Atenda Logo
  • Products
  • Why Atenda
  • Contact
Atenda Ltd — Innovation for Education

Platform Privacy Policy

Detailed architecture on how Atenda systematically collects, deploys, archives, and immunizes personal data components.

Document: Privacy Policy
Version: 1.0
Effective Date: 01 January, 2026
Last Updated: 09 June, 2026

📋 How to Read This Document

This policy is structurally segmented to accommodate multiple data touchpoints: Section A (Privacy directives for Schools) and Section B (Privacy directives for Parents and Guardians). Please review the specific sections detailing your compliance context.

Policy Sections
  • 1. Intro & Legal Bases
  • 2. Data Controller Entities
  • 3. Information Collected
  • 4. Processing & Deployment
  • 5. Archive & Security Protocol
  • 6. Data Retention Limits
  • 7. Controlled Data Sharing
  • 8. School Controller Duties
  • 9. Held Parent Profiles
  • 10. Use of Parent Matrix
  • 11. Heightened Child Care
  • 12. Data Subject Rights
  • 13. System Notifications
  • 14. Cookie & Session Logic
  • 15. Regulatory Redress
  • 16. Policy Amendments
  • 17. National Legislation

1. Introduction and Legal Basis

Atenda Ltd is intensely dedicated to shielding the visual privacy and personal data matrices of all individuals interacting with the Atenda Platform ecosystem. This comprehensive Privacy Policy sets out how Atenda handles information assets in total structural compliance with the Nigeria Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act 2023, and all concurrent operational data codes in Nigeria.

Atenda processes operational data components based strictly on the following lawful parameters:

  • (a) Contractual necessity — To completely fulfill and provision the active web platform software capabilities to onboarding Schools as mapped in the Subscription Agreement.
  • (b) Legitimate interest — To monitor, preserve, protect, and refine the execution performance of the multi-tenant tech environment for schools, administrators, and parents.
  • (c) Legal obligation — To structurally comply with statutory demands or oversight criteria flagged under Nigerian jurisprudence.
  • (d) Consent — Where processing routines rely on explicit data subject confirmation, consent parameters will be cleared explicitly and can be withdrawn dynamically by the individual at any moment.
Section A — For Schools

3. What Data Atenda Collects from Schools

In operating the integrated software space, Atenda processes the following parameters on behalf of the School:

  • (a) School identification data: Formal school name, dedicated subdomain architecture, geographical address, state location, and local government area (LGA) tracking, plus institutional logo uploads.
  • (b) School Admin and staff data: Full names, active telephone lines, business email profiles, corporate roles, and operational login structures (passwords are systematically shielded as irreversible bcrypt hashes — never stored in plain text formats).
  • (c) Student data (Logged strictly by the School): Full names, biological date of birth, gender attributes, system-assigned admission values, passport photograph uploads, classroom allocations, historical institutional data, state of origin matrices, religion, complete guardian contact cards, and critical medical alerts.
  • (d) Academic data (Logged strictly by the School): Individual course scores, assessment tracking, term-based examination parameters, classroom roll-call maps, compiled report card printouts, and structured remarks from instructional staff.
  • (e) Fee data (Logged strictly by the School): Institutional fee blueprints, logged financial payments, transaction execution dates, payment styles, and digital receipt archives.
  • (f) Subscription data: System-generated subscription statements, student metric snapshots logged at term-lock events, transaction histories, and contract tracking parameters.
  • (g) Usage and audit data: Immutable logs documenting all computational actions completed on the platform workspace, charting identity vectors, timestamps, and modification values for system integrity.

4. How Atenda Uses School Data

Atenda deploys the processed information matrices explicitly for the following operational workflows:

  • (a) To cleanly render, power, stabilize, and map the custom software tools assigned to the School's subdomain space.
  • (b) To permit authorized Atenda deployment specialists to configure workspace architectures, troubleshoot software bugs, or provide structural technical support when requested by School management.
  • (c) To auto-compile subscription profiles, map operational billing tiers, and handle institutional account metrics with Atenda.
  • (d) To route operational notification templates over WhatsApp API or email networks concerning term metrics, system updates, and billing windows.
  • (e) To track hosting environment safety, intercept malicious brute-force attempts, and safeguard platform structural health.
  • (f) To evolve software modularity using entirely anonymized, desensitized, and aggregated performance benchmarks that cannot trace or reveal any unique school or data subject identity.
  • (g) Strict Limitation: Atenda will never parse, process, deploy, or review student records, school details, or parental numbers for marketing, user profiling, profiling models, or commercial pipelines separate from powering the core software space.

5. Data Storage and Security

  • (a) All system databases and structural archives are maintained inside modern, hardened cloud servers managed by globally premier cloud infrastructure providers. Atenda leverages rigid physical, technical, and architectural logic to shield personal data vectors from unauthorized capture or leakage.
  • (b) Core technical defenses incorporate: End-to-end encrypted transmission tunnels (HTTPS/TLS), bcrypt-hashed password layers, strict multi-tenant isolation patterns (guaranteeing that individual school databases are isolated logically and cannot be accessed or breached by separate platform tenants), and comprehensive systemic access tracking.
  • (c) Atenda initiates recurring technical configuration scans and internal posture updates across all deployment pipelines.
  • (d) In alignment with national compliance provisions, if a verified data breach occur that threatens data subject profiles, Atenda will formally alert the affected Schools and the Nigeria Data Protection Commission (NDPC) within seventy-two (72) hours of threat verification.

6. Data Retention — Schools

  • (a) Atenda archives active database assets, including student records and grade logs, for the entire duration that the School preserves an active, paid account structure on the platform.
  • (b) Following formal closure of a School's account, data assets are preserved for a safety buffer of ninety (90) days to facilitate institutional extraction routines. Once this window passes, all user tables are programmatically overwritten and purged from primary databases.
  • (c) Baseline financial logs, subscription invoices, and core technical security logs may be safely archived for up to seven (7) years to align with corporate audit and regulatory compliance frameworks.
  • (d) School management can file for specific category data purges at any time by coordinating directly with the Atenda Data Protection Officer. Processing occurs within thirty (30) days.

7. Data Sharing — Schools

Atenda maintains a strict zero-monetization stance on data assets. Information parameters are shared strictly under the following operational scopes:

  • (a) Shared securely with data-processor cloud storage vendors for the explicit intent of maintaining system performance. These providers operate under tight processing limitations.
  • (b) Routed through integrated WhatsApp Business API nodes and enterprise email delivery systems strictly to execute transactional messages configured by the School.
  • (c) Disclosed to judicial bodies or federal law enforcement frameworks only when validated by a binding legal court directive or strict statutory compliance call under Nigerian jurisdiction.
  • (d) Rendered directly to the School's internal staff in absolute sync with the roles and administrative clearance levels mapped by the School management.

8. School's Obligations as Data Controller

Because the School commands the definitive processing context regarding student and parental information, the School fundamentally owns the Data Controller status under law and:

  • (a) Must explicitly clarify to parents, guardians, and staff that information profiles are safely processed through the Atenda digital workspace, matching requirements under the NDPR.
  • (b) Must secure valid processing approvals before adding student fields or distributing access logs for the Parent Portal.
  • (c) Must handle information correction workflows and serve as the direct contact node for data subjects attempting to trigger privacy rights requests.
  • (d) Must completely avoid uploading files or information arrays that it lacks a valid legal title or processing right to handle.
Section B — For Parents & Guardians

9. What Data Atenda Holds About Parents

When an administrative unit configures a profile path inside the Parent Portal, the system processes the following data segments:

  • (a) Guardian's formal identity parameters and documented relationship to the respective student.
  • (b) Direct telephone lines, WhatsApp data numbers, and personal email frameworks.
  • (c) System validation keys — Phone tracking credentials and account PIN layouts (completely encrypted via irreversible hashing logic).
  • (d) Portal activity timelines — Documenting precise dates, timestamps, and login milestones for verification safety.
  • (e) Messaging files generated during active communication within the Portal workspace.
📋 Note on Information Origin: All parental data held on the platform is gathered by the School during enrollment or setup. Atenda does not harvest guardian data independently. The School retains the role of Data Controller; Atenda handles processing strictly under institutional instructions.

10. How Parent Data is Used

  • (a) To securely initialize, authorize, and run the personal dashboard access paths for the guardian.
  • (b) To push system notifications over text/WhatsApp API as requested by the School — including immediate report card updates, fee logging logs, and unexpected student absence notices.
  • (c) To run the basic transactional chat interface linking parents directly to the School Admin units.
  • (d) To track login logs to maintain database security.
  • (e) Data Guarantee: Parental profiles are never analyzed, utilized, or forwarded for third-party commercial mapping, product tracking, or external communication loops.

11. Children's Data

  • (a) Atenda understands that student information sets track underage data subjects under 18 years of age. Atenda maintains heightened digital barriers and defensive logic to shield minor profiles.
  • (b) Minor data fields are never evaluated for targeted profiling, commercial ads, tracking, or behavior mapping.
  • (c) Information is protected from third-party lookup vectors outside core cloud data storage vendors (mapped in Clause 7).
  • (d) Academic summaries are accessible exclusively to: the School's authorized staff elements, verified guardians logging in via secure PIN, and Atenda technical support staff strictly for database troubleshooting.
  • (e) Atenda blocks direct registration pipelines for minors; all child accounts are generated by institutional administrators or verified guardians.

12. Parent Rights Under NDPR

As an absolute data subject inside the framework of the Nigeria Data Protection Regulation 2019 and the Nigeria Data Protection Act 2023, you hold the following statutory capabilities:

  • (a) Right of access: The capability to call for a comprehensive copy of your processed personal data matrices.
  • (b) Right to rectification: The capability to adjust flawed or incorrectly formatted records. (Note: Student performance inputs or financial balances can only be adjusted by the School Admin).
  • (c) Right to erasure: The capability to demand data purges, subject to administrative retention rules.
  • (d) Right to restrict processing: The capability to limit active data processing routines under unique circumstances.
  • (e) Right to data portability: The capability to demand an electronic structural download of your personal data fields in machine-readable format.
  • (f) Right to object: The capability to challenge processing systems running under legitimate interest grounds.

To launch these privileges, please reach out to the School's administrative office first, as they act as the Data Controller. For requests involving data managed directly by Atenda, contact our DPO at info@atenda.ng. Processing completes within thirty (30) days.

13. Notifications and Communications

  • (a) The Platform triggers automated WhatsApp messaging routines on direct command from the School. These templates are configured entirely by the School Admin unit.
  • (b) Guardians can adjust notification pathways by requesting adjustments from their respective School Admins.
  • (c) Atenda will never send unsolicited marketing materials or cross-sell unrelated products to parent contacts.

14. Cookies and Tracking

  • (a) The Atenda workspace relies strictly on secure session cookies to retain user validation details during an active login block. These files never monitor your navigation choices across outside web platforms.
  • (b) Atenda incorporates zero third-party behavior metrics, conversion pixels, or tracking networks that profile user digital habits.
  • (c) Essential system validation cookies cannot be deactivated without logging off the Platform space.

15. Complaints

If you identify compliance gaps regarding how your information values are treated, you retain the full right to lodge a formal statutory complaint with the Nigeria Data Protection Commission (NDPC) by visiting www.ndpc.gov.ng. Atenda encourages individuals to reach out to our internal privacy team first to guarantee rapid dispute resolution.

16. Changes to this Privacy Policy

Atenda reserves the right to adjust this Privacy Policy to reflect technical platform enhancements, system changes, or national legal adjustments. Schools will receive notifications of structural changes minimum fourteen (14) days prior to execution via the software hub or official WhatsApp channels. The active update layer is always open for analysis at atenda.ng/privacy.

17. Governing Law

This Privacy Policy is systematically formulated, validated, and managed under the exclusive national laws of the Federal Republic of Nigeria, strictly incorporating the Nigeria Data Protection Regulation 2019 and the Nigeria Data Protection Act 2023.

Atenda Logo
Products Terms of Service Contact
© 2026 Atenda. Built in Nigeria 🇳🇬