Encrypted, end to end
Data in transit uses TLS 1.3. Data at rest uses AES-256, with keys managed by AWS KMS. Backups are encrypted with separate keys.
Schools trust us with sensitive data - learners, families, finances, grades. Here’s how we protect it, plainly listed and verifiable.
Data in transit uses TLS 1.3. Data at rest uses AES-256, with keys managed by AWS KMS. Backups are encrypted with separate keys.
Data ownership, audit trails, consent flows, and retention controls all built around the Protection of Personal Information Act.
Every state-changing action - sign-in, record edit, role change, fee reconciliation - is logged with actor, IP, and timestamp.
Automated daily backups encrypted and stored in our Cape Town region. Point-in-time recovery for the last 35 days.
Google Workspace and Microsoft 365 SSO on every plan from Starter up. Two-factor authentication available for everyone, enforceable for admins.
Seven built-in roles plus custom permission sets. Least-privilege by default; the audit log catches anything else.
Customer data lives in AWS’s Cape Town region (af-south-1). Backups are encrypted and stored in the same region. We don’t replicate customer data outside South Africa without your explicit instruction.
We’d rather hear about a vulnerability from a researcher than read about it in the news. Email security@lectern.school with details - we acknowledge within one school day.
Within one school day. We confirm receipt and assign a tracking ID.
We assess severity, reproduce, and decide on a fix and disclosure timeline.
Fix shipped. Researcher credited (with permission). Public note in our changelog.
We’re honest about where we are. Some are done; others are on the roadmap. Either way, what we have is verifiable.
Data ownership, retention, audit, and consent flows mapped to the Act.
Audit underway. Target certification 2026 Q4. Gap-assessment available on request.
Scoped for 2027. Roadmap available to schools on the Institution plan.
We complete a few of these every term - typical IT vetting from school IT departments and procurement teams. Send yours and we’ll turn it around in a school week.