Data Protection Policy

1 Our Commitment

Soloz Technologies is committed to processing data in line with applicable data protection legislation and ensuring that all personal data is handled responsibly throughout its lifecycle.

We recognize that data protection is not merely a legal obligation — it is a fundamental right of individuals. Educational data in particular is highly sensitive, covering students who may be minors, and we treat it with the utmost care and responsibility.

This policy applies to:

All personal data processed via the EduSphere Cloud platform
All Soloz Technologies staff who access institutional data
All schools, institutions, and organizations ("Subscribers") using our services
All third-party processors engaged in our data supply chain

2 Core Data Protection Principles

All personal data processed through EduSphere Cloud is handled in accordance with the following principles:

Lawfulness & Fairness

Data is processed only where there is a legitimate lawful basis and in a manner that is transparent to individuals.

Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes and never processed in ways incompatible with those purposes.

Data Minimisation

We collect only the data that is necessary and relevant for the specific purpose of delivering school management services.

Accuracy

Reasonable steps are taken to ensure personal data is accurate, kept up to date, and corrected when necessary.

Storage Limitation

Data is retained only for as long as necessary for the purposes for which it was collected, then securely deleted.

Integrity & Confidentiality

Data is protected using appropriate technical and organizational measures against unauthorized processing, loss, or damage.

3 Lawful Basis for Processing

EduSphere Cloud processes personal data under the following lawful bases:

Processing Activity	Lawful Basis
Account creation & authentication	Contract performance
Student record management	Legitimate interests / Legal obligation
Fee processing & financial records	Contract performance / Legal obligation
Attendance & academic tracking	Legitimate interests of the school
Platform analytics & improvement	Legitimate interests (anonymized)
Security monitoring & audit logs	Legitimate interests / Legal obligation
Marketing communications (to schools)	Consent / Legitimate interests

4 Roles & Responsibilities

Soloz Technologies (Data Processor)

Maintains the technical infrastructure and security of the EduSphere Cloud platform
Processes data only on the documented instructions of the subscribing school
Implements and maintains appropriate technical and organizational safeguards
Assists schools in fulfilling data subject requests and regulatory obligations
Notifies schools of any confirmed data breach within 72 hours
Maintains records of all processing activities carried out on behalf of schools

Subscribing Schools (Data Controllers)

Determine the purposes for which student, staff, and parent data is processed
Obtain appropriate consent from parents/guardians where required by law
Configure role-based access to limit data visibility to only those who need it
Respond to data subject access requests from students, parents, and staff
Ensure their use of EduSphere Cloud complies with applicable local data protection laws
Notify Soloz Technologies immediately of any suspected security incidents

A Data Processing Agreement (DPA) is available to schools requiring formal documentation of our processor relationship. Contact privacy@edusphere.cloud to request a DPA.

5 Technical Security Measures

We implement a defense-in-depth security strategy across our platform:

Encryption

All data in transit is encrypted via TLS 1.2+ (HTTPS)
All user passwords are hashed using bcrypt with appropriate cost factors
Sensitive configuration values are encrypted at rest

Access Control

Granular Role-Based Access Control (RBAC): School Admin, Teacher, Bursar, Parent roles
Multi-tenant architecture: each school's data is strictly isolated
Session timeouts and secure session management
CSRF protection on all state-changing operations

Monitoring & Auditing

Comprehensive audit trails of all significant data operations
Application-level error and security event logging
Regular review of access logs for anomalous activity

Infrastructure

Automated daily backups with verified restore capability
Firewall rules restricting unnecessary network exposure
Regular security patching of server operating systems and dependencies

6 Data Breach Response

In the event of a confirmed or suspected data breach, we follow a structured response procedure:

Detect

Identify and confirm the scope of the incident

Contain

Isolate affected systems and stop further exposure

Notify

Alert affected schools within 72 hours

Remediate

Fix root cause and implement improvements

Schools are responsible for notifying affected individuals and relevant regulatory authorities (where required) upon receiving our breach notification. We will provide all necessary information to support this process.

To report a suspected security incident, contact our security team immediately at security@edusphere.cloud. Do not report security vulnerabilities publicly.

7 International Data Transfers

EduSphere Cloud is primarily designed for operation within Africa and similar jurisdictions. Where data is stored or processed by infrastructure providers in other countries, we ensure appropriate safeguards are in place:

Data Processing Agreements (DPAs) with all infrastructure providers
Preference for hosting providers with data centers in or near the subscriber's region
Contractual clauses ensuring equivalent data protection standards

Schools with specific data residency requirements should contact us to discuss available options.

8 Third-Party Data Processors

We work with a limited number of trusted third-party processors to deliver our services. All third-party processors are:

Vetted for their data protection and security practices
Bound by written Data Processing Agreements
Permitted to process data only for specified, documented purposes

Processor Type	Purpose	Data Shared
Cloud Hosting Provider	Platform infrastructure & storage	All platform data (encrypted at rest)
Payment Gateway (Flutterwave)	Subscription billing processing	Billing contact & transaction amounts only
Email Service Provider	System notifications & alerts	Email addresses only

We do not share student academic or personal data with any third-party processor beyond those required to run the platform infrastructure.

9 Staff Awareness & Training

All Soloz Technologies employees who may access institutional data are required to:

Complete data protection awareness training upon onboarding
Review and acknowledge this Data Protection Policy annually
Follow secure coding practices and data handling procedures
Report suspected data breaches or vulnerabilities immediately

Access to production data is strictly limited to authorized personnel on a need-to-know basis, with additional controls for any access to live institutional data.

10 Complaints & Enforcement

If you believe your data protection rights have been violated or this policy has not been followed, you have the right to:

Contact us directly to raise your concern (see below)
File a complaint with your local data protection authority or regulatory body

Data Protection Enquiries

privacy@edusphere.cloud

Security Incidents

security@edusphere.cloud

We take all complaints seriously and will respond within 30 business days. Where violations are confirmed, we will take prompt corrective action and inform affected parties accordingly.

On this page