Security Overview

Last updated: 6/07/2026

1. Built on Secure Foundations

At Sproutly, we know you are trusting us with sensitive student, parent, and employee records. We take a multi-layered approach to security, utilizing industry-standard infrastructure and practices to keep your center's data safe.

2. Strict Tenant Isolation

All Sproutly database records are protected by database-level security policies. This ensures that queries are filtered at the database engine level, making it physically impossible for users from one center to view, modify, or insert data belonging to another center.

3. Authentication & Access Controls

Authentication is powered by secure user-management systems, guaranteeing that:

  • Passwords are never stored in plain text.
  • Accounts support Multi-Factor Authentication (MFA) to prevent unauthorized logins.
  • Role-based access restricts settings, payroll exports, and student records to authorized center managers only.

4. Data Encryption

Data is encrypted in transit using Transport Layer Security (TLS/HTTPS) to prevent interception. Additionally, database backups and storage volumes are encrypted at rest using industry-standard AES-256 keys.

5. Backups & Disaster Recovery

Sproutly performs daily database backups. In the unlikely event of database corruption or hardware failure, backups allow us to restore services rapidly with minimal data disruption.

6. Responsible Vulnerability Disclosure

We appreciate the work of the security research community. If you discover a vulnerability in our application or API, please report it privately to security@sproutly.co.nzso we can patch it promptly.