Security Policy

Keeping your data safe and private is at the heart of Cura. Our organisational culture – as well as our technical infrastructure – has your privacy and the security of your data as paramount concerns.

We understand that the information we store on your behalf - through your use of the Cura platform - can be of a personal and sensitive nature. We assume it is all sensitive and act accordingly.

Private by default

Every student and teacher that uses Cura has their own unique username and password. Only users you specifically nominate can gain access to your school’s data. Data within your school cannot be accessed by any external user with the exception of a small number of Cura staff, who access it only on an as-needs basis (see below).

For every interaction that teachers and students have with the platform – whether that is creating users, submitting work, or sharing information - we manage a set of sophisticated security rules that specify exactly who can view and modify them.

Securely hosted

Cura is hosted with Amazon Web Services (AWS), who are experts at providing reliable and secure server infrastructure. AWS are responsible for the physical security of the infrastructure that runs Cura.

For our Australian schools, we exclusively store all your data in Australia at AWS’s Sydney facility. AWS in Sydney is independently certified to meet the security requirements for unclassified Australian Government data as specified by Australian Signals Directorate’s (ASD) Information Security Manual. For schools based overseas, your data is hosted on jurisdiction-relevant AWS servers.

Secure platform

We’ve built Cura from the ground up to comply with the privacy and security requirements of schools in mind. Cura’s development processes are designed to verify that security has been properly considered whenever we add new features or modify existing ones. We use automated systems to randomly audit our security policies, ensuring they are correctly enforced. Internal and third party reviews of our security practices are routinely performed to verify our security practices and identify potential vulnerabilities.

Access to Cura is only available via a secure connection (HTTPS).

Controlled staff access

To provide you with helpful and timely support, a limited number of Cura’s staff have access to your data on an as-needed basis. These staff only access and view your data when you have specifically given us permission, usually in connection with a support enquiry. All such access is logged and regularly audited.

Security culture

We practice what we preach. Our company polices require all employees to adhere to best-practice personal security guidelines that cover device security, encrypted file storage, password policies, and more.

Australian Privacy Principles (APPs)

Cura complies with the Australian Privacy Principles. You can view Cura’s full Privacy Policy on our website or through the Cura platform.

Want to know more?

We work closely with our partner schools to ensure their security needs are met. If you would like more information on our security practices, please contact us at support@curaeducation.com.