Security

Tenant isolation

Every institution is isolated at the database layer with PostgreSQL row-level security. Each query is scoped to the authenticated institution and role — one university can never read the data of another, enforced by the database itself, not only the application.

Authentication & access

• Email, password and one-time-code (OTP) sign-in
• Optional multi-factor authentication (TOTP)
• Enterprise single sign-on via SSO / SAML
• Role-based permissions for registrars, faculty, students, finance and administrators
• Short-lived, revocable sessions

Auditability

Sensitive actions — grade, finance, registration, scheduling and permission changes — are logged with who, what, when and under which scope. The trail is immutable, built for accreditation and incident review.

Encryption & recovery

• Encryption in transit (TLS) and at rest
• Automated daily backups with point-in-time recovery on production plans
• Versioned, rollback-ready publishing for schedules and exams

Data residency & hosting

The platform runs on managed PostgreSQL hosted in the EU (West) region. Data-residency options are available for institutions with specific jurisdictional requirements.

Compliance posture

WeuniOs is designed to support institutional obligations including FERPA (student records), KVKK and GDPR (data protection). Data-processing agreements and a sub-processor list are available on request.

Incident response

The platform is monitored continuously. Security incidents are triaged on a defined severity scale, affected institutions are notified, and a post-incident summary is shared. Report a vulnerability to security@weunios.com — we acknowledge within one business day.