Security Overview

This Security Overview summarises the technical and organisational measures used by Simple Software Development LLC to protect information processed through the Edminhub platform. It is intended to support school procurement reviews, due diligence checks, internal governance discussions, and parent or stakeholder confidence.

This document should be read together with the Edminhub Security and Privacy Statement, the Edminhub SaaS Subscription Agreement, the Edminhub Data Processing Agreement, and the Edminhub Child Data Protection Statement, where applicable.

This overview does not create a separate warranty, service level, certification, or unlimited security guarantee. The legal rights and obligations of the parties are governed by the applicable written agreement between the school and Simple Software Development LLC.

Simple Software Development LLC takes a practical, risk-based approach to Edminhub security. Security controls are designed to be proportionate to the nature of the platform, the sensitivity of learner information, and the operational needs of schools.

Edminhub is developed and operated using practices aligned with recognised information security principles, including control concepts commonly associated with ISO/IEC 27001 and secure application development guidance such as the OWASP Application Security Verification Standard.

Unless expressly stated in writing, Edminhub should not be interpreted as certified under ISO/IEC 27001, ISO 9001, SOC 2, Cyber Essentials, GDPR, POPIA, or any other formal certification or regulatory approval scheme.

Edminhub may process information relating to schools, learners, parents or guardians, teachers, administrators, and other authorised users. The specific information processed depends on how each school configures and uses the platform.

Edminhub should only be used for legitimate school administration, educational management, communication, safeguarding, compliance, and related operational purposes.

Edminhub uses role-based access control to limit access to information and functions based on user responsibilities. Typical roles may include school administrator, principal, teacher, parent or guardian, learner, and system administrator.

The school is responsible for assigning roles correctly, reviewing access periodically, and removing or updating access when users leave the school or change responsibilities. Simple Software Development LLC is not responsible for unauthorised access caused by incorrect role assignment, shared accounts, weak internal controls, insecure devices, or failure by the school to remove access.

Edminhub applies authentication controls to reduce the risk of unauthorised access. Users are responsible for keeping credentials confidential and must not share accounts or passwords.

Administrative access is intended to be restricted to authorised users only. Where additional security features such as multi-factor authentication are made available, schools are encouraged to enable them for administrative and high-risk accounts.

Edminhub is designed to use encrypted connections where supported to help protect information transmitted between users and the platform. Access to databases, storage systems, and administrative interfaces is intended to be restricted to authorised technical or support personnel where required for service delivery, maintenance, security, or support.

No system can be guaranteed to be completely immune from all cyber threats. Simple Software Development LLC applies reasonable technical and organisational safeguards intended to protect the confidentiality, integrity, and availability of customer data.

Backups are performed daily and retained for a period of 7 days.

Point-in-time backups may be available where a school makes a special arrangement with Edminhub / Simple Software Development LLC.

Backups are intended for disaster recovery and operational resilience. They are not a substitute for the school's own recordkeeping obligations, statutory retention requirements, independent exports, or internal data governance processes.

Edminhub may record system and user activity to support accountability, troubleshooting, security monitoring, and investigation of suspected misuse. Audit logs may include login activity, changes to key records, administrative actions, permission changes, and other significant system events.

Access to audit logs is restricted to authorised personnel. Audit logs are operational and security records and may not capture every possible user action or contextual school decision.

Simple Software Development LLC aims to develop Edminhub using secure software development practices appropriate for the maturity and risk profile of the platform. These practices are improved over time as the product evolves and operational requirements mature.

Simple Software Development LLC may perform internal security reviews, vulnerability checks, application testing, and remediation activities to identify and address weaknesses. Where commercially appropriate, independent security professionals may be engaged to perform vulnerability assessments or penetration testing.

Security testing results may be shared with client schools in summary form where appropriate and subject to confidentiality restrictions. Detailed test outputs, infrastructure information, exploit details, credentials, and sensitive security information may be withheld to protect the platform and other customers.

Simple Software Development LLC uses personal information processed through Edminhub only for legitimate purposes related to the delivery, support, maintenance, security, administration, and improvement of the platform.

Edminhub may send school-related communications, service messages, account notifications, administrative messages, and platform-related communications where enabled or required for service delivery.

Simple Software Development LLC may use reputable third-party service providers to host, operate, secure, monitor, back up, support, or improve Edminhub. These may include hosting providers, infrastructure providers, email delivery services, backup providers, monitoring tools, support tools, analytics tools, and security services.

Where such providers are used, access to customer data is intended to be limited to what is reasonably necessary for the relevant service. Third-party providers are not permitted to use school or learner information for their own unrelated purposes.

Simple Software Development LLC is not responsible for third-party systems, integrations, devices, networks, or services separately selected, connected, or used by the school outside the Edminhub platform.

Edminhub may be hosted using reputable cloud infrastructure providers. Depending on the hosting environment, customer data may be processed or stored outside the country where the school is located.

By using Edminhub, the school acknowledges that cross-border processing may occur where necessary to provide, support, secure, back up, or maintain the service. The school remains responsible for determining whether its use of Edminhub, including any cross-border transfer of personal information, is permitted under laws applicable to the school.

Simple Software Development LLC maintains procedures for responding to suspected or confirmed security incidents. In the event of a confirmed security incident affecting customer data, Simple Software Development LLC will take reasonable steps to investigate the incident, contain and mitigate its impact, restore affected services where technically possible, and notify the affected school where appropriate.

Notification timelines may depend on the nature of the incident, applicable legal requirements, the information available at the time, and the need to avoid compromising security investigations.

Simple Software Development LLC does not accept liability for incidents caused by the school's own systems, user devices, shared passwords, incorrect permissions, unauthorised internal users, third-party integrations selected by the school, or misuse of the platform by the school or its users.

Security is a shared responsibility. Simple Software Development LLC is responsible for applying reasonable safeguards to the Edminhub platform environment. The school is responsible for the way it configures, administers, and uses Edminhub.

School data is retained for as long as necessary to provide the Edminhub service, comply with legal obligations, support operational requirements, resolve disputes, enforce agreements, maintain audit records, or meet contractual commitments.

Upon termination or expiry of the school's subscription, the school may request export of available customer data within a reasonable period. After termination, Simple Software Development LLC may retain customer data for a limited period for backup, legal, audit, billing, security, or operational purposes, after which it may delete or anonymise the data in accordance with its retention practices, unless otherwise agreed in writing.

Deleted data may remain in backups for a limited period until those backups expire or are overwritten.

Edminhub is designed and operated with reasonable security measures, but no online service can be guaranteed to be completely secure, uninterrupted, error-free, or immune from all cyber threats.

To the fullest extent permitted by applicable law, this Security Overview does not expand the liability of Simple Software Development LLC, its directors, officers, members, employees, agents, contractors, or affiliates beyond the limits agreed in the applicable written agreement with the school.

The following documents may support school due diligence and governance reviews: the Edminhub Security and Privacy Statement, the Edminhub SaaS Subscription Agreement, the Edminhub Data Processing Agreement, the Edminhub Child Data Protection Statement, this Security Overview, and any applicable service plan or order form.

If there is a conflict between this Security Overview and a signed agreement, the signed agreement will take precedence unless the parties expressly agree otherwise in writing.

Questions about Edminhub security, privacy, or data protection may be directed to Simple Software Development LLC.