Privacy Policy

1. Information We Collect

1.1 School Information

When a school registers, we collect:

• School name, email address, and phone number
• Physical address, city, region, district, and postal code
• Country (default: Tanzania)
• Website URL (optional)
• Education levels offered (PRE_SCHOOL, PRIMARY, O_LEVEL, A_LEVEL)
• School logo and favicon (optional)

1.2 Administrator Information

For the primary school administrator:

• First and last name
• Email address (used for login)
• Phone number (optional)
• Password (encrypted)
• Profile avatar (optional)

1.3 Student Information

Schools may collect and store student data including:

• Admission number and roll number
• Date of birth and gender
• Blood group, nationality, and religion
• Contact address and emergency contact information
• Medical conditions and allergies
• Academic records and performance data
• Attendance records
• Documents (birth certificates, medical records, etc.)

1.4 Parent/Guardian Information

Schools may collect parent/guardian data including:

• Occupation and employer information
• Annual income (optional)
• Contact address and phone numbers
• Relationship to students

1.5 Teacher and Staff Information

Schools may collect employee data including:

• Employee ID and personal identification details
• Qualifications, specialization, and experience
• Employment details (joining date, designation, salary)
• Contact information and address
• Professional documents and certifications

1.6 Technical and Usage Data

We automatically collect:

• IP addresses and browser information
• Device type and operating system
• Usage patterns and feature interactions
• Error logs and performance data
• Cookie data (see Section 8)

1.7 Payment Information

For paid subscriptions:

• Mobile money phone numbers (M-Pesa, Airtel Money, Tigo Pesa)
• Transaction IDs and payment amounts
• Billing history and subscription details

2. How We Use Your Information

2.1 To Provide Services

We use your information to:

• Create and manage your school account
• Provide school management features (student tracking, attendance, grading)
• Process payments and manage subscriptions
• Send notifications (SMS, email) about school activities
• Generate reports and analytics
• Provide customer support

2.2 To Improve Our Services

We use aggregated, anonymized data to:

• Analyze usage patterns and improve features
• Monitor system performance and fix issues
• Develop new features and services
• Conduct research on educational technology trends

2.3 For Security and Compliance

We use information to:

• Prevent fraud and abuse of our services
• Enforce our Terms of Service
• Comply with legal obligations
• Protect the rights and safety of our users

3. Legal Basis for Processing

We process personal data based on the following legal grounds:

• Contractual Necessity: To provide the services you requested
• Legitimate Interests: To improve our services, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations
• Consent: Where required by law, we obtain explicit consent

School Responsibility: Schools using our platform are data controllers for student, parent, and staff data. Schools must obtain appropriate consents and have lawful bases for data processing.

4. Data Sharing and Disclosure

4.1 With Service Providers

We share data with trusted third-party providers who assist in operating our services:

• Payment Processors: ClickPesa for mobile money payments
• SMS Providers: For sending notifications to parents and staff
• Hosting Services: Cloud infrastructure providers
• Analytics Services: To understand usage patterns (anonymized data only)

All service providers are contractually obligated to protect your data and use it only for the services we request.

4.2 For Legal Reasons

We may disclose information if required by law, such as:

• To comply with legal processes or government requests
• To protect our rights, property, or safety
• To investigate fraud or security issues
• To enforce our Terms of Service

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction. We will notify you of any such change and outline your choices.

4.4 With Your Consent

We will share information with third parties when we have your explicit consent to do so.

5. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption: Data in transit using TLS/SSL, passwords hashed with bcrypt
• Access Controls: Role-based access, multi-tenant architecture
• Network Security: Firewalls, intrusion detection, regular security audits
• Data Backup: Regular backups with disaster recovery procedures
• Employee Training: Security awareness and data protection training
• Incident Response: Procedures for detecting and responding to security incidents

While we implement robust security measures, no system is completely secure. We encourage schools to use strong passwords and implement their own security practices.

6. Data Retention

6.1 Retention Periods

We retain data for as long as necessary to provide our services:

• Active Accounts: Data is retained while your account is active
• Inactive Accounts: After account termination, data is retained for 30 days to allow export
• Backup Data: Backups are retained for 90 days
• Legal Requirements: Some data may be retained longer to comply with legal obligations
• IP Registration Records: IP addresses for registration attempts are retained for 90 days

6.2 Data Deletion

Upon account termination or data deletion request:

• Data is removed from active databases within 30 days
• Backup copies are deleted within 90 days
• Some metadata may be retained for legal or security purposes

7. Your Rights and Choices

7.1 Access and Correction

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your data (subject to legal limitations)
• Export your data in a machine-readable format

7.2 Communication Preferences

You can control:

• Marketing communications (opt-out available in all emails)
• SMS notifications (configured in school settings)
• System notifications and alerts

7.3 School Responsibilities

Schools using our platform are responsible for:

• Providing data subject rights to students, parents, and staff
• Obtaining necessary consents for data processing
• Maintaining accurate and up-to-date records
• Complying with applicable data protection laws

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Analyze site usage and performance
• Improve user experience

You can control cookies through your browser settings. However, disabling essential cookies may affect the functionality of our services.

9. International Data Transfers

Our services are primarily hosted in Tanzania. However, some service providers may process data in other countries. When data is transferred outside Tanzania, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

10. Children's Privacy

Our service is designed for schools to manage student data. Schools are responsible for:

• Obtaining parental consent for collecting student data where required by law
• Implementing appropriate safeguards for minor students
• Complying with child protection and data protection laws

We do not knowingly collect personal data directly from children under 13. If you believe a child has provided us with personal data without parental consent, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting a notice on our website
• Sending an email to registered administrators
• Updating the "Last updated" date at the top of this policy

We encourage you to review this policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: support@safeney.com
• Phone: 0683386096

For data subject requests, please contact your school administrator first, as they are the primary data controller for most school-related data.