Home
Case Studies
Cedar College Djarragun College MOB Academy
Features Pricing Updates Support Contact Request Demo

Data Security

Our Commitment to Security

At Junipa, we understand that schools entrust us with sensitive student data. We take this responsibility seriously and have implemented comprehensive security measures to protect your information.

Infrastructure Security

Google Cloud Platform

Google Cloud Platform

Firebase
Google Cloud Storage Google Cloud Run Google BigQuery

Junipa is built on Google Cloud Platform (GCP), leveraging enterprise-grade infrastructure with industry-leading security capabilities:

  • Data Centers: Physical security with 24/7 monitoring, biometric access controls, and environmental safeguards
  • Network Security: Multiple layers of protection including firewalls, intrusion detection, and DDoS mitigation
  • Compliance: GCP maintains certifications including ISO 27001, SOC 2/3, and PCI DSS

Regional Data Residency

All data is stored exclusively in Google Cloud Platform data centers located on the East Coast of Australia (Sydney region), ensuring:

  • Compliance with Australian data sovereignty requirements
  • Low latency access for Australian schools
  • Data never leaves Australian jurisdiction
  • Automated backups remain within the same region

Authentication & Access Control

Single Sign-On (SSO)

Junipa integrates seamlessly with your school's existing authentication systems through SAML 2.0, enabling secure single sign-on with:

  • Microsoft Azure Active Directory: Direct integration with your school's existing Microsoft/Office 365 accounts
  • Google Workspace: Support for schools using Google for Education
  • SAML 2.0 Providers: Compatible with any standards-compliant identity provider
  • Multi-factor Authentication (MFA): Inherits your existing MFA policies for enhanced security

Role-Based Access Control

Granular permissions ensure users only access data relevant to their role:

  • School Administrators: Full access to school-wide data and settings
  • Teachers: Access limited to their assigned students and classes
  • Support Staff: Customizable permissions based on responsibilities
  • Read-Only Users: View access without modification capabilities

Data Protection Measures

Encryption

  • Encrypted at Rest: All student and school data is encrypted at rest using AES-256 encryption within Google Cloud Storage
  • Encrypted in Transit: TLS 1.3 encryption for all data transmission between your school and our servers
  • Key Management: Encryption keys managed by Google Cloud KMS with automatic rotation every 90 days
  • Database Encryption: All database storage encrypted at the storage layer with additional application-level encryption for sensitive fields

Data Backup & Recovery

  • Automated daily backups with 30-day retention
  • Point-in-time recovery capabilities
  • Geographically redundant backup storage within Australia
  • Regular disaster recovery testing

Application Security

Secure Development Practices

  • Regular security code reviews
  • Automated vulnerability scanning
  • Dependency security monitoring
  • OWASP Top 10 compliance

Security Monitoring

  • 24/7 automated security monitoring
  • Real-time threat detection
  • Comprehensive audit logging
  • Security incident response procedures

Compliance & Auditing

Privacy Compliance

  • Australian Privacy Principles (APP) compliance
  • State and territory education privacy requirements
  • Student data protection regulations
  • Regular privacy impact assessments

Audit Trail

Comprehensive logging of all system activities including:

  • User access and authentication events
  • Data modifications with timestamps
  • Administrative actions
  • Data export activities

Data Retention & Deletion

Retention Policies

  • Active data retained for the duration of your subscription
  • Historical data archived according to educational compliance requirements
  • Configurable retention periods to meet school policies

Data Deletion

  • Secure data deletion upon request
  • Cryptographic erasure of all copies
  • Certificate of deletion provided
  • 30-day grace period for accidental deletion recovery

Incident Response

Security Incident Management

In the unlikely event of a security incident:

  • Immediate incident response team activation
  • Affected schools notified within 24 hours
  • Detailed incident report and remediation steps
  • Ongoing communication throughout resolution

Third-Party Security

Vendor Management

  • Thorough security assessment of all third-party services
  • Data processing agreements with all vendors
  • Regular security reviews of integrations
  • Minimal third-party data sharing

Your Security Responsibilities

While we provide robust security infrastructure, schools play a vital role in maintaining security:

  • Use strong, unique passwords or SSO
  • Enable multi-factor authentication when available
  • Regularly review user access permissions
  • Report suspicious activities immediately
  • Keep your integration systems updated

Contact Us

For security-related inquiries or to report a security concern:

  • Email: info@junip.com.au

Updates to This Policy

We may update this data security policy to reflect improvements in our security practices or changes in regulations. Schools will be notified of any material changes.