Legal

Privacy Policy

Last updated: March 2026

1. Introduction

Eduva ("we," "our," or "us") operates the Eduva school management platform (the "Platform"). This Privacy Policy explains how we collect, use, store, and protect information when you use our Platform. This policy covers all users, including school administrators, teachers, students, and parents.

2. Information We Collect

We collect the following types of information:

  • Personal Information: Names, email addresses, phone numbers, residential addresses, and profile photos provided during registration or by school administrators.
  • Academic Data: Student grades, attendance records, exam scores, continuous assessment marks, report card data, and class assignments.
  • Payment Information: Fee payment records and transaction history. Note: Credit/debit card details are processed directly by Paystack and are never stored on our servers.
  • Usage Data: Device information, browser type, IP address, pages visited, features used, and interaction patterns to help us improve the Platform.
  • Communication Data: Messages sent through the Platform's chat system between parents, teachers, and administrators.

3. How We Use Your Information

We use collected information for the following purposes:

  • School Management: Enabling schools to manage student records, track attendance, generate report cards, and administer exams.
  • Communication: Facilitating parent-teacher chat, sending announcements, SMS notifications, and email alerts.
  • Payment Processing: Processing school fee payments through our integration with Paystack.
  • Analytics: Generating school performance reports, attendance analytics, and academic insights for administrators.
  • Platform Improvement: Analyzing usage patterns to improve features, fix bugs, and enhance user experience.

4. Data Storage & Security

We take the security of your data seriously and implement the following measures:

  • All data is stored in secure, professionally managed cloud servers.
  • Data is encrypted both at rest and in transit using industry-standard encryption (TLS 1.2+, AES-256).
  • Access controls ensure that only authorized personnel can access sensitive data.
  • Regular automated backups are performed to prevent data loss.
  • We conduct periodic security audits and vulnerability assessments.

5. Data Sharing

We do not sell, rent, or trade your personal information. We share data only with:

  • Paystack: For processing fee payments. Paystack processes card details directly and is PCI DSS compliant.
  • Termii: For sending SMS notifications to parents and staff. Only phone numbers and message content are shared.
  • School Administrators: Each school's administrators can access only their own school's data.

We may also disclose information if required by law or to protect the rights, safety, or property of our users or the public.

6. Multi-Tenant Data Isolation

Eduva is a multi-tenant platform, meaning multiple schools use the same infrastructure. However, each school's data is strictly isolated:

  • Schools cannot access other schools' data under any circumstances.
  • Database queries are scoped to the authenticated school's tenant.
  • API endpoints enforce tenant-level access controls.
  • Administrative tools prevent cross-tenant data leakage.

7. Children's Privacy

Eduva collects student data on behalf of schools. Schools are responsible for obtaining appropriate parental consent through their enrollment process. Student data is used solely for educational purposes within the school's management context. We do not knowingly collect personal information from children without school and parental authorization.

8. Your Rights

In accordance with the Nigeria Data Protection Regulation (NDPR), you have the following rights:

  • Access: Request a copy of your personal data we hold.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal obligations.
  • Data Portability: Request your data in a machine-readable format (CSV/JSON).
  • Objection: Object to processing of your data in certain circumstances.

To exercise any of these rights, contact us at [email protected].

9. Cookies

We use minimal cookies strictly necessary for the operation of the Platform:

  • Authentication cookies: To keep you logged in securely.
  • Preference cookies: To remember your settings (e.g., theme, language).

We do not use advertising cookies or third-party tracking cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify all registered users via email at least 30 days before the changes take effect. Minor changes (e.g., typo corrections) may be made without notice. The "Last updated" date at the top of this page indicates when the policy was last revised.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: [email protected]
  • Phone: +234 811 253 9398
  • Address: 214 Broad Street, Elephant House, Lagos, Nigeria
Chat with us on WhatsApp