Schoolara

Legal

Data Retention Schedule

Draft — pending legal review

This document is a working draft. It is published here for transparency but has not yet been signed off by counsel. The contractual obligations between Schoolara and a school are governed by the Operator Agreement signed between the parties — not by this draft.


Data Retention Schedule

This schedule maps each category of personal information stored in Skoolara to a retention period, legal basis and end-of-life treatment. It supports the School's obligations under POPIA section 14 (retention and restriction of records) and the equivalent storage-limitation principle under GDPR Article 5(1)(e).

All retention periods are defaults. A School may, on documented instruction to Skoolara, set longer or shorter retention periods where permitted by law. Where the applicable statutory retention period is longer than a default below, the statutory period prevails.


Conventions


Retention table

# Data category Retention period Legal basis / rationale End-of-life action
1 Student profile (name, DOB, ID/passport, contact, demographic, grade, class) Enrolment end + 7 years South African Schools Act 84 of 1996; National Archives and Record Service of South Africa Act 43 of 1996; POPIA s14; education-sector best practice Hard delete. Aggregate historical roll data may be retained in anonymised form.
2 Marks and academic results Enrolment end + 40 years (or lifetime where practicable) Statutory and certification retention (historical academic record required for verification of qualifications); POPIA s14(1)(a) Archive then anonymise where no longer required for certification purposes.
3 Attendance records (daily and per-period) 7 years from the end of the academic year Compliance with South African Schools Act and provincial education regulations; POPIA s14 Hard delete. Aggregate attendance statistics retained anonymised.
4 Homework and assignment submissions Enrolment end + 2 years Education delivery; dispute and grading review windows; storage-limitation principle Hard delete.
5 Documents: ID, birth certificate, proof of residence Enrolment end + 5 years (or earlier where no longer required and no pending matter) Enrolment verification; Children's Act 38 of 2005; Identification Act 68 of 1997 Hard delete of scanned copies; paper originals (if any) returned to parent or securely destroyed.
6 Medical and health information (allergies, chronic conditions, medication) Enrolment end + 3 years Duty of care; Children's Act; POPIA s26-27 (special personal information) Hard delete.
7 Teacher notes / pastoral and disciplinary records Enrolment end + 7 years (serious matters: 15 years) Duty of care; potential litigation and safeguarding review; Prescription Act 68 of 1969 Hard delete. Where relevant to ongoing safeguarding concerns, retain under legal hold.
8 Parent / guardian profile and contact information Duration of the child's enrolment + 1 year (or until last child's enrolment ends + 1 year where multiple children) Performance of enrolment contract; POPIA s14; communication obligations Hard delete.
9 Parent–school communications (messages, notifications) 2 years from date of message Education delivery; potential dispute resolution Hard delete.
10 Teacher and staff profile Employment end + 7 years Basic Conditions of Employment Act 75 of 1997; Employment Equity Act 55 of 1998; Labour Relations Act 66 of 1995 Hard delete.
11 Teacher professional qualifications (SACE number, certificates) Employment end + 7 years Professional registration; employment law Hard delete.
12 Fees, invoices and payment records 5 years minimum from financial-year end Tax Administration Act 28 of 2011; Companies Act 71 of 2008 Archive; hard delete after retention lapses, save for data that must be retained longer by law.
13 Consent records (POPIA s18 notices, photograph consents, etc.) Duration of processing relying on that consent + 5 years after withdrawal or enrolment end Demonstrate lawful basis (POPIA s11; GDPR Art 7(1)); limitation periods for disputes Hard delete.
14 Audit logs (access, actions, exports) 7 years Security, accountability, investigation of security compromises; alignment with financial-record retention Hard delete.
15 Authentication logs (logins, failed logins, token issuance) 12 months Security; detection of account compromise; proportionality to purpose Hard delete.
16 Device / push-notification tokens Until device unregistration or 12 months of inactivity Necessary for push delivery; storage limitation Hard delete on rotation.
17 IP addresses and session data 12 months Security and fraud prevention Hard delete.
18 Error and performance logs 90 days (production); 30 days (where containing user identifiers) Operational reliability; data minimisation Hard delete.
19 Backups (routine) Rolling 35 days Business-continuity best practice; shortest window consistent with recovery-time objectives Backups are encrypted and automatically rotated; deletions from production flow through to backups within this window.
20 Disaster-recovery archives 12 months (quarterly snapshots) Business continuity Encrypted, access-controlled; automatic destruction at end of period.
21 Export files generated through the platform 30 days from generation Convenience for the School; minimisation of duplicated personal information Automatic hard delete after 30 days.
22 Support tickets and correspondence 3 years from ticket closure Service quality; dispute resolution Hard delete, or anonymise where retaining for service-improvement analysis.
23 Marketing contact data (staff, decision-makers only — not learners) Until opt-out or 3 years of inactivity Legitimate interest; Electronic Communications and Transactions Act 25 of 2002; POPIA s69 (direct marketing) Hard delete on opt-out or expiry.
24 CCTV / image uploads stored in Skoolara (where enabled by the School) 30 days default; longer only where required by a specific incident Safety and security; proportionality; POPIA s14 Hard delete on rolling window; incident-related footage retained under case reference.
25 Anonymised analytics and aggregate reports Indefinite Not personal information once properly anonymised; supports service improvement No action required; periodic review to ensure re-identification risk remains low.

If personal information is subject to a legal hold — for example, it is relevant to pending or threatened litigation, a regulatory investigation, or a safeguarding matter — the retention periods above are suspended for the affected records until the legal hold is released. Legal holds must be:


Deletion and anonymisation methods


Governance


End of Data Retention Schedule (draft v0.1).