Trust Center
Frequently Asked Questions
Answers to common technical and security questions from schools, IT teams and procurement stakeholders.
Questions
Veriti stores application data in managed cloud infrastructure. Primary database and authentication services are provided by Supabase. Application hosting runs on Render. Object storage holds files uploaded through the platform. See the Infrastructure page for the full architecture overview.
Your school owns the data entered into Veriti. Veriti processes that data on your behalf as an Operator under POPIA and does not claim ownership of school records.
No. School environments are isolated so that users from one school cannot access another school's records. Access is enforced through authentication and role-based authorisation tied to the school tenancy.
Yes. Data in transit is protected with HTTPS/TLS. Data at rest is encrypted by the underlying cloud database and storage providers. Passwords are hashed and never stored in plaintext.
Yes. Authorised administrators can export records through product export features. For larger migrations or termination exports, contact our team for assistance.
Database backups are managed through the infrastructure provider. Backups support disaster recovery and are retained according to configured retention windows. See Business Continuity for more detail.
The team monitors platform health and works to restore service as quickly as practicable. Material outages affecting customer operations are communicated to affected schools. Planned maintenance is scheduled to minimise disruption.
Veriti uses role-based access control (RBAC). School administrators assign roles that determine which modules and records staff can view or modify. Users only receive the permissions required for their responsibilities.
Passwords are hashed using modern one-way hashing before storage. Veriti never stores or displays plaintext passwords.
Parent access depends on the features enabled for your school and the permissions configured by school administrators. Parents only see information the school has authorised for their account.
Yes. Staff roles and permissions can be configured so different teams see only the modules and data they need. More granular permission improvements are on the security roadmap.
On termination, schools may request a data export. Production data is then deleted or anonymised according to contractual and operational procedures. Residual copies in backups expire as those backups age out of retention.
Contact Security Team
Questions about security, privacy or procurement questionnaires.