Security & trust

Your data. Your platform. Your rules.

Institutions trust their platforms with their whole memory — members, students, finances, histories. Here is exactly how we treat that responsibility.

Your data stays yours

Every record in your platform belongs to your institution. Export it at any time, in open formats. If we ever part ways, your data leaves with you.

Isolated by design

Each client platform runs in its own isolated environment with its own schema. Your data is never pooled with, or visible to, any other organisation.

Role-aware access

Permissions follow roles, not habits. A guardian sees their household. A teacher sees their classes. Leadership sees the whole — and nothing leaks sideways.

Encrypted throughout

Data is encrypted in transit (TLS) and at rest. Authentication is handled by a dedicated identity layer, never by hand-rolled password tables.

Backed up and recoverable

Automated backups with point-in-time recovery on managed infrastructure, so a mistake — ours or yours — is a rollback, not a catastrophe.

Accountable humans

You know exactly who builds and operates your platform. No ticket queues into the void — a direct line to the team that wrote every line.

In practice

Plain language, straight answers

Identity, done properly

Authentication runs on a dedicated identity layer with modern session handling. Password recovery, invitations, and sign-in flows are branded, audited paths — never improvised.

Least-privilege by default

Access is enforced at the data layer, not just hidden in the interface. Every query answers to the signed-in person’s role — so even a bug in a screen cannot leak another household’s records.

Managed, monitored infrastructure

Your platform runs on managed cloud infrastructure with automated patching, TLS everywhere, and separate production and preview environments. Changes ship through review, not straight to production.

Honest about scale

We are a focused studio, not a thousand-person vendor — and we treat that as a security feature. The people who built your platform are the people who answer when something matters. No tiers of support between you and the fix.

A note on honesty: we don't decorate this page with compliance badges we haven't earned. If your institution has specific regulatory requirements, raise them in discovery — we'll tell you plainly what we support today and what we'd put in place for you.

Ask us the hard questions.

Bring your board's security concerns to a discovery conversation. You'll get straight answers from the people who actually operate the infrastructure.