Privacy Policy

Version 1 - Last updated: February 15, 2026

1. INTRODUCTION

This Privacy Policy explains how ElimuSys ("Platform", "System", "Service") collects, uses, processes, stores, and protects personal data.

ElimuSys is operated by [Your Company Legal Name] ("Company", "We", "Us", "Our").

We are committed to protecting personal data in accordance with applicable data protection laws, including the laws of the Republic of Kenya and globally recognized data protection principles.

By using ElimuSys, you acknowledge that you have read and understood this Privacy Policy.


2. ROLE OF THE PARTIES

2.1 Institution as Data Controller

The registered educational institution ("Institution") determines the purpose and means of processing personal data. The Institution is therefore the Data Controller.

2.2 ElimuSys as Data Processor

ElimuSys processes personal data strictly on behalf of and under the instructions of the Institution.

We do not sell, rent, or trade personal data.


3. PERSONAL DATA WE PROCESS

Depending on how the Platform is used, we may process the following categories of data:

3.1 Student Data

  • Full name
  • Admission number
  • Date of birth
  • Academic records and exam results
  • Attendance records
  • Class enrollment details

3.2 Parent/Guardian Data

  • Full name
  • Contact information (phone number, email address)
  • Relationship to student
  • Billing-related information

3.3 Staff Data

  • Full name
  • Role within the institution
  • Contact details
  • System usage logs

3.4 Financial Data

  • Billing records
  • Payment status
  • Transaction references

3.5 Technical Data

  • IP address
  • Device information
  • Login timestamps
  • Activity logs and audit trails


4. PURPOSE OF PROCESSING

We process personal data for the following purposes:

  • Managing student academic records
  • Generating performance analytics and reports
  • Managing billing and financial records
  • Enabling communication between school and parents
  • Ensuring system security and fraud prevention
  • Maintaining audit logs and compliance records

We process data only for lawful, legitimate, and specified educational and administrative purposes.


5. LEGAL BASIS FOR PROCESSING

Processing is conducted based on one or more of the following:

  • Performance of a contract between ElimuSys and the Institution
  • Compliance with legal obligations
  • Legitimate interests of the Institution in administering education
  • Consent where required by applicable law


6. DATA SECURITY MEASURES

We implement reasonable technical and organizational measures to safeguard personal data, including:

  • Role-based access control
  • Secure authentication mechanisms
  • Encrypted data transmission where applicable
  • Activity logging and monitoring
  • Restricted internal access to data

While we strive to protect personal data, no system can guarantee absolute security.


7. DATA RETENTION

Personal data is retained only for as long as necessary to:

  • Provide the Services
  • Comply with legal and regulatory requirements
  • Resolve disputes and enforce agreements

Upon termination of service:

  • Institutions may request export of their data within a specified period.
  • Data may be retained temporarily for legal compliance.
  • Data may be permanently deleted after the retention period.


8. DATA SHARING AND DISCLOSURE

We may share data only under the following circumstances:

  • With the Institution (as Data Controller)
  • With authorized third-party service providers (e.g., hosting or payment processors)
  • Where required by law, court order, or regulatory authority
  • To protect the rights, safety, or property of the Company or Users

All third-party processors are required to implement appropriate security safeguards.


9. INTERNATIONAL DATA TRANSFERS

Where data is stored or processed outside Kenya, we ensure that appropriate safeguards are implemented to protect personal data in accordance with applicable law.


10. RIGHTS OF DATA SUBJECTS

Subject to applicable law, individuals may have the right to:

  • Access their personal data
  • Request correction of inaccurate data
  • Request deletion of data where legally permissible
  • Object to certain types of processing
  • Withdraw consent where processing is based on consent

Requests should be directed to the Institution as the Data Controller.


11. CHILDREN’S DATA

ElimuSys processes student data strictly for educational and administrative purposes under the authority of the Institution.

The Institution is responsible for obtaining any necessary parental or guardian consents required by law.


12. COOKIES AND SYSTEM LOGS

ElimuSys may use session-based technologies and system logs to:

  • Maintain secure login sessions
  • Improve system performance
  • Monitor system integrity

We do not use intrusive tracking for advertising purposes.


13. DATA BREACH PROCEDURES

In the event of a data breach that poses a risk to personal data:

  • We will notify the Institution without undue delay.
  • We will cooperate with the Institution in fulfilling any legal reporting obligations.
  • We will take appropriate remedial actions.


14. LIMITATION OF LIABILITY

To the extent permitted by law, the Company shall not be liable for:

  • Misuse of data by the Institution or its Users
  • Unauthorized access resulting from compromised credentials
  • Decisions made by the Institution based on system-generated reports


15. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update this Privacy Policy at any time.

Material changes will be communicated through the Platform or via official communication channels.

Continued use of the Platform constitutes acceptance of the updated Privacy Policy.

For questions about this privacy policy, please contact support.