Privacy Protocol

EducaSphere operates on a strict multi-tenant architecture. Every byte of institutional data is isolated at the database layer using Row-Level Security (RLS). The Institution ('The Tenant') remains the sole Data Controller. EducaSphere acts exclusively as a Data Processor under your direction. We do not aggregate institutional data for our own commercial purposes.

We process four categories of data: (a) Institutional Data (Finance, Assets, HR); (b) Personnel Data (Staff records, payroll, qualifications); (c) Student Data (Academic results, attendance, behavior, and where enabled, health/IEP records); and (d) Technical Metadata (Audit logs, access patterns, device fingerprints).

We process data primarily for the performance of the educational contract between the Institution and its stakeholders. This includes statutory financial reporting, academic certification, and student safeguarding. For health or special education data (IEP), we rely on the explicit consent mechanisms managed within the platform.

EducaSphere utilizes Tier-1 cloud infrastructure (AWS/GCP) and regional payment gateways (Flutterwave, Paystack, M-Pesa). All sub-processors are vetted for SOC 2 and ISO 27001 compliance. We maintain a live Sub-processor Registry available to Institutional DPOs upon request.

Data is retained according to the Institution's configured retention schedule. Upon account termination, we initiate a 60-day 'Cooling Period' for data export. Following this, an automated cryptographic erasure process is triggered across primary and secondary backup volumes.

The platform includes native tools for fulfilling GDPR/DPA rights, including the Right to Access, Right to Rectification, and the Right to Portability. These tools allow Institutional Admins to generate complete student data archives in under 5 minutes.

As an institutional provider, EducaSphere treats all student data with the highest level of protection. We comply with international safeguarding standards (including COPPA-equivalent principles). Student data is used solely for educational and administrative purposes directed by the School. We do not build marketing profiles on minors or serve advertisements within the platform.

For visitors to our public marketing site, we use cookies and tracking technologies (e.g., Google Analytics, CRM pixels) to analyze traffic and improve user experience. You may opt-out of non-essential cookies via your browser settings. Contact data submitted via our 'Book a Demo' or 'Contact Sales' forms is used exclusively for institutional outreach and can be deleted upon request.