Veriti Trust Center
Veriti Trust Center — Overview for Schools & Procurement
These documents reflect the principles under which Veriti is designed, operated and continuously improved.
A public outline for schools, IT departments, procurement teams and governing bodies. Proprietary implementation detail is intentionally omitted. Full detail is published online in the Trust Center.
| Classification | Public |
|---|---|
| Document version | 1.1.0 |
| Last updated | 29 May 2026 |
| Document type | Outline / summary (non-contractual) |
A. Our Commitment
Veriti is built on the principle that schools should retain full control over their data while benefiting from secure, reliable and transparent cloud software. We design our platform with security, privacy and operational resilience as foundational requirements rather than optional features. Our Trust Center provides visibility into our practices, governance and ongoing commitment to protecting the information entrusted to us.
At Veriti, customer trust is fundamental to our product design. Security and privacy are considered throughout the software development lifecycle rather than being added after development. We apply the principle of least privilege, minimise data collection wherever possible, and continuously improve our security posture based on evolving threats and customer feedback.
B. Our Principles
- B.1 Security by Design
- B.2 Privacy by Design
- B.3 Least Privilege
- B.4 Data Minimisation
- B.5 Customer Ownership
- B.6 Transparency
- B.7 Continuous Improvement
- B.8 Operational Resilience
C. Customer Commitments
- C.1 We never sell customer data.
- C.2 Schools retain ownership of all data; Veriti never claims ownership of customer data.
- C.3 Customer data is never used to train AI models.
- C.4 We only process data necessary to provide the agreed service.
- C.5 Customers may export their data.
- C.6 Customers may request deletion upon termination (subject to contractual and lawful retention).
- C.7 Access to production customer data is restricted to authorised personnel when required to provide support or maintain the service.
D. Secure Development & Disclosure
Security considerations are incorporated throughout product design, implementation, testing and deployment. New functionality is reviewed for security implications before release.
Security vulnerabilities can be reported confidentially to operations@codeweave.io with the subject line “Security vulnerability”.
Where appropriate, Veriti provides customers with documentation regarding security controls, architecture summaries and operational practices under appropriate confidentiality arrangements. Security questionnaires and supporting documentation are available during active procurement processes.
E. Trust Center outline
The online Trust Center is organised into the following sections. Each entry lists topics addressed; it does not reproduce full control narratives or proprietary detail.
1. Our Principles
States Veriti’s commitment, product principles, customer commitments, secure development posture, responsible disclosure, transparency and procurement support.
Topics covered
- Our Commitment and security philosophy
- Eight product principles (security/privacy by design, least privilege, minimisation, ownership, transparency, continuous improvement, resilience)
- Customer commitments (ownership, no sale of data, no AI training use, export and deletion)
- Secure development across design, implementation, testing and deployment
- Responsible disclosure for confidential vulnerability reports
- Customer transparency and incident communication philosophy
- Procurement support and POPIA alignment position
- Security, Privacy and Sales & Procurement contact roles
2. Security Overview
Explains how Veriti protects customer data through layered controls and operational discipline.
Topics covered
- Security philosophy and secure development statement
- Responsible disclosure
- Authentication, authorisation (RBAC) and encryption practices (high level)
- API and operational security
- Incident communication philosophy
- Security controls matrix with Implemented / Partial / Planned status
3. Privacy & POPIA
Explains how Veriti supports schools’ privacy obligations and aligns with POPIA principles.
Topics covered
- Explicit data ownership: Veriti never claims ownership of customer data
- Purpose limitation, data minimisation and access limitation
- School as Responsible Party; Veriti as Operator
- Compliance position: aligned with POPIA principles; continuously improving (not presented as a formal certification)
- Learner, parent and staff information categories
- Privacy Contact role
4. Infrastructure
Provides transparency on platform architecture, hosting, isolation and availability at a summary level.
Topics covered
- High-level request flow and cloud infrastructure overview
- Managed database, storage, authentication and backups
- Logical tenant (school) isolation
- Encryption at rest and in transit (provider-managed / TLS)
- Detailed infrastructure documentation available during procurement under NDA where appropriate
5. Business Continuity
Describes how Veriti minimises disruption and communicates during material incidents.
Topics covered
- Continuity philosophy: monitoring, backups, recovery planning and continuous improvement
- Backups, recovery, monitoring and maintenance
- Incident response and customer communication
- Recovery objectives documentation as the programme matures
6. Data Processing & Ownership
Clarifies ownership, Operator obligations and the full data lifecycle.
Topics covered
- Ownership and processing role
- Processor obligations
- Export, access-request support, retention and deletion
- Customer offboarding
- Legal obligations and audit support
- Breach notification philosophy
- Backup lifecycle
7. Sub-Processors
Lists third-party providers used to operate Veriti and the purpose of each.
Topics covered
- Provider name and service purpose
- Categories of data involved
- Links to each provider’s public privacy and security documentation
8. Frequently Asked Questions
Answers common questions from IT, procurement and governing-body stakeholders.
Topics covered
- Data location and ownership
- School isolation and encryption
- Exports, backups and downtime
- Permissions, passwords and parent access
- What happens on subscription termination
9. Security Roadmap
Separates current capabilities from future enhancements so planned work is not mistaken for missing fundamentals.
Topics covered
- Current: authentication & sessions, RBAC, encryption, operational logging & monitoring, managed backups, school isolation
- Future: enterprise MFA, SSO, expanded audit analytics, advanced monitoring & threat detection, additional compliance documentation, granular permissions
F. Important notes
- F.1 This document is a public outline. It does not include proprietary architecture, source code, configuration, or other confidential intellectual property.
- F.2 Status labels (Implemented, Partial, Planned) and the Current vs Future roadmap structure distinguish today’s controls from enhancements.
- F.3 Schools remain the Responsible Party under POPIA; Veriti acts as Operator.
- F.4 Security questionnaires, architecture summaries and supporting documentation are available during active procurement processes; deeper evidence may be shared under NDA where appropriate.
- F.5 Where customer data may be materially affected by a security incident, Veriti follows documented incident response procedures and communicates with affected customers as appropriate.
G. Contact roles
- G.1 Security Contact: operations@codeweave.io — subject: Security (including confidential vulnerability reports).
- G.2 Privacy Contact: operations@codeweave.io — subject: Privacy.
- G.3 Sales & Procurement Contact: operations@codeweave.io — subject: Procurement; or use the website Contact page.
© 2026 Veriti. This outline is provided for informational purposes only and does not constitute a contract, warranty or binding commitment. Product capabilities and controls may evolve. Refer to the online Trust Center for the current published version.