1. Introduction
edPLEstar ("we," "us," "our," or "Company") is committed to protecting your privacy and ensuring transparent data practices. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website www.edplestar.com and use our Service.
Please read this Privacy Policy carefully. If you do not agree with our data practices, please do not use the Service. Your use of edPLEstar constitutes your acceptance of this Privacy Policy.
Privacy Commitment: We take data privacy seriously and comply with the General Data Protection Regulation (GDPR), children's privacy laws (COPPA), and Uganda's data protection regulations. Your data is your property, and we handle it with the utmost care.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Full name (student, parent, or teacher)
- Email address
- Date of birth
- School/Institution name (if applicable)
- Contact phone number
- Password (encrypted)
- Account type (Student, Parent, or Teacher)
- Grade/Class level (for students)
2.2 Usage Data
We automatically collect information about how you interact with the Service:
- Login and logout times
- Pages visited and content accessed
- Time spent on each page or lesson
- Features and tools used
- Search queries and filters applied
- Device and browser information
- IP address and approximate location
- Referral sources and links clicked
2.3 Performance and Progress Data
We track educational activity to provide personalized learning:
- Quiz and assignment scores
- Correct and incorrect answers
- Completion rates and progress tracking
- Learning strengths and areas for improvement
- Certificate and badge achievements
- Time spent on practice problems
- Learning patterns and preferences
2.4 Communication Data
If you contact us or participate in platform communications:
- Email correspondence and support tickets
- Forum posts and discussion contributions
- Feedback and survey responses
- In-app messages and notifications sent/received
2.5 Payment Information
Payment processing is handled by secure third-party providers. We do not store full credit card details, but we may collect:
- Transaction ID
- Billing name and address
- Email confirmation receipts
- Subscription plan and billing history
2.6 Device and Technical Data
We collect technical information to maintain and improve the Service:
- Device type, operating system, and version
- Browser type and version
- Mobile device identifiers (if applicable)
- Network connection type
- Crash reports and error logs
3. How We Use Information
3.1 To Provide and Improve the Service
We use your information to:
- Create and maintain your account
- Deliver educational content and lessons
- Track progress and generate performance reports
- Personalize learning experiences based on performance data
- Fix bugs and improve platform functionality
- Conduct analytics and understand user behavior patterns
- Develop new features and educational content
3.2 To Communicate with You
We use your information to:
- Send service updates and announcements
- Respond to support requests and inquiries
- Send reminders about account activity or deadlines
- Notify you of subscription renewals or changes
- Send educational tips and learning recommendations
- Inform you of policy changes
3.3 Educational and Administrative Purposes
We use information to:
- Measure educational effectiveness
- Create anonymized research reports on learning outcomes
- Comply with curriculum standards and regulations
- Support teacher lesson planning and grading
- Enable parent monitoring and progress reports
3.4 Security and Compliance
We use information to:
- Detect and prevent fraud and unauthorized access
- Protect against malware and security threats
- Enforce Terms and Conditions
- Comply with legal obligations and court orders
- Monitor for violations of Acceptable Use Policy
3.5 Marketing (with Consent)
We may use your information to:
- Send promotional emails about new features (only if you opted in)
- Share success stories and testimonials (with permission)
- Conduct surveys and gather feedback
- Invite you to webinars or educational events
You may opt-out of promotional communications at any time by clicking "unsubscribe" in email messages or adjusting your account preferences.
4. Legal Basis for Processing
Under GDPR and equivalent regulations, we process personal data based on the following legal grounds:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and service provision | Contractual necessity |
| Payment processing | Contractual necessity |
| Parental consent for children under 13 | Parental consent |
| Marketing communications | Explicit consent (opt-in) |
| Platform improvement and analytics | Legitimate interest |
| Legal compliance and fraud prevention | Legal obligation / legitimate interest |
| Security monitoring | Legitimate interest |
5. Data Sharing
5.1 Third-Party Service Providers
We share limited data with trusted third parties who provide services on our behalf:
- Supabase (Cloud Storage): We use Supabase for secure data storage and database management. Supabase complies with GDPR and implements enterprise-grade security.
- Payment Processors: Third-party payment providers handle subscription transactions securely. We do not share full credit card details.
- Email Service Providers: We use email services to send notifications and communications. These providers have data processing agreements in place.
- Analytics Services: We may use analytics tools to understand usage patterns (data is anonymized where possible).
5.2 Legal Requirements
We may disclose personal information if required by law, court order, or government request. This includes:
- Subpoenas or warrants
- Child safety investigations
- Compliance with Uganda's laws and regulations
- Protecting against fraud or illegal activity
5.3 What We Do NOT Do
edPLEstar strictly does NOT:
- Sell personal data to third parties for marketing purposes
- Share data with advertisers or data brokers
- Use student data to profile users for commercial gain
- Share data without appropriate legal agreements in place
- Disclose information without parental consent for children under 13 (except as legally required)
Your Data is Not a Product: We believe student data is sacred. We never monetize or sell your information. Our business model depends on subscription fees, not data exploitation.
6. Children's Privacy
6.1 Commitment to Child Safety
edPLEstar is designed for Primary 7 students and takes children's privacy seriously. We comply with:
- Children's Online Privacy Protection Act (COPPA)
- General Data Protection Regulation (GDPR) child protection provisions
- Uganda's child protection laws and regulations
6.2 Special Protections for Users Under 13
For students under 13 years old:
- Parental Consent Required: A parent or legal guardian must create the account and explicitly consent to data collection and processing.
- Limited Data Collection: We collect only information necessary for educational purposes.
- No Behavioral Advertising: We do not use student data for targeted advertising.
- No Third-Party Marketing: We do not share data with external marketers.
- Parental Access: Parents can view, access, and request deletion of their child's data.
- Age-Appropriate Content: All content is curated to be appropriate for Primary 7 students.
6.3 Parental Rights for Children Under 13
Parents of children under 13 have the right to:
- Review what personal data we collect about their child
- Request access to their child's account and progress data
- Request deletion of their child's account and associated data
- Direct us to cease collection of data from their child
- Modify or correct information in their child's account
- Revoke consent and terminate the account at any time
6.4 Safety Monitoring
We monitor user behavior to protect child safety:
- Automated content filtering to prevent access to inappropriate material
- Monitoring of in-app communications for harmful content
- Automated detection of potential grooming or predatory behavior
- Immediate removal of flagged content or users
- Reporting mechanisms for students, parents, and teachers
7. Data Retention
7.1 Retention Periods
We retain personal data for different periods depending on the purpose:
- Active Account Data: Retained while your account is active. Includes account information, progress data, and educational records.
- After Account Termination: Educational progress data may be retained for 3 years to comply with educational records requirements (can be deleted upon request).
- Payment Records: Retained for 7 years for tax and legal compliance.
- Support Tickets: Retained for 2 years unless customer requests deletion.
- Marketing Lists: Retained until you unsubscribe or request removal.
- Cookies and Analytics: Retained for up to 2 years.
7.2 Deletion Requests
You may request permanent deletion of your personal data at any time (subject to legal retention requirements). Upon request, we will delete all identifiable information within 30 days, except where we are legally obligated to retain it.
8. Your Rights
8.1 Rights Under GDPR
If you are in the European Union or have EU-level data protections, you have the following rights:
- Right to Access: You can request a copy of all personal data we hold about you.
- Right to Rectification: You can correct inaccurate or incomplete information.
- Right to Erasure ("Right to be Forgotten"): You can request deletion of your data (subject to certain exceptions).
- Right to Restrict Processing: You can ask us to limit how we use your data.
- Right to Data Portability: You can receive your data in a structured format and transfer it elsewhere.
- Right to Object: You can object to certain types of processing (e.g., marketing).
- Rights Related to Profiling: You have the right not to be subject to automated decision-making based solely on automated processing.
8.2 Exercising Your Rights
To exercise any of these rights, please contact us at [email protected] with your request. We will respond within 30 days.
8.3 No Discrimination
We will not discriminate against you for exercising your privacy rights. You will not face penalties or reduced service quality for requesting access, deletion, or other rights.
9. Cookies
9.1 What Are Cookies?
Cookies are small text files stored on your device that help us recognize you and improve your experience. They are used to maintain your login session and remember your preferences.
9.2 Types of Cookies We Use
- Essential Cookies: Required for basic functionality (login, security). Cannot be disabled.
- Preference Cookies: Remember your settings and preferences (language, theme).
- Analytics Cookies: Help us understand how users interact with the platform (anonymized).
- Security Cookies: Protect against unauthorized access and fraud detection.
9.3 Managing Cookies
You can control cookies through your browser settings. However, disabling essential cookies may affect the functionality of the Service. For students, parents can manage cookie preferences through the parental control settings.
9.4 Third-Party Cookies
We do not allow third-party advertisers to set cookies on our platform. Any cookies are set by edPLEstar or our service providers under strict data agreements.
10. International Data Transfers
10.1 Where Data is Stored
edPLEstar uses Supabase for cloud data storage. Depending on your account settings and region, data may be processed or stored in different locations. We ensure that all international transfers comply with GDPR and other applicable regulations.
10.2 Data Transfer Mechanisms
For transfers outside of Uganda or the EU, we use:
- Standard Contractual Clauses (SCCs) approved by relevant authorities
- Adequacy decisions (where applicable)
- Your explicit consent for specific transfers
10.3 Your Rights Across Borders
Your privacy rights apply regardless of where your data is processed or stored. You retain the right to access, correct, and delete your data globally.
11. Security Measures
11.1 Technical Security
We implement industry-leading security measures to protect your data:
- Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.3 or higher.
- Database Security: All data at rest is encrypted using AES-256 encryption.
- Access Controls: Only authorized staff can access personal data, and access is logged and monitored.
- Regular Audits: We conduct regular security audits and penetration testing.
- Vulnerability Management: We identify and patch security vulnerabilities promptly.
11.2 Organizational Security
We maintain strong organizational safeguards:
- Confidentiality agreements with all staff members
- Background checks for employees with data access
- Limited access to data on a need-to-know basis
- Data protection training for all staff
- Incident response procedures
11.3 User Responsibility
While we implement strong security, you also play a role:
- Keep your password confidential and strong
- Do not share your login credentials with others
- Log out when using shared devices
- Report suspicious activity immediately
- Update your browser and device software regularly
11.4 Data Breach Notification
In the unlikely event of a data breach, we will:
- Notify affected users within 72 hours (as required by GDPR)
- Provide details about the breach and affected data
- Explain the steps we are taking to secure data
- Offer guidance on protective actions users can take
- Comply with all legal notification requirements
12. Changes to This Policy
edPLEstar may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by:
- Updating the "Last Updated" date at the top of this policy
- Sending email notification to your registered email address
- Posting a prominent notice on the website
- Requiring you to accept new terms (if changes are significant)
Your continued use of edPLEstar after changes become effective constitutes your acceptance of the updated Privacy Policy. If you do not agree with changes, you may delete your account and cease using the Service.
13. Contact Us
If you have questions about this Privacy Policy, your data, or our privacy practices, please contact us:
Email: [email protected]
Website: www.edplestar.com
Mailing Address: Kampala, Uganda
Data Protection Officer: For data protection concerns, you can reach our Data Protection Officer at [email protected].
13.1 Right to Lodge a Complaint
If you believe we have violated your privacy rights or data protection regulations, you have the right to lodge a complaint with the relevant supervisory authority or data protection authority in your jurisdiction.
Last Updated: January 1, 2025
This Privacy Policy is effective as of the date listed above and applies to all users of the edPLEstar platform.
Version: 1.0