Legal

Privacy Policy

How eduSYMS collects, uses, stores, and protects your personal information — written to align with the South African Protection of Personal Information Act (POPIA).

Last updated · 8 May 2026 Governed by South African law Contact · info@edusyms.com

1. About this policy

This Privacy Policy explains what personal information eduSYMS handles when you use our marketing website (edusyms.com), our products (SiMS Platform, skillSYMS, chatSYMS, eduSYMS Edge, eduPLAY), and the services we provide to educational institutions.

Where eduSYMS acts as a processor of learner, parent, or staff data on behalf of an institution, that institution is the responsible party for that data and its own privacy notice applies first. This policy describes what we do as the operator of the platform.

2. Who we are

eduSYMS is the responsible party for personal information collected through our marketing site and our customer accounts. You can reach our team at info@edusyms.com or via WhatsApp on +27 76 263 6000.

For matters specifically relating to POPIA, you can contact our Information Officer at the same email address with the subject line "Information Officer".

3. Information we collect

We collect different categories of information depending on how you interact with us.

a. Information you give us

  • Account and contact details (name, role, institution, email, phone) when you book a demo or sign up.
  • Communications you send us (form submissions, emails, WhatsApp messages).
  • Content you choose to upload as a customer (records, documents, images), processed on behalf of your institution.

b. Information we collect automatically

  • Basic usage data (pages visited, referrer, approximate location based on IP) when you browse our marketing site.
  • Device and browser characteristics (user-agent, screen size, language) for performance and accessibility.
  • Local-storage values you set yourself (theme preference, language, dismissed announcement) — described in our Cookie Policy.

c. Information from third parties

  • WhatsApp Business platform metadata when you message us via WhatsApp (delivery and read status, phone number).
  • Analytics aggregates from sub-processors used to run the platform (none currently active beyond what's listed in our cookie policy).

4. Why we collect it

  • Service delivery — to operate the platform you use, fulfil customer obligations, and provide support.
  • Communication — to respond to your enquiries, provide demo access, and send service-related notices.
  • Improvement — to understand how the marketing site and product are used and make them better.
  • Compliance — to meet our obligations under South African law and the regulatory frameworks our customers operate under.
  • Security — to protect accounts, detect abuse, and keep the platform reliable.

5. Legal basis (POPIA)

We process personal information only where one of the lawful grounds set out in section 11 of POPIA applies. In practice, the grounds we rely on are:

  • Consent — for direct marketing, optional analytics, and parent / learner messaging via WhatsApp.
  • Contract — to deliver the services you or your institution has subscribed to.
  • Legal obligation — for tax, audit, and education-sector reporting requirements.
  • Legitimate interest — for service security, abuse prevention, and product improvement, balanced against your rights.

6. How we share information

We do not sell personal information. We share it only where it is necessary to operate the service or where law requires it.

  • Sub-processors — cloud hosting, email delivery, WhatsApp Business platform, customer support tooling, error monitoring. We maintain a current sub-processor list available on request.
  • Customer institutions — when you communicate with an eduSYMS-using institution through our platform, your message is delivered to the institution's authorised users.
  • Legal authorities — where compelled by valid legal process, such as a court order or regulator request.
  • Successors — in the event of a merger or acquisition, transferred only with continued protection equivalent to this policy.

7. Where it is stored

Customer data is stored primarily on infrastructure resident in South Africa. Limited operational data may be processed by sub-processors based outside South Africa where required to deliver the service (for example, the official WhatsApp Business platform). Where this happens, we ensure equivalent protection through contractual safeguards as required by POPIA.

8. How long we keep it

We keep personal information only as long as needed for the purposes described in this policy or as required by law. Specific retention windows include:

  • Marketing leads — up to 24 months after last contact, unless you ask us to delete sooner.
  • Customer account data — for the duration of the subscription, plus 12 months in archival form, after which it is deleted or anonymised.
  • Records required by law — for the period the relevant law requires (for example, financial records).

9. Your rights under POPIA

You have the following rights in relation to your personal information:

  • Access — request a copy of the information we hold about you.
  • Correction — ask us to correct inaccurate or incomplete information.
  • Deletion — ask us to delete your information, subject to lawful retention obligations.
  • Objection — object to processing on legitimate-interest grounds.
  • Direct marketing opt-out — unsubscribe from marketing at any time.
  • Complain — lodge a complaint with the South African Information Regulator if you believe we have not handled your information lawfully.

To exercise any of these rights, contact us at info@edusyms.com. We may need to verify your identity before acting on a request.

10. Children's data

eduSYMS is used by educational institutions, which means learner data — including data about children under 18 — flows through the platform under each institution's authority. The institution is responsible for obtaining the relevant consents under POPIA, including parental consent where required.

We do not knowingly collect personal information directly from children under 18 through our marketing site. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete it.

11. Cookies and similar technologies

Our marketing site uses minimal browser-storage technology — a few values in localStorage for your theme preference, language, and announcement-dismissed state. We do not currently use third-party advertising cookies. The full list is in our Cookie Policy.

12. Security

We use technical and organisational safeguards proportionate to the sensitivity of the data we handle, including encryption in transit, role-based access controls, audit logging, and regular review of our sub-processor practices. No system is perfectly secure, but we work continuously to reduce risk.

13. Changes to this policy

We may update this policy from time to time. Material changes will be highlighted on this page and the "Last updated" date at the top will be revised. Continued use of the service after a change indicates acceptance of the updated terms.

14. Contact us

For privacy questions, requests, or complaints, contact us at info@edusyms.com or via WhatsApp on +27 76 263 6000.

You can also lodge a complaint with the South African Information Regulator. Their contact details are publicly available at the regulator's website.