Privacy policy

Skola respects your privacy and is committed to protecting personal data in accordance with the Nigeria Data Protection Act 2023 (NDPA), where it applies to our processing activities.

We process data on behalf of schools, including: student information; parent or guardian details; staff information; and academic and administrative records entered into the platform.

For school-managed data, the school is typically the Data Controller and Skola acts as a Data Processor, processing that data in order to provide the service.

Data is processed in order to: manage school operations; provide dashboards and reports; and enable communication and workflows within the school, as configured by the school.

All data belongs to the school, subject to Skola’s limited rights to host, run, and secure the service as described in our Terms and this Policy.

Schools are responsible for obtaining consent (or other lawful basis) from parents, guardians, staff, or data subjects as required under applicable law before uploading personal data to Skola.

Data may be stored on secure cloud infrastructure. Skola may use providers and regions as described in our infrastructure and sub-processor documentation; some systems may be located outside Nigeria. We implement appropriate safeguards as required for cross-border processing.

We implement appropriate technical and organisational measures, which may include: encryption in transit; access controls; secure authentication; and monitoring, as part of a layered security programme. No system is 100% secure; schools should also protect accounts and follow good access hygiene.

Data is retained for as long as the school account is active and for a reasonable period afterwards as needed for backups, legal compliance, or dispute resolution, unless a different period is agreed or required by law. Schools may use export and account-closure options in the product, subject to our Terms.

Schools and individuals may, depending on role and law: request access; request corrections; request deletion; or request export, by contacting the school in the first instance for school-held records, or contacting Skola for account or platform issues at info@skolahq.com.

In the event of a personal data breach likely to affect data subjects, Skola will follow its incident process and, where required, notify customers and work with the school to meet regulatory timelines.

We use third-party services (for example, hosting, authentication, email, payments) to operate Skola. Those providers only receive data needed to perform their function and are bound by contract and applicable law. A non-exhaustive list may be made available on request or in product documentation.

This policy may be updated from time to time. We will post the revised version on this page and update the effective date. Material changes may also be highlighted in-product or by email when appropriate.

info@skolahq.com