Boarding School Software is engineered with a core mandate:
to protect student data, safeguard privacy, respect regional legislation, and give schools high confidence in the integrity and safety of their information.
We continuously monitor global standards and evolve our platform accordingly.
We guarantee that school data remains within the region selected during onboarding. We support distinct, independent hosting in:
Australia & New Zealand – aligned with the Australian Privacy Principles (APPs) and New Zealand Privacy Act 2020
European Union – aligned with the General Data Protection Regulation (GDPR)
United Kingdom – aligned with UK-GDPR and the Data Protection Act
United States – aligned with the California Consumer Privacy Act (CCPA) and COPPA where applicable
Canada – aligned with PIPEDA (Personal Information Protection and Electronic Documents Act) and provincial equivalents
Asia-Pacific – aligned with PDPA (Singapore), PDP Act (Malaysia), APPI (Japan), and comparable regional frameworks
Africa – aligned with POPIA (South Africa), NDPR (Nigeria), and other local privacy acts
Middle East – aligned with ADGM Data Protection Regulations, DIFC DP Law, and emerging regional privacy standards
Your data is never transferred outside your chosen region unless your school explicitly requests it.
All customer data is hosted securely within Amazon Web Services (AWS) — a global leader in commercial cloud security.
Our AWS environment includes:
Each region is isolated with its own AWS services, ensuring no cross-jurisdiction co-location.
Ensures availability during infrastructure or environmental disruptions.
Full encryption at rest and in transit.
All stored files follow enforced encryption standards.
Protection against bots, malicious requests, and common web attack vectors.
Using IAM with least-privilege access, private VPC networks, and strict role boundaries.
Nightly snapshots and backups age out under an automated, secure lifecycle practice, not retained beyond necessity.
These standards reflect the requirements provided to our AWS engineers during setup.
We enforce strong authentication and controlled access:
Two-Factor Authentication for all users
Role-based access control for staff, medical, admin and pastoral teams
No mandatory SSO or data-sharing across external systems
Staff and students may optionally use credentials matching their school accounts
Access is monitored, logged and protected under secure AWS identity policies
We comply with the privacy expectations and legal frameworks active in the region your school selects.
Personal data is never shared with third parties in accordance with our Privacy Policy
TLS 1.2+ encryption for all data in transit
Secure handling of logs and metadata
School-initiated data exports are available at any time
When your school contacts our Helpdesk, authorised technical personnel may briefly access system-level data only for the purpose of diagnosing functionality — not for viewing student records, personal files, or behavioural history.
All access is logged and strictly limited to resolving the issue at hand, in line with industry privacy expectations.
On service termination:
We provide your school with an aggregated export of stored data (on request)
Your active data is securely deleted
Backups then expire automatically under the secure lifecycle practice noted above
Boarding School Software operates independently from school day-systems, reducing security exposure and ensuring operational continuity.
API integration is available where required but remains optional and controlled.
We regularly review:
AWS security bulletins
Infrastructure updates
Data protection regulatory changes
Boarding-sector operational trends
Client feedback
We maintain clear communication with schools regarding improvements, changes, or new security features.
Schools may request a region-specific technical review covering:
AWS configuration
Residency selections
Access controls
Deletion lifecycle
Authentication policy
We also offer access to a demonstration environment for evaluation.
