POPIA and Security
Last updated: February 19, 2026
CentreConnect is built with POPIA-ready platform controls to support lawful, minimal, and secure processing of personal information in ECD workflows.
These controls help reduce risk across admissions, communications, and account access. Final compliance outcomes still depend on each centre's internal governance, policies, and operating processes.
Core Controls
- Role-based access controls for parent, ECD, and platform-admin roles
- Audit logging for sensitive platform admin operations
- Server-side validation and protected route checks
- Bot and abuse mitigation controls on critical submit routes
- Rate limiting for selected public endpoints
- Secure payment webhook handling and replay controls
Operational Responsibility
ECD centres remain responsible for staff access discipline, lawful processing instructions, retention decisions, and incident response obligations within their organization.