Trust Center
Privacy & POPIA
How Veriti supports schools in protecting personal information and aligning with South Africa’s Protection of Personal Information Act (POPIA).
Data Ownership
Veriti never claims ownership of customer data. Schools own the information they enter into the platform and remain the Responsible Party under POPIA.
Privacy Principles
Purpose limitation
Personal information is processed solely for delivering agreed platform functionality and related support that schools authorise Veriti to provide.
Data minimisation
Veriti is designed to minimise the collection and retention of personal information wherever practical.
Access limitation
Access to customer information is restricted to authorised personnel when required to provide support or maintain the service.
Transparency
Schools and users should understand what information is processed and why.
Security safeguards
Technical and organisational measures protect personal information against unauthorised access and loss.
POPIA Alignment
Veriti aligns its privacy practices with the principles of POPIA and continually improves operational controls as the platform matures. We are not presenting this Trust Center as a formal certification; it describes how we operate and the principles that guide us.
Veriti acts as an Operator that processes personal information under the school’s instruction.
Responsible Party
The school (or governing body) that determines why and how personal information is processed. Under POPIA, schools remain the Responsible Party for learner, parent and staff records held in Veriti.
Operator
Veriti acts as an Operator: we process personal information on behalf of the school in accordance with the school's instructions and applicable agreements.
Personal Information
Information relating to an identifiable person, including names, contact details, identifiers, education records and related school administration data.
Processing
Any operation performed on personal information, including collection, storage, use, disclosure, retention and deletion within the Veriti platform.
Data Minimisation
Schools should only capture fields required for legitimate school operations. Veriti supports configurable data practices within product capabilities.
Retention
Retention periods should reflect school policy and legal obligations. Veriti retains data while a school account is active and supports deletion or export on request.
Accuracy
Schools are responsible for ensuring records remain accurate and up to date. Veriti provides tools for authorised users to correct information.
Security
Veriti implements technical controls described in the Security Overview. Schools must manage user access and device hygiene on their side.
School Responsibilities
- Assign and review staff roles regularly.
- Capture only information needed for school operations.
- Maintain internal privacy notices and parent communications.
- Request exports or deletions in line with school policy.
Student Data
Depending on school configuration, Veriti may process the following categories of student information:
Student records
Identity, enrolment, class placement and related administrative details.
Medical information
Health notes or medical flags that schools choose to store for care and safety, accessible only to authorised roles.
Emergency contacts
Parent/guardian and emergency contact details for school communications and incidents.
Attendance
Attendance marks and related presence records.
Behaviour
Behaviour notes or incident records entered by authorised staff.
Photos
Profile or activity images uploaded by the school, subject to school consent practices.
Documents
Files and documents attached to student or school records for administrative purposes.
Parent Information
Parent and guardian contact details, relationship information and account credentials (where parent portals are enabled) are processed to support school communications and authorised access. Schools control which parent features are enabled.
Staff Information
Staff accounts include identity, role, contact details and activity required to administer the school. Access to sensitive student categories should be limited to roles that need that information.
Privacy Contact
Privacy Contact: operations@codeweave.io (subject: Privacy). For security or procurement enquiries, see Contact Roles.
Also see our Privacy Policy.
Contact Security Team
Questions about security, privacy or procurement questionnaires.