Your institution's data is your most sensitive asset.
We protect it like it is.
UniCloud360 manages records for 7,000+ students across multiple institutions. Here is exactly how we keep that data safe, private, and compliant — with no vague promises.
Built-in security — not bolted on
Every control below is active across all plans, not reserved for Enterprise tier.
Data Residency
Student data for Sri Lankan institutions is stored exclusively on cloud infrastructure within Sri Lanka. Regional options in Singapore and UAE available on request.
Encryption at Rest & in Transit
All data encrypted at rest using AES-256. All data in transit protected by TLS 1.3. Encryption keys managed via a dedicated key management service with automated rotation.
Automated Backups
Full database backups run daily. Transaction-level backups every 4 hours. Stored in a separate geographic region, tested monthly. 90-day retention.
Role-Based Access Control
Every user has a role-specific permission set. A Counsellor cannot access financial records. A Finance Officer cannot view unenrolled applicants. IT Admins manage role assignment with full audit logs.
Audit Trail
Every data change — student record updates, grade modifications, payment entries — is logged with user identity, timestamp, and before/after values. Immutable. Exportable for compliance reviews.
Authentication & Session Security
MFA supported. Session tokens expire automatically. Failed login attempts trigger account lockout and admin alerts. SSO integration available on Enterprise tier.
Network Security
All services run behind a Web Application Firewall (WAF). DDoS protection enabled. Regular penetration testing by third-party security firms. Vulnerability disclosure programme available.
Incident Response
Security incidents responded to within 1 hour (P1). Affected institutions notified within 24 hours of any confirmed breach. Detailed post-incident reports provided.
Your data stays where you need it
By default, all data for Sri Lankan institutions is stored on cloud infrastructure physically located in Sri Lanka. Student personal information, financial records, examination results, and audit logs never leave the country unless explicitly configured.
Default data residency for all institutions
For institutions entering the SG market
Regional option for GCC-based institutions
Cross-region replication is disabled by default. Sub-processors and infrastructure partners are listed in our Data Processing Agreement (DPA), available on request.
Where we are — and where we are going
We believe in transparency about our compliance status. Here is our honest, up-to-date roadmap — no marketing spin.
Want a copy of our Security Whitepaper or DPA? Email security@unicloud360.com and we will send the latest version within one business day.
Penetration Testing
UniCloud360 undergoes third-party VAPT bi-annually. Reports are available to Enterprise clients under NDA. Our last assessment was completed in Q1 2025 with no critical findings.
Responsible Disclosure
Found a vulnerability? Report to security@unicloud360.com. We acknowledge within 24 hours and provide a resolution timeline within 72 hours.
We are happy to walk your IT team through our security architecture.
Share VAPT reports (under NDA) and answer any due-diligence questions before commitment.