Trust Center
Infrastructure Overview
Transparency around where Veriti runs, how requests flow through the platform, and how school environments are isolated.
Platform Diagram
A simplified view of how authenticated requests move through Veriti:
- User
- HTTPS
- Backend API
- Authentication
- Database
- Object Storage
Infrastructure
Cloud hosting
Application services are hosted on cloud infrastructure (Render) with managed deployment, TLS termination and environment isolation for configuration secrets.
Database
Primary application data is stored in a managed Postgres database provided via Supabase, with encryption at rest and access restricted to authenticated application services.
Storage
Files and media are stored in managed object storage associated with the platform, accessed through authorised application flows.
Authentication
Authentication is handled through the platform identity layer (Supabase Auth), with session validation enforced on protected API routes.
Backups
Database backups are managed through the database provider's backup capabilities. Restore procedures form part of business continuity planning.
School Isolation
Each school operates within a dedicated logical environment (logical tenant isolation). Users are associated with their school tenancy, and authorisation checks prevent cross-school access to records. Shared platform infrastructure never exposes one school’s data to another school’s users.
Availability
- Redundancy: Managed cloud providers supply redundant infrastructure beneath database and hosting services.
- High availability: Platform components are designed for continuous operation with provider-backed uptime targets.
- Maintenance: Updates are applied with the goal of minimising disruption to school operations.
Performance
Veriti is built to scale with school usage. Horizontal scaling of application services and managed database capacity allow the platform to grow as enrolment and concurrent usage increase. Performance monitoring helps identify bottlenecks before they impact users.
Detailed Documentation
Public pages summarise practices without exposing proprietary configuration. Security questionnaires and architecture summaries can be provided during active evaluations.
Contact Security Team
Questions about security, privacy or procurement questionnaires.