From schools
- Roster information the school provides: student names, class levels, guardian names and phone numbers, and staff names and emails.
- School records the school creates by using the platform: attendance, grades, report cards, fee invoices and payments, lesson plans, and announcements.
- Login credentials: student codes and PINs, staff emails and passwords. PINs and passwords are stored by our identity service in hashed form — we cannot read them — and accounts lock after repeated failed attempts.
From families
- Account details a guardian provides at sign-up: their name, email, phone number, and their children's first names and class levels.
- Subscription payments are processed by Paystack. Card and mobile-money numbers go directly to Paystack — they never touch our servers, and we store only the payment reference and status.
From using the apps
- Learning progress — lessons opened, exercises completed, scores — so students, teachers, and parents can see how learning is going.
- SMS and email delivery records, so the school can see which messages reached which guardians.
- Website analytics on this marketing site only, via self-hosted, cookieless Umami. No cookies, no cross-site tracking, no third-party analytics companies.
§ 02 — Face recognition at the school gate
Some schools choose to use our gate kiosk for attendance. It is optional, chosen by the school, and built deliberately conservatively:
- The kiosk stores numeric face templates (vectors), never photographs. A template cannot be turned back into a picture of a child.
- A manual check-in path is always available — no child is required to use face recognition.
- Templates are deleted when a student leaves the school or the school stops using the kiosk.
§ 03 — Children's data
- Children's accounts are created by their school or their guardian — never by the child alone.
- There are no public profiles, no messaging with strangers, no leaderboards that expose a child's identity beyond their own school, and no behavioural advertising of any kind.
- Children's data is used for exactly one purpose: their own learning and their school's records.
§ 04 — Where data lives, and how it is protected
- Data is hosted on dedicated servers in European data centres (Hetzner), encrypted in transit (TLS) and at rest in backups.
- Every school is isolated at the database layer — each record is bound to one school, enforced by the database itself, not just by application code.
- Administrative actions are audit-logged: who did what, when, and from where.
- Encrypted backups are taken daily and stored off-site.
§ 05 — Who we share data with
Only the processors the platform needs to function, each receiving the minimum required:
- Paystack — family subscription payments.
- Arkesel — SMS delivery to guardian phone numbers.
- Resend — transactional email delivery.
- Hetzner — server hosting, as described above.
We do not sell, rent, or trade data — to anyone, ever. We disclose data beyond this list only if the law requires it.
§ 06 — Your choices and deletion
- Schools own their data and can request a full export or deletion at any time.
- Guardians can ask their school — or us directly — to correct or delete their family's information.
- Family accounts can cancel their subscription at any time and request deletion of the account and its data.
Send any request to info@simusim.com. We honour deletion requests fully; where a school has a legal duty to keep certain records (for example fee receipts), we delete everything else and tell you what was kept and why.
§ 07 — Changes and contact
If this policy changes in a way that matters, we will update this page and note the new date at the top. Questions, concerns, or requests: info@simusim.com or +233 54 911 2103.
See also how the platform is engineered to protect each school's data on the security section of the home page, and the terms of service.