Legal

Privacy Policy

How we collect, use, and safeguard your information

Last Updated: June 17, 2025

At Somocloud, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use Somocloud — our advanced school management and automation platform. This policy applies to all users, including school administrators, teachers, finance officers, and educational institutions.

By using Somocloud, you agree to the collection and use of information as described in this policy. If you do not agree, please refrain from using the platform.

1. Information We Collect

We collect the following types of information to provide and improve our services:

a. Personal Information

  • Account Information: Name, email address, phone number, and institution name when you register.
  • User-Generated Content: Student records, fee entries, reports, and other data you upload or create within the platform.
  • Profile Information: Job title (e.g., principal, teacher, bursar) and role-specific preferences.

b. Non-Personal Information

  • Usage Data: Features accessed, frequency of use, session duration, and workflow patterns.
  • Device Information: Device type, operating system, browser version, IP address, and unique device identifiers.
  • Analytics Data: Anonymized data used to understand platform performance and improve the user experience.

c. Information from Third Parties

If you sign in using a third-party service (e.g., Google), we may collect your name, email, and profile photo, subject to your consent.

We do not collect or store sensitive student personal data beyond what is required for NEMIS compliance and institutional management, and only with your explicit authorization.

2. How We Use Your Information

We use your information to:

  • Provide Services: Enable core platform features including student management, finance, NEMIS sync, and CBC tracking.
  • Personalize Your Experience: Tailor dashboards and workflows to your institution's settings and role.
  • Improve the Platform: Analyze usage patterns to enhance features, fix bugs, and optimize performance.
  • Communicate with You: Send product updates, maintenance notices, and support responses. Promotional emails include an unsubscribe option.
  • Ensure Security: Detect and prevent fraud, unauthorized access, and system abuse.
  • Comply with Legal Obligations: Adhere to Kenya's Data Protection Act 2019 and respond to lawful requests.

3. How We Share Your Information

We do not sell your personal information. We may share your data only in the following circumstances:

  • With Service Providers: Trusted third-party vendors (e.g., cloud hosting, analytics) bound by strict confidentiality agreements.
  • With Your Consent: When you explicitly share records or reports with other authorized users within your institution.
  • For Legal Reasons: When required by law, court order, or to protect Somocloud's rights and user safety.
  • Business Transfers: In a merger or acquisition, data may transfer to the new entity — you will be notified in advance.

4. Data Storage and Security

  • Storage: Data is stored on secure cloud servers with encryption in transit (TLS) and at rest.
  • Retention: We retain your data as long as your account is active. Account deletion requests are processed within 30 days; anonymized analytics data may be retained.
  • Security Measures: We employ encryption, role-based access controls, and regular security audits. No system is entirely immune to risk, and we will notify you promptly in the event of a breach.

5. Your Rights and Choices

You have the following rights regarding your data:

  • Access and Update: View and edit your personal information via your account settings.
  • Delete: Request account and data deletion by emailing support@somocloud.org. Processed within 30 days.
  • Opt-Out: Unsubscribe from marketing emails at any time via the link in the email.
  • Data Portability: Request a copy of your data in a machine-readable format.
  • Withdraw Consent: Withdraw consent for data processing at any time, though this may affect platform functionality.

To exercise any of these rights, contact us at support@somocloud.org.

6. Children's Privacy

Somocloud is intended for use by institutional administrators and educators, not by children under 13 directly. We do not knowingly collect personal information from children under 13. Student data managed within the platform is held on behalf of the school as the data controller. If you believe data of a child under 13 has been improperly collected, please contact us immediately.

7. International Data Transfers

Somocloud is developed in Nairobi, Kenya. Data may be stored or processed on servers outside Kenya (e.g., AWS). We ensure all international transfers comply with Kenya's Data Protection Act 2019, using appropriate safeguards such as Standard Contractual Clauses.

8. Third-Party Links

The platform may link to third-party services (e.g., NEMIS, payment gateways). We are not responsible for the privacy practices of those services. Please review their respective policies before interacting with them.

9. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or an in-app notice at least 14 days before taking effect. The "Last Updated" date at the top always reflects the current version.

10. Contact Us

If you have any questions or requests regarding this policy, please reach out:

Somocloud — Lano Technologies

support@somocloud.org

Maruti Heights, Langata, Nairobi, Kenya

We aim to respond to all inquiries within 5 business days.