Schoolara

Legal

Privacy Policy


Privacy Policy

Effective date: 6 July 2026 Applies to: learners enrolled at schools that use Skoolara, their parents/guardians, and school staff using the Skoolara platform.

This Privacy Policy explains how the school at which a learner is enrolled ("the school", "we", "us") collects, uses, shares and protects personal information through the Skoolara platform. The school is the Responsible Party under the Protection of Personal Information Act, 2013 ("POPIA") and, where applicable to learners or parents located in the European Union, the Controller under the General Data Protection Regulation ("GDPR"). Teleios IT Consulting (Pty) Ltd, operating the Skoolara platform ("Skoolara"), acts as the Operator (POPIA) / Processor (GDPR) on the school's behalf.

We use plain language wherever possible. Where precise legal language is necessary, we have used it and noted it.


1. Who we are

The School (Responsible Party / Controller)

The Responsible Party for a learner's personal information is the school at which that learner is enrolled. Each school's registered details and the contact details of its designated Information Officer are provided to parents and guardians at enrolment and are available inside the Skoolara app. Skoolara supports schools across South Africa, so this policy refers to "the school" generically — it means the specific school your child attends.

Skoolara (Operator / Processor)

If you have a question about your own or your child's personal information, you should normally contact your school first. Skoolara will only act on instructions from the school except where law requires otherwise.


2. What this policy covers

This policy covers personal information collected and processed through:

It does not cover third-party websites linked from the platform. Those sites have their own privacy policies.


3. Personal information we collect

The information we collect depends on who you are. Much of the information we hold relates to children (learners under 18 years of age) and is therefore subject to additional protections — see section 6 below.

3.1 About learners (including children)

3.2 About parents and guardians

3.3 About teachers and staff

3.4 Technical information (all users)


4. Why we collect it (purposes)

We collect and use personal information for the following purposes:

  1. Education delivery — enrolling learners, assigning them to classes, recording marks, setting homework, publishing reports, facilitating communication between teachers, learners and parents.
  2. Attendance compliance — recording attendance as required by the South African Schools Act 84 of 1996 and provincial education regulations.
  3. Statutory reporting — submitting learner-level and aggregate data to the Department of Basic Education's information systems (including SA-SAMS and its successors) and to provincial departments of education.
  4. Safety and duty of care — verifying identity of adults collecting learners, emergency medical response, safeguarding.
  5. School–parent communication — sending notices, newsletters, attendance alerts, invoices, academic reports and direct messages.
  6. Billing and administration — fees, invoices, school-level reporting.
  7. Security, fraud prevention and audit — detecting unauthorised access, investigating incidents, maintaining audit trails.
  8. Legal compliance — responding to lawful requests from regulators, courts or authorised public bodies.

We will not use personal information for any purpose that is materially different from these without first obtaining fresh consent or establishing another lawful basis.


Under POPIA, we rely on the following justifications (s11) depending on the data and purpose:

For learners or parents located in the EU, the parallel GDPR bases are applied:

Where we rely on consent, you may withdraw it at any time. Withdrawal does not affect processing carried out before withdrawal, nor does it affect processing where we have another lawful basis (for example, statutory reporting obligations).


6. Children's data — special protections

Because the Skoolara platform is designed for use by schools, most of the personal information we hold relates to children. We apply the following additional safeguards:


7. Who sees personal information

Within the school, access is role-based:

Outside the school, personal information may be disclosed to:

Operators / Processors engaged by the school or by Skoolara include:

Skoolara does not process school-fee payments; fee information in the app is a bookkeeping record only. A complete and current list of the specific sub-processors engaged is maintained in the Operator Agreement between the school and Skoolara and is available from the school on request.


8. Where your information is stored

Personal information processed through Skoolara is stored and processed within the Republic of South Africa.

The only routine cross-border element is the delivery of push notifications to mobile devices, which relies on a global messaging service. Those notifications are data-minimised: they contain only an opaque device identifier and a generic, non-personal message — never a learner's name, marks or message content. The app fetches the actual content via an authenticated request, served from within South Africa, when the user opens the notification. To the extent this involves any transfer, Skoolara relies on the safeguards permitted by POPIA s72 (and, where applicable to EU-located users, GDPR Chapter V), including Standard Contractual Clauses or equivalent contractual safeguards with the relevant provider.


9. How long we keep personal information

We keep personal information only for as long as necessary for the purposes for which it was collected, or as required by law. The following are default retention periods; a school may configure retention in line with its own policies and applicable regulations. A detailed retention schedule is maintained by Skoolara and is available from the school on request.

Category Default retention
Active learner records During enrolment + 7 years after the learner leaves the school
Academic marks and reports Statutory period (generally the learner's lifetime for certification purposes)
Attendance records 7 years
Parent contact information Lifetime of the school relationship + 1 year
Teacher/staff records 7 years after termination of employment
Audit logs 7 years
Backups Rolling 35 days

At the end of the retention period, personal information is securely deleted or irreversibly anonymised.


10. Your rights

POPIA and GDPR give you rights in relation to your (or your child's) personal information, including:

We aim to respond to requests within 30 days. Complex requests may take longer, in which case we will tell you why and keep you informed.


11. How to request access, deletion or correction

You may exercise your rights by:

Please tell us clearly what you are asking for and provide enough information for us to verify your identity. If you are asking on behalf of a child, we may confirm that you are their parent or legal guardian.


12. Security

We take the security of personal information seriously. Measures include:

No system is perfectly secure. We continually improve our controls and respond promptly to identified risks.


13. Breach notification

If a security compromise occurs affecting personal information, we will act in accordance with POPIA s22 and, where applicable, GDPR Articles 33 and 34:

We maintain standard breach-notification procedures and templates internally so that any required notification is made promptly and consistently.


14. Complaints

If you are concerned about how your (or your child's) personal information has been handled, you can:

  1. Contact your school's Information Officer (details in your enrolment pack and the Skoolara app).
  2. Contact Skoolara at privacy@skoolara.co.za.
  3. Lodge a complaint with the Information Regulator (South Africa): - Information Regulator (South Africa) - JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 - P.O. Box 31533, Braamfontein, 2017 - Complaints email: POPIAComplaints@inforegulator.org.za - General email: inforeg@justice.gov.za - Website: https://inforegulator.org.za

If you are in the EU, you may also lodge a complaint with your national supervisory authority.


15. Changes to this policy

We may update this policy from time to time. When we do, we will:


16. Contact

Your school (Responsible Party) Contact your school's designated Information Officer first — their contact details are in your enrolment pack and in the Skoolara app.

Skoolara operator contact Teleios IT Consulting (Pty) Ltd (trading as Skoolara) Information Officer: Sachen Govender (Information Regulator registration 2026-005741) Email: privacy@skoolara.co.za


End of Privacy Policy.