Privacy Policy

1 Introduction

Scholary-Labs Technologies Ltd. ("Scholary-Labs," "we," "us," or "our") is committed to protecting the privacy of all individuals who use our platform, including school administrators, teachers, students, parents, accountants, and librarians.

This Privacy Policy explains how we collect, use, process, and store personal information when you use the Scholary-Labs platform ("Service"). It also describes your rights regarding your personal data and how you can exercise those rights.

By using our Service, you consent to the data practices described in this Privacy Policy. This policy should be read in conjunction with our Terms of Service.

2 Information We Collect

We collect different types of information depending on how you interact with our Service:

2.1 Information You Provide

• Account Information: name, email address, phone number, password (hashed using bcrypt), and profile photo
• School Information: school name, email, phone, address, city, country, logo image, principal signature image, admission prefix, established year, school type, school description, bank account details
• Student Data: full name, email, phone, date of birth, gender, address, state, nationality, religion, guardian name and phone, student photo, registration number, class assignment, admission date, and pass-out year
• Staff Data: name, email, phone, date of birth, gender, address, nationality, marital status, qualification, start date, and profile photo
• Academic data: results (CAT scores and exam marks), report cards, behaviour assessments, assignments
• Financial Data: income and expense records (title, amount, description, date)
• Payment data: subscription plan selection, Paystack payment reference, payment amount, payment status, and the full Paystack API response object

2.2 Information Collected Automatically

• Session data: session ID, IP address, user agent, and last activity timestamp (stored in the sessions database table)
• Authentication events: login timestamps recorded via database notifications
• Cookies: Small data files stored on your device to enhance your experience (see Section 7)

2.3 Information from Third Parties

• Payment Processors: Transaction confirmations, payment status, and partial card details from Paystack
• Authentication Providers: Basic profile information if you sign in using Google or Microsoft

3 How We Use Your Data

We use the information we collect for the following purposes:

• To create and manage user accounts and role-based access
• To provide academic management features (results, report cards, assignments, behaviour assessments)
• To process subscription payments through Paystack
• To enforce storage limits for gallery uploads
• To generate PDF documents (report cards, ID cards, receipts, finance statements)
• To send in-app notifications (login alerts, class management events, school setup confirmations)
• To display school information on the public school landing page
• To enforce subscription validity and grace period access control

4 Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share your data only in the following limited circumstances:

• Service Providers: We share data with trusted third-party providers who help us operate our Service, including cloud hosting (for infrastructure), Paystack (for payment processing), and email delivery services. These providers are contractually obligated to protect your data.
• Within Your School: Data is shared with authorized users within your school based on their role and permissions. For example, teachers can see student records for their assigned classes.
• Legal Requirements: We may disclose information if required by law, regulation, court order, or government request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any such change and the choices you have regarding your data.
• With Your Consent: We may share your data for any other purpose with your explicit consent.

5 Data Storage & Security

We take the security of your data seriously and implement industry-standard measures to protect it:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256 encryption)
• Authentication: Secure password hashing using bcrypt, with support for multi-factor authentication
• Access Controls: Strict role-based access controls ensure that users only access data relevant to their role
• Infrastructure: Our servers are hosted in secure, SOC 2 compliant data centers with 24/7 monitoring

6 School Data Isolation

Scholary-Labs operates as a multi-tenant platform with strict data isolation between schools. This is a core architectural principle:

• Each school's data (students, staff, finances, results) is logically separated within our database
• No school administrator, teacher, or user can access data belonging to another school
• Scholary-Labs (platform-level administrators) can manage school accounts but have audited, limited access to school-specific data
• All database queries are scoped to the authenticated school, preventing cross-school data leakage
• Regular security audits and penetration testing are conducted to verify data isolation integrity

7 Cookies & Tracking Technologies

The platform uses server-side to store sessions. Session data includes user ID, IP address, and user agent. Our platform tokens are stored in cookies as a security measure. No third-party tracking cookies or advertising cookies are used.

We do not use advertising cookies or third-party tracking cookies for marketing purposes. You can manage cookie preferences through your browser settings.

8 Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal obligations)
• Right to Portability: Export your data in a structured, machine-readable format

To exercise any of these rights, please contact us at info@scholarylabs.com. We will respond to your request within 7 days.

For school administrators: you can exercise data portability and deletion rights for your school's data directly through the admin dashboard

9 Children's Privacy

Scholary-Labs is designed for use by educational institutions, which inherently involves processing data related to minor students. We take children's privacy very seriously:

• Student accounts are created and managed exclusively by authorized school administrators
• We collect only the student data that is necessary for academic administration and management
• Student data is never used for marketing, advertising, or profiling purposes
• Parents and guardians may request access to, correction of, or deletion of their child's data by contacting their school administrator
• We comply with applicable child data protection regulations including the Nigeria Data Protection Regulation (NDPR)

10 Data Retention

We retain your data only for as long as necessary to fulfill the purposes outlined in this policy:

• Active Accounts: data is retained for the duration of the active subscription plus any grace period.
• Financial Records: Payment and transaction records may be retained for up to 7 years as required by tax and financial regulations
• Anonymized Data: We may retain anonymized, aggregated data indefinitely for analytics and service improvement purposes. This data cannot be linked back to individual users.

11 International Data Transfers

Scholary-Labs primarily processes and stores data within Nigeria. However, some of our service providers may process data in other jurisdictions. When data is transferred internationally, we ensure appropriate safeguards are in place:

• Data processing agreements with all third-party providers
• Compliance with the Nigeria Data Protection Regulation (NDPR)
• Standard contractual clauses for international transfers where applicable
• Verification that receiving parties maintain adequate data protection standards

12 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

• We will update the "Last Updated" date at the top of this page
• We will notify active users via email or in-app notification at least 7 days before changes take effect
• We will post the revised policy on our website
• For significant changes affecting how we handle student data, we will seek explicit re-consent from school administrators

We encourage you to review this page periodically to stay informed about how we protect your data.

13 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can reach us through the following channels:

• General Support: info@scholarylabs.com
• Contact Page: https://scholarylabs.com/contact

For data subject requests (access, deletion, correction, portability), please email info@scholarylabs.com with the subject line "Data Subject Request." We will acknowledge your request within 48 hours and respond within 7 days.