Privacy Policy

Last updated: June 2026 · Compliant with the Protection of Personal Information Act (POPIA), 2013

  Summary: We collect personal information from schools, parents, teachers and learners to provide our school management platform. We never sell your data. You have the right to access, correct, or delete your information at any time.

1. Who We Are

My School Admin (operated by [Your Company Name]) is a cloud-based school administration platform designed for daycare centres and pre-schools in South Africa. We act as an operator (data processor) on behalf of schools, which are the responsible parties (data controllers) under POPIA.

Information Officer: [Name]
Email: privacy@my-school-admin.co.za
Address: [Physical Address, South Africa]

2. What Information We Collect

2.1 School Administrators

Name, email address, phone number
School registration number
Billing and payment information (processed via PayFast — we do not store card details)

2.2 Parents / Guardians

Full name, South African ID number, email, phone number
Relationship to learner(s)
Emergency contact details
Communication preferences

2.3 Learners (Children)

Full name, date of birth, gender
Medical information (allergies, dietary requirements, medication)
Registration documents (uploaded by parents)
Attendance records
Class and programme enrolment

2.4 Teachers

Full name, email address, phone number
Class assignments
Activity content (daily updates, timetables)

2.5 Technical Data

IP address and browser information (for security and session management)
Device tokens (for push notifications via Firebase Cloud Messaging)
Login timestamps and session activity

3. Why We Collect This Information

We process personal information for the following lawful purposes:

Performance of a contract — to provide the school management platform as subscribed
Legitimate interest — to improve our services, prevent fraud, and ensure platform security
Consent — for optional features such as push notifications and marketing communications
Legal obligation — to comply with SA education and child protection legislation

4. Special Personal Information

We process children's information (a special category under POPIA Section 35) with the explicit consent of the parent or legal guardian, obtained during the registration process. Medical information is processed solely for the safety and wellbeing of the child while in the school's care.

5. How We Store and Protect Your Data

All data is stored on servers located in [Germany/Europe] with industry-standard security measures
Data is encrypted in transit (TLS/HTTPS) and sensitive fields are hashed (passwords)
Access is role-based — parents only see their own children, teachers only see their assigned classes
We conduct regular security reviews and maintain audit logs of all access
Documents are stored in encrypted object storage (MinIO)

6. Who We Share Data With

We do not sell personal information. We share data only with:

The school — which is the responsible party for the learner and parent data
PayFast — for payment processing (they have their own privacy policy)
Google Firebase — for push notification delivery (device tokens only)
Email service providers — for transactional email delivery (email address only)

We do not transfer personal information outside South Africa except where necessary for cloud infrastructure, and such transfers comply with POPIA Section 72.

7. Data Retention

Active accounts: Data retained while the school subscription is active
After cancellation: Data retained for 90 days, then anonymised or deleted
Learner archives: Historical records retained for up to 5 years for school compliance
Chat messages: Archived annually, deleted after 5 years
Audit logs: Retained for 2 years for security purposes

8. Your Rights Under POPIA

You have the right to:

Access — request a copy of all personal information we hold about you
Correction — request we correct inaccurate or incomplete information
Deletion — request we delete your personal information (subject to legal retention requirements)
Object — object to processing of your personal information for direct marketing
Data portability — request your data in a machine-readable format
Withdraw consent — withdraw previously given consent at any time

To exercise any of these rights, contact us at privacy@my-school-admin.co.za. We will respond within 30 days.

9. Cookies and Local Storage

We use browser local storage to:

Maintain your login session (authentication tokens)
Store user preferences (theme colours, notification settings)
Cache data for offline/performance purposes

We do not use third-party tracking cookies or advertising cookies.

10. Children's Privacy

We take children's privacy seriously. All learner data is:

Only accessible by authorised school staff and the child's registered parent/guardian
Never used for marketing or advertising purposes
Never shared with third parties for their own purposes
Processed only with explicit parental consent given during registration

11. Data Breaches

In the event of a personal data breach, we will:

Notify the Information Regulator within 72 hours (as required by POPIA)
Notify affected data subjects as soon as reasonably possible
Take immediate steps to mitigate the breach and prevent recurrence

12. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email to school administrators. The "Last updated" date at the top indicates the most recent revision.

13. Contact Us

For privacy-related enquiries or to exercise your rights:

Email: privacy@my-school-admin.co.za
Website: https://my-school-admin.co.za
Information Regulator (South Africa): https://inforegulator.org.za