Your school's data stays yours.

Data residency

Voxa runs student data in a São Paulo cloud region in Brazil. Email is sent from Brazilian infrastructure, and student data never leaves Brazil.

Object-level retention

Backups use write-once, compliance-mode object locking with a 180-day minimum retention period. Backup objects cannot be deleted or overwritten, even by Voxa operators.

Daily backups

Databases are snapshotted hourly during school hours. Daily restic backups are verified off-site, and recovery is tested monthly.

Tenant isolation

Each school runs in an isolated PostgreSQL schema. There are no shared tables and no cross-tenant queries possible by design.

Identity

Voxa uses OIDC single sign-on. Passwords are not stored in marketing funnels, and every access event is written to the audit log.

LGPD posture

Data is processed under Brazilian law. Operator: Daniel R. Silva MEI, CNPJ 63.112.394/0001-90. Contact: contact@voxa.education.

This page describes current security posture. For vulnerability reports, email contact@voxa.education.