Tenant isolation & access control
Your school's data lives in its own logical tenant. Nobody outside your school can see it — including other schools on the platform.
Security & trust FAQ
Your school's alumni data — locked down, lawful, and yours.
Plain-English answers to the questions Heads, Governors, Bursars and IT teams ask us most often. If you need our SOC-style trust pack, a signed DPA or a custodian letter for your Information Officer, email security@legacylink.tech.
How we secure your data — at a glance
Four controls every Head, Bursar or IT lead should know about. Full detail in the sections below.
Row-Level Security (RLS)
Every row carries a tenant ID. Postgres rewrites every query so one school can never read another's alumni — enforced in the database, not the app. See tenant isolation →
Append-only audit log
Imports, role changes, approvals, payments and support access are written to an immutable audit_log table — exportable as CSV anytime. See audit detail →
Encryption everywhere
AES-256 at rest on managed Postgres, TLS 1.2+ in transit, secrets in an isolated vault. Backups encrypted, restored quarterly. See encryption detail →
Export & deletion on demand
Alumni: /me → Export (JSON) or Delete (processed in 7 days). Schools: Champion → Settings → Export (full ZIP). See data ownership →
Encryption, hosting & transport
Encrypted at rest, encrypted in transit, hosted in trusted regions.
POPIA, consent & lawful basis
Built for South Africa's Protection of Personal Information Act from day one.
Audit logs & change history
Every meaningful action is logged. You can always answer 'who did what, when?'
Backups, recovery & uptime
Your alumni data outlives any single failure.
Authentication & abuse prevention
Easy for alumni, hard for impostors.
Data ownership & exits
It's your data. Always.
Vendor security & responsible disclosure
Independent eyes on our systems.
Still have a question?
We'll happily get on a call with your IT lead or Information Officer before you sign anything.