Trust · Security

Built to hold what institutions can't afford to lose.

Ministries, banks and universities run their student records on Sala. Security isn't a feature here — it's the foundation everything else sits on.

AES-256
Encryption at rest
TLS 1.2+
Encryption in transit
99.9%
Uptime target
24/7
Monitoring
How we protect data

Six layers, one standard.

Every institution gets the same protections — whether you're a two-school pilot or a national ministry.

Encryption everywhere

Your data is encrypted the moment it leaves a device and stays encrypted on disk.

  • AES-256 at rest, TLS 1.2+ in transit
  • Encrypted database backups
  • Managed key rotation

Access control

People see only what their role allows — enforced on every request, not just the UI.

  • Role-based permissions per institution
  • Single sign-on (SSO) support
  • Granular admin & audit roles

Secure infrastructure

We build on hardened, reputable cloud infrastructure with isolation between customers.

  • Logical tenant isolation
  • Private networks & firewalls
  • Least-privilege internal access

Monitoring & response

We watch the platform around the clock and have a plan for the day something looks wrong.

  • 24/7 automated monitoring & alerts
  • Centralised, tamper-evident logs
  • Documented incident-response plan

Backups & recovery

Your records are backed up continuously, so a bad day never becomes a lost year.

  • Automated, encrypted backups
  • Point-in-time recovery
  • Tested restore procedures

Privacy by design

We collect the minimum, keep it only as long as needed, and never sell it.

  • Data minimisation & retention limits
  • No selling of personal data
  • Student data never used to train public AI
Data residency

Your data stays in the region it belongs to.

Sala is built in ASEAN, for ASEAN. We understand that ministries and regulated institutions need their data to stay close to home — and we work with you on residency before you ever onboard.

Singapore
Holding & headquarters
Phnom Penh, Cambodia
Operations & support
Regional residency options
Available for qualifying institutions
Practices & governance

How we keep the standard high.

Secure SDLC & code review Vetted sub-processors Least-privilege access Staff security training Regular vulnerability testing Documented DPA on request

Found a vulnerability?

We welcome reports from security researchers and treat them as partners. Email us with details and steps to reproduce — we'll acknowledge promptly, keep you updated, and won't pursue good-faith research conducted under this program.

security@sala.tech