Privacy Policy

Last Updated: March 23, 2025

Welcome to Scholara's Privacy Policy. Scholara ("we," "our," or "us") is committed to protecting the privacy of all users of our school management software solution. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, services, and applications (collectively, the "Services").

By accessing or using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Services.

Key Points:

We collect necessary information to provide and improve our Services
We implement robust security measures to protect your data
We comply with educational privacy regulations including FERPA and GDPR
You have rights regarding your personal information
We do not sell your data to third parties

1. Information We Collect

We collect several types of information from and about users of our Services, including:

1.1 Personal Information

This refers to data that can be used to identify an individual, either directly or when combined with other information:

Category	Examples	Collected From
Student Information	Full name, date of birth, student ID, grade level, enrollment details, academic records, health information (allergies, medications), behavioral records, special education needs	School administrators, parents/guardians
Parent/Guardian Information	Full name, contact details (email, phone, address), relationship to student, payment information, government IDs for verification	Parents/guardians during registration
Staff Information	Full name, contact details, position, qualifications, employment records, payroll information, performance evaluations	School administrators, HR departments
User Account Information	Username, password (hashed), security questions, profile picture, account preferences	All users during account creation

1.2 Non-Personal Information

We automatically collect certain technical information when you use our Services:

Device Information: IP address, browser type, operating system, device identifiers
Usage Data: Pages visited, features used, time spent, clickstream data
Location Data: General geographic location (city/country level) based on IP address
Cookies and Tracking Technologies: See Section 6 for details

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Provision and Operation

To provide, maintain, and improve our Services
To authenticate users and manage accounts
To process transactions and school fee payments
To maintain student records and academic progress tracking
To facilitate communication between schools, teachers, students, and parents
To generate reports and analytics for school administration

2.2 Communication

To send important notices regarding the Services (security alerts, policy changes)
To respond to inquiries and provide customer support
To send school-related communications (attendance notifications, grade updates, event reminders)
With consent, to send promotional materials about new features or services

2.3 Security and Compliance

To detect, prevent, and address technical issues and security vulnerabilities
To investigate potential violations of our Terms of Service
To comply with legal obligations and educational regulations
To enforce our agreements, policies, and terms of use

2.4 Research and Development

To analyze usage trends and improve our Services
To develop new features and functionality
To conduct anonymized research on educational outcomes (with appropriate safeguards)

3. Legal Basis for Processing (GDPR Compliance)

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

Processing Purpose	Legal Basis
Provision of core Services	Performance of contract
Payment processing	Legal obligation and contract performance
Security and fraud prevention	Legitimate interests
Marketing communications	Consent (where required)
Compliance with educational regulations	Legal obligation

4. Data Sharing and Disclosure

We may share information in the following circumstances:

4.1 With Educational Institutions

Student and parent data is shared with the relevant school or educational institution for educational purposes. This includes:

Academic records shared with teachers and administrators
Attendance data shared with school officials
Behavioral records shared with authorized staff

4.2 With Service Providers

We engage third-party companies to perform services on our behalf, such as:

Cloud hosting providers (AWS, Google Cloud)
Payment processors (Paystack, SquadCo)
Customer support platforms
Analytics and monitoring services

All service providers are contractually obligated to protect your data and use it only for the services they provide to us.

4.3 For Legal Compliance and Protection

We may disclose information when we believe in good faith that disclosure is necessary to:

Comply with applicable laws, regulations, or legal processes
Respond to valid governmental requests (subpoenas, court orders)
Protect the rights, property, or safety of Scholara, our users, or others
Investigate potential violations of our Terms of Service

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or similar event, user information may be transferred as part of the transaction. We will notify users of any such change and outline choices available.

4.5 With Consent

We may share information with third parties when we have explicit consent to do so, such as for integrated educational apps or research studies.

5. Data Security Measures

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

Encryption: All data in transit uses TLS 1.2+ encryption. Sensitive data at rest is encrypted using AES-256.
Access Controls: Role-based access control (RBAC) ensures users only access data necessary for their role.
Authentication: Multi-factor authentication (MFA) is available for all accounts. Strong password policies are enforced.
Network Security: Firewalls, intrusion detection/prevention systems, and regular vulnerability scanning.
Data Minimization: We only collect and retain data necessary for our Services.

5.2 Organizational Safeguards

Regular security awareness training for all employees
Strict confidentiality agreements for staff and contractors
Designated Data Protection Officer overseeing compliance
Incident response plan for potential data breaches

5.3 Physical Safeguards

Data centers with 24/7 security, biometric access controls, and environmental protections
Secure disposal procedures for physical records and decommissioned hardware

Despite our safeguards, no system is 100% secure. We cannot guarantee absolute security but we continuously work to improve our protections. Users should also take steps to protect their accounts (strong passwords, not sharing credentials, logging out of shared devices).

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

6.1 Types of Cookies Used

Cookie Type	Purpose	Duration
Essential Cookies	Necessary for core functionality (login, security)	Session or up to 1 year
Performance Cookies	Collect anonymous usage data to improve Services	Up to 2 years
Functionality Cookies	Remember preferences and settings	Up to 1 year

6.2 Your Cookie Choices

Most browsers allow you to control cookies through settings. However, disabling essential cookies may affect Service functionality. Our cookie consent manager allows granular control over non-essential cookies.

6.3 Third-Party Tracking

We may use analytics services (Google Analytics) that place their own cookies. These are subject to the third party's privacy policies.

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

Data Category	Retention Period
Student records (active)	Duration of enrollment + 7 years
Student records (inactive)	7 years after last activity or as required by law
Parent/guardian accounts	While associated with active student + 2 years
Staff accounts	Duration of employment + 7 years
Financial records	7 years for tax compliance
System logs	Up to 1 year for security monitoring

Data may be retained longer where required by law, regulation, or legitimate business needs (dispute resolution, contract enforcement). Anonymized data may be kept indefinitely for research and analytics.

8. International Data Transfers

As a global service, your information may be transferred to and processed in countries other than your own:

Our primary data centers are located in United States
We use cloud service providers with global infrastructure
For transfers from the EEA to third countries, we implement appropriate safeguards (Standard Contractual Clauses, Privacy Shield certification where applicable)

9. Children's Privacy

Our Services are designed for educational institutions and not directly for children. However, we process student data on behalf of schools:

Schools are responsible for obtaining necessary consents for student data processing
We implement additional protections for student data including limited access and extra security measures
Parents/guardians may exercise rights on behalf of their children through the school
We do not knowingly collect personal information directly from children under 13 without parental consent

10. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal information:

10.1 Access and Portability

You may request access to your personal data and receive it in a structured, commonly used format.

10.2 Correction

You may request correction of inaccurate or incomplete personal data.

10.3 Deletion

You may request deletion of your personal data, subject to legal retention requirements.

10.4 Restriction and Objection

You may request restriction of processing or object to certain processing activities.

10.5 Consent Withdrawal

Where processing is based on consent, you may withdraw consent at any time.

10.6 Complaints

You may lodge a complaint with a supervisory authority if you believe your rights have been violated.

To exercise these rights, please contact us using the information in Section 14. We may need to verify your identity before processing requests.

11. FERPA Compliance

Scholara complies with the Family Educational Rights and Privacy Act (FERPA), the primary U.S. federal law governing student data privacy in educational institutions:

11.1 School Official Exception

Under FERPA's "school official" exception (34 CFR § 99.31(a)(1)):

Scholara acts as a "school official" with legitimate educational interests
We process student data only for the purposes specified in our agreement with educational institutions
We maintain direct control over student data as required by FERPA

11.2 Directory Information

Schools may configure what constitutes directory information in their Scholara settings. We provide tools to:

Designate which student fields are directory information
Manage parent/student opt-outs from directory disclosures
Track consent status for all students

11.3 Data Processing Addendum

For U.S. educational institutions, our Data Processing Addendum includes specific FERPA provisions:

Prohibition on using student data for unauthorized purposes
Requirements for data breach notification within 72 hours
Obligations to return or destroy data upon contract termination
Audit rights for schools to verify compliance

11.4 Parental Rights

Scholara provides administrative tools to help schools fulfill FERPA parental rights requirements:

Parent Right	Scholara Feature
Inspection and review	Parent portal access to student records
Amendment requests	Dispute flagging system with audit trail
Consent management	Electronic consent collection and tracking

12. Changes to This Privacy Policy

12.1 Update Procedure

We may update this Privacy Policy periodically to reflect:

Changes in our data practices
New features or services
Legal or regulatory requirements

12.2 Notification of Changes

When we make material changes, we will:

Post a prominent notice in the Services
Send email notifications to account administrators
Update the "Last Updated" date at the top of this policy

12.3 Review Period

For significant changes affecting data processing, we will provide at least 30 days advance notice before changes take effect.

13. Contact Us

If you have questions about this Privacy Policy or our data practices:

Scholara
Attn: Legal Department

20 Amaram ext Wetheral Rd, Owerri
Imo State
Nigeria

Lagos, Nigeria
Email: support@scholara.africa
Phone: 2347035148792

14. Policy Acceptance

By using Scholara's Services, you acknowledge that:

You have read and understood this Privacy Policy
You consent to the collection, use, and disclosure of information as described
Your institution has obtained all necessary consents from students, parents, and staff

For Schools: The individual accepting these terms represents that they have authority to bind their educational institution.

Contact Info