Privacy Policy

Your privacy matters to us. This policy explains how Schoolyft collects, uses, and protects your information.

Last updated: January 20, 2026

1. Introduction and Scope

Schoolyft Solutions Ltd ("Schoolyft," "we," "us," or "our") operates a school management, communication, assessment, and Computer-Based Testing (CBT) platform designed for African schools. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Schoolyft platform, including our website, mobile applications, and related services (collectively, the "Platform").

This Policy applies to all users of our Platform, including:

  • Schools (administrators, principals, and school management)
  • Teachers (educators and instructional staff)
  • Parents/Guardians (parents, legal guardians, or authorized caregivers)
  • Students (learners, including minors)

By accessing or using our Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Policy, please do not use our Platform.

2. Information We Collect

We collect different types of information depending on your role within the Platform:

2.1 Information from Schools

  • School name, address, and contact information
  • Administrator names, email addresses, and phone numbers
  • Class structures, curriculum data, and timetables
  • Billing and payment information (for paid services)

2.2 Information from Teachers

  • Full name, email address, and phone number
  • Employment information and assigned classes
  • Assessment data created for students
  • Communication records with parents and school administration

2.3 Information from Parents/Guardians

  • Full name, email address, and phone number
  • Relationship to student(s)
  • Communication preferences
  • Communications with teachers and school

2.4 Information from Students

  • Full name, date of birth, and class/grade level
  • Student identification numbers
  • Academic records (grades, assessment results, CBT scores)
  • Attendance records (clock-in/clock-out times)
  • Performance analytics and progress data

2.5 Automatically Collected Information

  • Device information (type, operating system, browser)
  • Log data and error reports
  • Cookies and similar tracking technologies

3. How We Collect Data

We collect information through:

  • Direct submission: When you register, create an account, or input data into the Platform
  • School administration: When schools add students, teachers, and parents to the system
  • Automated collection: Through cookies and similar technologies when you use the Platform
  • Offline data collection: Through our Progressive Web App (PWA) which stores data locally on your device using IndexedDB and local storage
  • Attendance systems: Through QR code or barcode scanning for student clock-in/clock-out
  • CBT examinations: Through our examination system, including offline exam responses stored temporarily on devices

4. Purpose of Data Collection

We use collected information to:

  • Provide and maintain the Schoolyft Platform
  • Enable communication between schools, teachers, and parents
  • Deliver and grade CBT examinations and assessments
  • Track and report student attendance
  • Generate performance analytics and progress reports
  • Manage curriculum and timetables
  • Process payments and manage subscriptions
  • Provide customer support
  • Improve and optimize our services
  • Ensure platform security and prevent fraud
  • Comply with legal obligations
  • Send service-related communications

5. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Contractual necessity: Processing necessary to fulfill our service agreement with schools
  • Consent: Where you have given explicit consent for specific processing activities
  • Legitimate interests: For improving our services, security, and fraud prevention
  • Legal compliance: To comply with applicable laws and regulations, including the Nigeria Data Protection Act (NDPA)
  • Vital interests: In emergency situations affecting the safety of students

6. Data Related to Children and Minors

Schoolyft is designed for use in educational settings where students may be minors (under 18 years of age). We are committed to protecting children's privacy and comply with applicable child data protection standards.

Key protections for student data:

  • Student accounts are created and managed by schools, not by students directly
  • Schools are responsible for obtaining appropriate consent from parents/guardians for student participation
  • Student data is only accessible to authorized school personnel, assigned teachers, and linked parents/guardians
  • We do not knowingly collect personal information directly from children under 13 without parental consent
  • Student data is used exclusively for educational purposes
  • We do not use student data for advertising or marketing purposes
  • Parents/guardians have the right to review, correct, or request deletion of their child's data through the school

7. Schools as Data Controllers

When schools use Schoolyft, they act as data controllers for the personal data of their students, teachers, and parents. Schoolyft acts as a data processor, processing data on behalf of schools according to their instructions.

Schools are responsible for:

  • Obtaining appropriate consent for data collection from parents/guardians
  • Ensuring the accuracy of data entered into the Platform
  • Managing user access and permissions within their organization
  • Responding to data subject requests from their students, teachers, and parents
  • Determining retention periods for their institutional data
  • Complying with applicable data protection laws in their jurisdiction

8. Data Sharing and Third-Party Services

We may share your information with:

  • Service providers: Third-party vendors who help us operate our Platform (cloud hosting, analytics, payment processing)
  • Within user roles: Teachers can access student data for their assigned classes; parents can access their linked children's data
  • Legal requirements: When required by law, court order, or government request
  • Business transfers: In the event of a merger, acquisition, or reorganization, your data may be transferred to the successor entity, who will be bound by this Privacy Policy
  • With consent: When you have given explicit permission

We require all third-party service providers to maintain appropriate security measures and to process personal data only according to our instructions.

We do NOT sell personal data to third parties.

9. Data Storage, Retention, and Deletion

Storage: Your data is stored on secure servers provided by reputable cloud service providers. We implement industry-standard security measures to protect your data.

Retention: We retain personal data for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required by law or requested by the school. Specific retention periods include:

  • Active accounts: Data is retained while the account remains active
  • Academic records: Retained according to school policies and legal requirements (typically 5-7 years after graduation)
  • Communication logs: Retained for 3 years unless otherwise specified
  • Billing records: Retained for 7 years for tax and accounting purposes

Deletion: Schools may request deletion of their data upon termination of their account. Individual users may request deletion through their school or by contacting us directly.

10. Offline Data Handling

Schoolyft operates as a Progressive Web App (PWA) with offline capabilities. This means:

  • Local storage: Some data may be stored locally on your device using IndexedDB and browser local storage to enable offline functionality
  • Offline CBT exams: Exam questions and student responses may be stored temporarily on the device during offline examinations
  • Automatic sync: When internet connectivity is restored, locally stored data is automatically synchronized with our servers
  • Data security: Offline data is encrypted and protected by your device's security features
  • Temporary storage: Offline exam data is deleted from the device after successful synchronization

You are responsible for maintaining the security of your device when using offline features.

11. Security Measures

We implement comprehensive security measures to protect your data:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication and access controls
  • Regular security assessments and updates
  • Employee training on data protection
  • Incident response procedures for potential data breaches
  • Access logging and monitoring
  • Role-based access control (RBAC)
  • Regular data backups

While we strive to protect your personal data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify affected parties promptly in the event of a data breach.

12. User Rights

Under applicable data protection laws, including the Nigeria Data Protection Act (NDPA), you have the following rights:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Right to restrict processing: Request limitation of how we use your data
  • Right to data portability: Request your data in a machine-readable format
  • Right to object: Object to certain processing activities
  • Right to withdraw consent: Withdraw previously given consent at any time

To exercise these rights, please contact us using the details provided below. For student data, requests should generally be made through the school.

13. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential cookies: Required for Platform functionality and security
  • Analytics cookies: Help us understand how users interact with our Platform
  • Preference cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may affect Platform functionality.

14. International Data Transfers

Schoolyft primarily operates in Nigeria and Africa. Your data may be transferred to and processed in countries outside your country of residence where our service providers are located.

When transferring data internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses with service providers
  • Ensuring receiving countries have adequate data protection standards
  • Implementing additional technical and organizational measures

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting the updated Policy on our Platform
  • Updating the "Last updated" date
  • Sending email notifications to registered users for significant changes

We encourage you to review this Policy periodically. Continued use of the Platform after changes constitutes acceptance of the updated Policy.

16. Contact Information

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Schoolyft Solutions Ltd

Email: privacy@schoolyft.com

Address: Lagos, Nigeria

Website: https://schoolyft.institute

See also our Terms of Service