Trust Center

Data Processing & Ownership

Clear ownership, processing roles and lifecycle practices for school data in Veriti.

Last updated: 29 May 2026Version: 1.1.0
Client overview PDF

Data Ownership

Schools own the data they enter into Veriti. Veriti never claims ownership of student, parent, staff or school administrative records. Customer data remains under the school’s control as Responsible Party.

Data Processing

Veriti processes school data solely to provide agreed platform functionality, deliver support, and meet contractual and legal obligations. Processing is performed on behalf of the school as Operator.

Processor Obligations

As Operator, Veriti processes personal information in accordance with school instructions and applicable agreements, applies appropriate security safeguards, and does not use customer data for unrelated commercial purposes such as sale or AI model training.

Data Export

Authorised school administrators can export relevant records through product export capabilities. For subscription termination or bulk migration needs, schools may request assistance exporting their data in a usable format.

Access Requests

Data subject access and related requests should generally be handled by the school as Responsible Party. Veriti supports schools by providing Operator assistance where access to platform data is required to fulfil a lawful request.

Retention

Active school accounts retain data for as long as the subscription remains active, unless the school deletes records earlier. Retention after termination follows contractual terms and any lawful retention requirements communicated by the school.

Deletion

When schools delete records or request account closure, Veriti removes or anonymises production data from live systems according to operational procedures. Deletion from encrypted backups occurs as backups age out of the retention window.

Customer Offboarding

On termination, schools may request a data export and subsequent deletion or anonymisation of production data in line with contractual and operational procedures. Residual copies in backups expire according to backup retention.

Audit Support

During active procurement or contractual review, Veriti can support reasonable audit and due-diligence requests with architecture summaries, questionnaires and operational documentation under appropriate confidentiality arrangements.

Breach Notification Philosophy

Where customer data may be materially affected by a security incident, Veriti follows documented incident response procedures and communicates with affected customers as appropriate.

Backup Lifecycle

Backups exist for resilience and disaster recovery. They are not an alternate production dataset for routine access. Backup copies expire according to the configured retention period and are protected with the same infrastructure access controls as live systems.

Contact Security Team

Questions about security, privacy or procurement questionnaires.