HomeFeaturesPricingGallery
Request Demo
Privacy Policy • Last updated: May 30, 2026 • Effective: June 1, 2026

Privacy Policy

This Privacy Policy describes how SchoolSyntaxERP Ltd. ("SchoolSyntaxERP," "we," "our," or "us") collects, uses, and protects information obtained from users of our platform located at www.schoolsyntaxerp.com and related services (collectively, the "Platform"). We take data privacy seriously and are committed to protecting the personal information of all individuals who interact with our Platform.

1. Data Controller and Processor

SchoolSyntaxERP operates as a data processor on behalf of educational institutions (our customers), who are the data controllers with respect to the personal data of their students, staff, and parents. SchoolSyntaxERP is the data controller for data we collect about our customers (institutional administrators and billing contacts).

If you are a student or parent whose data is held on the Platform by your school or university, please contact your institution's administration regarding your personal data rights. We will cooperate with any such requests forwarded to us by the institution.

2. Information We Collect

2.1 Account and Institutional Data

When a customer (institution) creates an account, we collect:

  • Institution name, address, and contact details
  • Administrator name, email address, and phone number
  • Billing information (processed by our PCI-DSS compliant payment processor — we do not store full card numbers)
  • Subscription plan and payment history

2.2 Platform Usage Data

We automatically collect usage information when you use the Platform, including:

  • Log data (IP addresses, browser type, pages visited, time spent)
  • Device information (browser version, operating system)
  • Feature usage patterns (which modules are used, frequency)
  • Error and performance logs

2.3 Student and Staff Data (Processor Role)

When institutions use our Platform, they input personal data about their students and staff, including names, identification numbers, contact information, academic records, and financial records. As a data processor, we process this data solely on the instruction of the institution (data controller) and do not use it for any other purpose.

2.4 Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential cookies: Required for authentication and platform security. Cannot be disabled.
  • Functional cookies: Remember your preferences (e.g., language, theme).
  • Analytics cookies: Understand how users interact with our Platform (aggregated, anonymized). Can be disabled.
  • Marketing cookies: Track the effectiveness of our marketing. Can be disabled via our cookie consent banner.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Platform
  • Process payments and manage subscriptions
  • Send administrative communications (invoices, service updates, security notices)
  • Provide customer support
  • Monitor platform performance, uptime, and security
  • Comply with legal obligations
  • Send marketing communications (only where you have given consent)

We will never sell your personal data. We will never use student or staff data for advertising, profiling, or any purpose beyond operating the Platform on behalf of the institution.

4. Data Storage and Security

All data is stored on encrypted servers hosted in data centres certified to ISO 27001 standards. We use AES-256 encryption at rest and TLS 1.3 in transit. Access to data is controlled by role-based permissions with full audit logging. For detailed security information, see our Security page.

Data is stored in the region selected by the institution (or defaulting to our primary region). Enterprise clients may specify data residency requirements.

5. Data Retention

We retain institutional account data for the duration of the subscription, plus 90 days after termination (to allow data export). Student and staff operational data is retained as configured by the institution. After the 90-day post-cancellation period, all data is securely deleted from primary storage and backups.

Log data and analytics data is retained for 12 months in raw form and then aggregated and anonymized.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Correct inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data (subject to legal obligations).
  • Right to data portability: Receive your data in a machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to restrict processing: Limit how we use your data in certain circumstances.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise these rights, contact us at privacy@schoolsyntaxerp.com. We will respond within 30 days.

7. Data Sharing and Third Parties

We share data only with trusted third-party service providers who process data on our behalf under Data Processing Agreements, including:

  • Cloud infrastructure provider (hosting and storage)
  • Payment processor (billing)
  • SMS gateway provider (for communication features)
  • Email delivery service
  • Security monitoring services

We do not share personal data with any third parties for advertising, marketing, or data brokerage purposes. A full list of sub-processors is available upon request.

8. International Data Transfers

Where data is transferred outside the EEA or your jurisdiction, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission, or adequacy decisions where applicable.

9. Children's Privacy

The Platform is used by educational institutions to manage student data, which may include data of children under 13. When student data is submitted by an institution, the institution is responsible for obtaining any necessary parental consents under applicable law (including COPPA in the USA). SchoolSyntaxERP processes this data only as a data processor under the institution's instructions.

10. Cookies Policy

You can manage your cookie preferences at any time through our cookie consent banner (shown on first visit) or by contacting us. Note that disabling essential cookies will prevent you from logging in to the Platform.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify institutional administrators via email and in-platform notification at least 30 days before any material changes take effect. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions, to exercise your rights, or to report a data concern:

  • Email: privacy@schoolsyntaxerp.com
  • Post: Data Protection Officer, SchoolSyntaxERP Ltd., 15th Floor, The Prism Tower, Upper Hill, Nairobi, Kenya

If you are an EU/EEA resident and have an unresolved complaint, you have the right to lodge a complaint with your local supervisory authority.

Chat on WhatsApp