems.
Contact Security Team
Questions about security, privacy or procurement questionnaires.