Security

Your school's data stays yours.

Data residency

Voxa runs student data in sa-east-1, the AWS São Paulo region. SES email is sent from Brazilian infrastructure, and student data never leaves Brazil.

Object-level retention

Backups use S3 Object Lock in COMPLIANCE mode with a 180-day minimum retention period. Backup objects cannot be deleted or overwritten, even by Voxa operators.

Daily backups

Databases are snapshotted hourly during school hours. Daily restic backups are verified off-site, and recovery is tested monthly.

Tenant isolation

Each school runs in an isolated PostgreSQL schema. There are no shared tables and no cross-tenant queries possible by design.

Identity

Voxa uses Zitadel SSO. Passwords are not stored in marketing funnels, and every access event is written to the audit log.

LGPD posture

Data is processed under Brazilian law. Operator: Daniel R. Silva MEI, CNPJ 63.112.394/0001-90. Contact: contact@voxa.education.

This page describes current security posture. For vulnerability reports, email contact@voxa.education.