Privacy Policy

Effective Date: February 21, 2023
Last Updated: January 1, 2026

Edunile is a software product operated by PI Computing, a registered business name in the Federal Republic of Nigeria ("we," "us," "our").

This Privacy Policy explains how we collect, use, process, store, and protect personal data in accordance with:

Nigeria Data Protection Regulation (NDPR) 2019
Nigeria Data Protection Act (NDPA) 2023
General Data Protection Regulation (EU) 2016/679 (GDPR), where applicable

1. Roles and Responsibilities

1.1 School Data

For student, parent, and staff data uploaded by schools:

The School acts as the Data Controller.
Edunile (operated by PI Computing) acts as the Data Processor.

Schools are responsible for ensuring lawful basis for collecting and uploading personal data, including obtaining parental consent where required.

1.2 Platform Account Data

For administrator or user account data, PI Computing acts as the Data Controller.

2. Categories of Personal Data Collected

Identity & Contact Data

Names
Email addresses
Phone numbers
Institutional roles

Academic & Institutional Data

Student records
Attendance records
Grades and assessments
Fee and payment records
Parent/guardian details

Financial Data

Billing information
Transaction records (Card details are processed by third-party payment providers and are not stored by us.)

Technical Data

IP address
Browser type
Device information
Usage logs
Cookies

3. Lawful Basis for Processing

We process personal data based on:

Performance of a contract
Compliance with legal obligations
Legitimate interests (security, fraud prevention, system improvement)
Consent, where required

4. Purpose of Processing

We use personal data to:

Provide and maintain the Platform
Manage school operations
Process payments
Improve platform performance and security
Provide customer support
Comply with applicable laws

We do not sell personal data.

5. Data Sharing

We may share data with:

Cloud hosting providers
Payment processors
Analytics and security service providers

All subprocessors are contractually obligated to comply with applicable data protection standards.

6. International Data Transfers

Where personal data is transferred outside Nigeria:

Appropriate safeguards are implemented consistent with NDPR requirements.
For EU data subjects, GDPR-compliant safeguards such as Standard Contractual Clauses may be used.

7. Data Security

We implement reasonable technical and organizational safeguards, including:

Encrypted HTTPS connections
Role-based access control
Secure cloud hosting
Encrypted backups
Audit logging

No system is completely secure, and users share data at their own risk.

8. Data Retention

We retain personal data:

For the duration of the school's subscription
As required by law
Until deletion is requested by the School (Data Controller)

Upon termination, data may be exported upon request and deleted after a defined retention period.

9. Data Subject Rights

Under NDPR and GDPR (where applicable), individuals may have the right to:

Access personal data
Request correction
Request deletion
Restrict processing
Object to processing
Withdraw consent

Requests concerning school-managed data must first be directed to the relevant school.

10. Data Breach Notification

In the event of a personal data breach, affected schools will be notified without undue delay. Regulatory authorities will be notified where required by law.

11. Children's Data

Edunile processes children's data only under documented instructions from schools. Schools are responsible for obtaining necessary parental or guardian consent.

12. Updates to This Policy

We may update this Privacy Policy periodically. Continued use of the Platform constitutes acceptance of updates.

13. Contact Information

Operator: Edunile
Email: privacy@edunile.com
Location: Federal Republic of Nigeria

For complaints under NDPR, individuals may contact the Nigeria Data Protection Commission (NDPC).
EU data subjects may contact their local supervisory authority.