An honest, single-page view of the controls Campus OS operates, the frameworks we map to, and how to reach our security and privacy teams.
This page is maintained by the Campus OS team to answer common security and privacy questions about the platform. It is not a third-party certification.
AES-256 across all managed Postgres storage and object buckets.
TLS 1.3 on every connection. HSTS and modern cipher suites enforced.
Every insert, update and delete on 14 entity types is recorded with actor, old and new snapshots.
Roles stored in a dedicated table with SECURITY DEFINER checks. No client-side role storage.
Row-level security on every table scopes data to the institution and the user's role.
Continuous backups with point-in-time recovery. Daily snapshots retained per region.
Readiness here means the platform supports the policies, data-subject workflows and audit requirements of the listed framework. Your institution remains the controller and is responsible for ongoing operational compliance.
| Region | Framework | Platform status |
|---|---|---|
| United Kingdom | UK GDPR + DPA 2018 | Ready |
| European Union | GDPR | Ready |
| United States | FERPA & COPPA aligned | Ready |
| Australia | Privacy Act / APP | Ready |
| Canada | PIPEDA | Ready |
| India | DPDP Act 2023 | Ready |
| New Zealand | Privacy Act 2020 | Ready |
| Singapore | PDPA | Ready |
| UAE (Dubai) | PDPL | Ready |
| Philippines | Data Privacy Act 2012 | Ready |
| South Africa | POPIA | Ready |
| Ireland | GDPR | Ready |
Our team can run through architecture, RLS policies, audit logging and incident-response playbooks with your DPO or security lead.