Trust Center

Privacy & POPIA

How Veriti supports schools in protecting personal information and aligning with South Africa’s Protection of Personal Information Act (POPIA).

Last updated: 29 May 2026Version: 1.1.0
Client overview PDF

Data Ownership

Veriti never claims ownership of customer data. Schools own the information they enter into the platform and remain the Responsible Party under POPIA.

Privacy Principles

Purpose limitation

Personal information is processed solely for delivering agreed platform functionality and related support that schools authorise Veriti to provide.

Data minimisation

Veriti is designed to minimise the collection and retention of personal information wherever practical.

Access limitation

Access to customer information is restricted to authorised personnel when required to provide support or maintain the service.

Transparency

Schools and users should understand what information is processed and why.

Security safeguards

Technical and organisational measures protect personal information against unauthorised access and loss.

POPIA Alignment

Veriti aligns its privacy practices with the principles of POPIA and continually improves operational controls as the platform matures. We are not presenting this Trust Center as a formal certification; it describes how we operate and the principles that guide us.

Veriti acts as an Operator that processes personal information under the school’s instruction.

Responsible Party

The school (or governing body) that determines why and how personal information is processed. Under POPIA, schools remain the Responsible Party for learner, parent and staff records held in Veriti.

Operator

Veriti acts as an Operator: we process personal information on behalf of the school in accordance with the school's instructions and applicable agreements.

Personal Information

Information relating to an identifiable person, including names, contact details, identifiers, education records and related school administration data.

Processing

Any operation performed on personal information, including collection, storage, use, disclosure, retention and deletion within the Veriti platform.

Data Minimisation

Schools should only capture fields required for legitimate school operations. Veriti supports configurable data practices within product capabilities.

Retention

Retention periods should reflect school policy and legal obligations. Veriti retains data while a school account is active and supports deletion or export on request.

Accuracy

Schools are responsible for ensuring records remain accurate and up to date. Veriti provides tools for authorised users to correct information.

Security

Veriti implements technical controls described in the Security Overview. Schools must manage user access and device hygiene on their side.

School Responsibilities

  • Assign and review staff roles regularly.
  • Capture only information needed for school operations.
  • Maintain internal privacy notices and parent communications.
  • Request exports or deletions in line with school policy.

Student Data

Depending on school configuration, Veriti may process the following categories of student information:

Student records

Identity, enrolment, class placement and related administrative details.

Medical information

Health notes or medical flags that schools choose to store for care and safety, accessible only to authorised roles.

Emergency contacts

Parent/guardian and emergency contact details for school communications and incidents.

Attendance

Attendance marks and related presence records.

Behaviour

Behaviour notes or incident records entered by authorised staff.

Photos

Profile or activity images uploaded by the school, subject to school consent practices.

Documents

Files and documents attached to student or school records for administrative purposes.

Parent Information

Parent and guardian contact details, relationship information and account credentials (where parent portals are enabled) are processed to support school communications and authorised access. Schools control which parent features are enabled.

Staff Information

Staff accounts include identity, role, contact details and activity required to administer the school. Access to sensitive student categories should be limited to roles that need that information.

Privacy Contact

Privacy Contact: operations@codeweave.io (subject: Privacy). For security or procurement enquiries, see Contact Roles.

Also see our Privacy Policy.

Contact Security Team

Questions about security, privacy or procurement questionnaires.