Your school's data is stored in its own isolated database. No other organisation on
Student Manager can ever access your data.
1. Information We Collect
Account & Organisation Data
When you register, we collect:
- Organisation name, subdomain, and industry
- Administrator name, email address, and phone number
- Billing information (processed by our PCI-DSS compliant payment provider)
- Subscription plan selection
School Operational Data
Data you enter while using the platform — student records, attendance logs, fee transactions, ID card designs, and class/teacher records — is stored on your behalf. You are the data controller for this information.
Usage & Technical Data
We automatically collect technical information to operate and improve the service:
- IP address, browser type, and device information
- Pages visited and features used within the application
- Error logs and performance diagnostics
- Login timestamps and session data
2. How We Use Your Information
We use collected information for:
- Service delivery — to provision and maintain your school's instance
- Account management — to authenticate users and process billing
- Support — to respond to enquiries and resolve technical issues
- Security — to detect and prevent fraud and unauthorised access
- Product improvement — to understand platform usage and improve features
- Legal compliance — to fulfil obligations under applicable laws
We do not sell your data or your students' data to any third party, and we do not use school data for advertising purposes.
3. Data Storage & Security
All data is stored on secure cloud servers. We implement:
- TLS/SSL encryption for all data in transit
- Encrypted storage for sensitive data at rest
- Regular automated backups with point-in-time recovery
- Role-based access controls for our internal team
- Regular security audits and vulnerability assessments
4. Data Isolation
Student Manager uses a per-tenant database architecture. Each school has its own dedicated, isolated database — your data is never co-mingled with another organisation's.
This means:
- No other school can query or access your data
- A security incident affecting one tenant does not expose another's data
- Your data can be fully exported or deleted independently
- Backups are taken per-tenant for precise restoration
5. Cookies & Tracking
We use only essential cookies:
- Session cookies — keep you logged in during a session; expire when you close your browser
- CSRF tokens — security tokens to prevent cross-site request forgery
- Preference cookies — remember settings such as language preferences
We do not use third-party advertising cookies or cross-site tracking technologies.
6. Third-Party Services
We use a limited number of trusted services:
- Payment processing — subscription payments handled by a PCI-DSS compliant provider. We do not store raw card numbers.
- Email delivery — transactional emails sent via a third-party SMTP provider. Only email address and message content are shared.
- Cloud hosting — servers hosted on a reputable cloud provider with data centres in the GCC region.
7. Data Retention
- Active accounts — all data retained for the duration of your subscription
- Cancelled accounts — data retained for 30 days to allow reactivation, then permanently deleted
- Backup retention — automated backups retained for 14 days on a rolling basis
- Log data — access logs retained for 90 days for security and compliance
You may request early deletion of your data at any time by contacting support.
8. Your Rights
You may have the following rights regarding your personal information:
- Access — request a copy of the data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your personal data
- Portability — receive your data in a structured, machine-readable format
- Restriction — restrict how we process your data in certain circumstances
- Objection — object to certain types of processing
To exercise any of these rights, contact us below. We will respond within 30 days.