Your school's data,
taken seriously.
We're building infrastructure used by schools — that means student records, parent contacts, and financial data. Security isn't a checkbox for us. It's the foundation.
Our practices
How your data is protected.
Encryption in transit
All traffic between your browser and Campusless is encrypted using TLS 1.2+ with modern cipher suites.
Encryption at rest
Customer data is stored encrypted at rest using AES-256. Database backups are encrypted with separate keys.
Password security
Passwords are stored as salted hashes using industry-standard algorithms (bcrypt/argon2). We never store plain-text passwords.
Role-based access
Fine-grained permissions per role. Teachers only see their classes. Finance only sees fees. Principals see everything. Full audit logs.
Daily automated backups
Full backups daily, with point-in-time recovery for the last 30 days. Disaster recovery documented and tested.
SSO & SAML
Enterprise-grade SSO available on the Groups plan. Integrates with Azure AD, Okta, Google Workspace, and custom SAML providers.
Infrastructure
Tier-1 cloud hosting. ISO 27001 / SOC 2-certified data center providers. Per-region hosting available.
Ongoing monitoring
24/7 infrastructure monitoring. Security patches applied within published SLAs. Vulnerability scans on all deploys.
Compliance
Built with compliance in mind.
GDPR-ready
Data processing addenda, data subject request workflows, and EU hosting regions available.
COPPA-aware
Campusless is a B2B product; schools act as data controllers and manage parental consent for student data as required.
Audit logs
Every change logged with who, when, and what. Exportable for internal audits and regulatory review.
Data portability
Export your entire school's data in a standard format any time. No lock-in, no exit fees.
Responsible disclosure
Found a security issue? Tell us.
If you believe you've found a security vulnerability, please email security@campusless.com. We'll acknowledge within 48 hours and work with you on disclosure. We don't run a paid bug bounty yet, but responsible researchers are credited publicly (with permission).
FAQ
Security questions, answered.
Is our data hosted in our region?
We offer hosting in multiple regions (North America, Europe, and Asia-Pacific). On the Groups plan, we can also dedicate a region to your group. Contact us to discuss your requirements.
Who can access our school's data?
By default, only users your school explicitly invites. Campusless employees access customer data only when needed for support (with customer consent logged), or to respond to security incidents.
What if we have a compliance audit?
We provide security documentation, audit logs, and compliance artifacts on request. Groups plan customers get full compliance reports and a named security contact.
Do you do penetration testing?
Yes. We engage independent third-party security firms to conduct penetration tests. Summary reports are available to customers under NDA on request.
What's your incident response process?
We maintain a documented incident response plan with defined severity levels and response times. Affected customers are notified within 72 hours of a confirmed breach, or sooner as required by law.
Ready when you are
Need a full security review?
We share detailed security documentation with schools under evaluation. Email us and we'll send the packet.