Security & Compliance

Your data stays yours.

300+ institutions trust Shunifu with their students, staff, and financial data every day. Here's how we protect it.

Infrastructure

Enterprise-grade security, built in from day one

Every layer of Shunifu is designed to keep your institution's data isolated, encrypted, and under your control.

Dedicated Tenant Databases

Each institution gets its own isolated database. Your data is never co-mingled with another school's — not in shared tables, not in shared rows. Complete separation.

Role-Based Access Control

25+ configurable user roles — principals, teachers, HODs, finance officers, parents — each sees only what they should. Permissions are granular down to individual actions.

Encryption Everywhere

TLS encryption protects all data in transit. Backups are encrypted at rest. Sensitive fields like financial records receive additional application-level encryption.

Cloud Hosting & Backups

Hosted on scalable cloud infrastructure with automated failover and regular backups. Your institution's data is always available, even during maintenance windows.

Full Audit Trails

Every critical operation is logged — who did what, when, and from where. Audit trails are immutable and available for compliance reviews on request.

Data Export & Portability

Your data belongs to you. Export student records, financial data, and reports at any time. Full data portability is available on request — no lock-in.

Compliance

Meeting the standards that matter

Data Protection Act 2022

Shunifu is compliant with the Eswatini Data Protection Act 2022, which governs the processing and protection of personal data. Key provisions we adhere to:

  • Lawful processing (Section 9) — personal data processed only for legitimate educational purposes
  • Data minimization (Section 14) — only data necessary for school operations is collected
  • Security safeguards (Section 17) — technical and organizational measures to prevent unauthorized access
  • Data subject rights (Sections 32–33) — access, correction, and deletion rights supported

Government Trust & Recognition

Shunifu operates from the Royal Science & Technology Park (RSTP) with support from UNDP Eswatini. Our platform has been adopted by government institutions and recognized in ministerial reports for transforming education through technology.

  • William Pitcher College
  • Ngwane Teachers Training College
  • Eswatini College of Technology
  • National Handicraft Training Centre
  • Royal Eswatini Police College
Asisungule Awards — 1st Prize ICT RSTP / UNDP Supported

In practice

How we protect student data

Security isn't just a feature — it's built into how Shunifu operates every day.

1

School data is physically separated

When a school joins Shunifu, a dedicated database is provisioned exclusively for that institution. There is no shared data layer between schools — even at the infrastructure level.

2

Access is strictly role-controlled

A teacher can see their own classes. A parent can see only their child. A finance officer can process fees but not view marks. Every permission is explicitly configured — nothing is open by default.

3

Every action is logged

Mark changes, fee adjustments, student record updates — all tracked with who, what, when. These logs are available to school administrators for internal review and compliance.

4

Your data is always exportable

Reports, student records, financial data — all exportable at any time. If you ever leave Shunifu, we provide a complete data export. No lock-in, no barriers.

Common questions

Security FAQ

No. Each school has a completely separate database. There is no way for one institution to access another's data — even accidentally. This is architectural, not just permission-based.
Shunifu is hosted on scalable cloud infrastructure with data centers that provide high availability and automated backups. We operate from the Royal Science & Technology Park (RSTP) in Eswatini.
We provide a full data export in standard formats. Your data belongs to you — we never hold it hostage. Export is available at any time, not just when offboarding.
Automated daily backups with encrypted storage. Backups are retained for a defined period and can be restored quickly in the event of data loss. Point-in-time recovery is available.
Yes. Shunifu is designed to comply with the Eswatini Data Protection Act 2022, including lawful processing (Section 9), data minimization (Section 14), security safeguards (Section 17), and data subject rights (Sections 32–33).
Reach our team directly at info@shunifu.app or call +268 7689 0726. We take every security inquiry seriously and respond promptly.

Questions about security?

We're happy to walk through our security practices in detail. Book a call and we'll answer everything.

Book a Free Demo +268 7689 0726

Free demo · No commitment · Takes 30 minutes

Browse the 300+ schools already on Shunifu