Privacy Policy

We collect the following categories of data when you use Elimu Pay:

• Account information: Your name, email address, and password (stored as a one-way hash). This identifies you as an authorised user of your school's account.
• School information: School name, MPESA paybill or till number, and current academic term. This is required to configure your fee collection setup.
• Student records: Student names, admission numbers, class, stream, fee amounts, and parent contact information (name and phone number). This data is provided by you and is used solely for fee tracking purposes.
• Payment records: Transaction amounts, MPESA reference numbers, sender names, and sender phone numbers extracted from uploaded statements. This data is used to match payments to student records.

When you upload an MPESA statement, we extract and store the following from each transaction row:

• Transaction reference number (e.g. PBC12345678)
• Payer name and phone number
• Amount paid
• Transaction date and time

This data is extracted for the sole purpose of matching transactions to student records. It is stored securely in your school's database partition and is not shared with any third party. You remain the data controller of all student and payment data you upload. Elimu Pay acts as a data processor on your behalf.

Elimu Pay generates WhatsApp message links addressed to parents when payments are matched or when fee reminders are triggered. These messages are sent by you, the school administrator, through your own WhatsApp account. Elimu Pay does not have access to your WhatsApp account, does not store message delivery receipts, and does not contact parents on its own initiative.

Parent phone numbers stored in the system are used only to generate these WhatsApp links. They are not sold, rented, or shared with any party outside of your school's use of the platform.

All data is stored in a PostgreSQL database hosted on Vercel's infrastructure within secure data centres. We apply the following security measures:

• Passwords are hashed using bcrypt before storage — we never store plaintext passwords
• Parent email addresses are encrypted at rest using AES-256-CBC field-level encryption
• All data is transmitted over HTTPS/TLS with HTTP Strict Transport Security (HSTS) enforced
• Authentication uses secure JWT session tokens with a 24-hour expiry
• Session invalidation: you can sign out all devices at once from Settings
• Each school's data is logically isolated — users can only access data belonging to their school
• Security headers are enforced on all pages (CSP, X-Frame-Options, X-Content-Type-Options)
• All sensitive actions are recorded in a tamper-evident audit log
• Access to the production database is restricted to authorised engineers only

Elimu Pay records an audit log of sensitive actions performed within your account. Logged events include:

• Login successes and failures
• Student imports and M-Pesa statement uploads
• Invoice dispatch and clearance certificate generation
• Plan upgrade requests and data exports
• Account deletion

Audit logs are visible to Elimu Pay platform administrators and may be used to investigate security incidents or support requests.

Your data is retained for as long as your school account is active. You can permanently delete your account and all associated data at any time from Settings → Danger zone → Delete my account. Deletion is immediate and irreversible — all students, payments, invoices, and your user account are removed from our systems.

Certain financial records may be retained for up to 7 years as required by Kenyan tax and financial regulations.

As a user of Elimu Pay, you have the right to:

• Access the personal data we hold about your school and account
• Request correction of inaccurate data
• Delete your account and all data instantly from Settings — no need to contact us
• Export all your data (students, payments, invoices) as an Excel file from Settings at any time
• Sign out of all devices at once from Settings → Session security

For other data rights requests, contact us at support@elimupay.co.ke.

We process personal data under the following lawful bases as defined by the Kenya Data Protection Act 2019:

• Contract: Processing school administrator data is necessary to provide our services under our Terms of Service.
• Consent: We process parent contact information with the consent of the school, which acts as the data controller for their students and parents.
• Legitimate interests: We process usage data to improve our services and maintain platform security.

Under the Kenya Data Protection Act 2019, you have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your data (right to erasure)
• Object to processing
• Data portability

To exercise these rights, contact us at support@elimupay.co.ke

If you believe we have violated your data protection rights, you may lodge a complaint with the Office of the Data Protection Commissioner (ODPC):

• Website: www.odpc.go.ke
• Email: info@odpc.go.ke
• Address: Upper Hill, Nairobi, Kenya

We share data with the following third-party processors:

• Neon (database hosting) — neon.tech
• Vercel (application hosting) — vercel.com
• Google (email delivery via Gmail SMTP) — google.com
• Safaricom (MPESA payment notifications) — safaricom.co.ke
• WhatsApp (parent notifications via deep links) — whatsapp.com

We retain your data for the duration of your subscription plus 30 days after cancellation, during which you may export your data. After this period, all data is permanently deleted. Certain financial records may be retained for up to 7 years as required by Kenyan tax and financial regulations.

Our Data Protection Officer can be contacted at: support@elimupay.co.ke

If you have any questions about this Privacy Policy or how your data is handled, please reach us at: