When a school or university adopts Click, it places some of its most sensitive data into the platform — student records, staff information, fee histories, and academic results. It is entirely reasonable to want a clear picture of how that data is protected before signing up, and again every time your institution conducts a review.

This article gives you that picture at a level that any school leader, IT coordinator, or governor can follow. We have kept technical specifications out of this piece intentionally — detailed security documentation is available privately to IT administrators and procurement teams who request it. Publishing specifics on a public webpage is not something responsible platforms do.

Four Areas We Take Seriously

Click's approach to protecting your data comes down to four things done consistently and well.

Encryption

Your data is encrypted while it travels between users and our servers, and while it sits in storage. Anyone who accessed the underlying files without authorisation would find nothing readable.

Access Controls

Every user account is limited to what their role actually requires. A bursar sees financial records — not staff appraisals. A teacher sees their class — not another teacher's. No one gets more access than they need.

Backups & Recovery

Your data is backed up regularly and stored separately from the primary database. If something goes wrong — a hardware failure, a data corruption — we can restore your records to a recent point with minimal disruption.

Professional Infrastructure

Click runs on dedicated cloud infrastructure — not on in-house servers in someone's office. Physical security, hardware reliability, and network resilience are maintained by a professional hosting environment, independently of your school's own setup.

Your Data Belongs to You

This is worth saying clearly: your institution's data belongs to your institution, not to Click. We process it in order to deliver the service, and for no other purpose. We do not sell it, analyse it for advertising, or share it with anyone outside of what is strictly necessary to operate the platform.

If your institution ever decides to move on from Click, we will provide a complete export of all your data before your account closes. After a defined period, every copy of your data — including backups — is permanently deleted from our systems. You will not have to chase us for this; it is a standard part of our offboarding process.

📋 Compliance Documentation

If your institution requires a formal Data Processing Agreement, written confirmation of data residency, or compliance evidence for NDPR — contact us. We have standard documentation ready and will share it with your team upon request.

Keeping Accounts Secure

The most common source of data exposure in any organisation is not a sophisticated attack — it is a compromised or poorly managed user account. Click gives your institution the tools to keep this risk low.

Every account is scoped to a specific role. Administrator accounts require multi-factor authentication by default, and we strongly recommend enabling it for all staff — particularly anyone with access to financial or HR data. Accounts that go through too many failed login attempts are locked automatically. Every action — every login, every record viewed, every change made — is written to an audit log with the user's identity and a timestamp, so there is always a clear trail if something needs to be investigated.

💡 The Overlooked Risk

In our experience, the most common security gap in school IT is a user account that was never deactivated when a staff member left. Click lets you deactivate any account instantly and terminate all its active sessions remotely, from the administrator console. Make account offboarding a formal step in your HR process — not an afterthought.

What We Handle — and What You Handle

Security in a cloud platform is always a partnership. Both sides have responsibilities, and being clear about the boundary prevents the assumption that everything is covered by one party.

Click handles
  • Physical security of the data centres where your data is stored
  • Encrypting your data in transit and at rest
  • Maintaining and patching the servers and infrastructure
  • Regular backups and the ability to recover from failure
  • Testing the platform for security vulnerabilities
  • Notifying you promptly if an incident affects your data
Your institution handles
  • Creating and deactivating user accounts when staff join or leave
  • Assigning roles carefully — not giving broad access where narrow access will do
  • Enabling MFA for staff, especially those with sensitive data access
  • The security of the devices your staff use to access Click
  • Staff awareness around phishing and credential safety
  • Your campus network and any local IT through which Click is accessed

"A platform can only protect the data it holds. The credentials that unlock it are your institution's responsibility to guard."

Click Team — Platform & Security

If Something Goes Wrong

No security arrangement eliminates every possible risk. What matters is having the right response when something happens — detecting it quickly, containing it, and communicating clearly.

Click monitors its platform continuously for unusual activity. If we confirm an incident that affects your institution's data, we will contact your designated administrator directly and promptly. We will tell you what happened, what data was involved, what we have done, and what — if anything — you need to do. You will not find out from a news headline before you hear from us.

Need the Technical Detail?

This article is written for a general audience. If you are an IT administrator or procurement lead conducting a formal security evaluation, this overview is only the starting point.

We can provide detailed technical documentation, Data Processing Agreements, data residency confirmation, and security assessment summaries. We are also happy to arrange a call between our platform team and yours to work through specific questions. Reach us at team@getclickapps.com or use the link below.

🔒 For IT & Procurement Teams

Full security documentation is shared privately with institutions in active procurement or compliance review — not published publicly. This is intentional. Contact us to request what you need, and we will respond promptly.

Talk to Our Security Team

Questions about how Click protects your institution's data? We're happy to go deeper — by email or on a call with your IT team.

Get in Touch
Data Security Access Controls Encryption Backups Compliance NDPR Data Protection