Openlabs_Africa_Privacy_Policy

1

Introduction

Openlabs Africa ("we," "our," or "us") operates a cloud-based student management platform (the "Platform") designed for educational organizations, scholarship programs, and non-governmental organizations. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Platform.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Platform.

2

Information We Collect

Information Provided by Organizations

Organizations using our Platform may provide the following information about their students and operations:

Student personal information including names, contact details, identification numbers, educational records, grades, academic transcripts, financial information related to scholarships and fees, demographic information, donor correspondence, application documents, and any other information necessary for scholarship and educational program management.

Information Collected Automatically

When you access the Platform, we automatically collect certain information, including: device information (IP address, browser type, operating system), usage data (pages visited, features used, time spent), technical data (error logs, performance metrics), and location information (general geographic location based on IP address).

Information from Third-Party Integrations

The Platform may integrate with third-party services such as Salesforce CRM, Google Drive, AWS S3, Zoho Drive, and other systems. When you authorize these integrations, we may collect information made available through these services in accordance with their respective privacy policies.

3

How We Use Your Information

We use the information we collect for the following purposes:

  • Platform Operation: To provide, maintain, and improve the Platform's functionality and features. This includes processing student applications, managing scholarship programs, facilitating communication between organizations and students, generating reports and analytics, and processing financial aid calculations.

  • AI-Powered Services: To provide automated services including document review, fee calculation assistance, report generation, and career guidance features. All AI processing is performed with appropriate security measures and quality controls.

  • Communication: To send administrative notices, system updates, security alerts, and support communications. We will not use student contact information for marketing purposes without explicit consent from the controlling organization.

  • Security and Compliance: To monitor and prevent fraud, unauthorized access, and security threats. We maintain audit logs and conduct security assessments to protect the integrity of the Platform.

  • Legal Obligations: To comply with applicable laws, regulations, legal processes, or governmental requests.

4

Data Sharing and Disclosure

Within Organizations

Information is shared within your organization according to access permissions set by organization administrators. Each organization maintains complete control over who within their organization can access specific information.

Service Providers

We may share information with trusted third-party service providers who assist in operating the Platform, including: cloud infrastructure providers (AWS, Google Cloud), database hosting services, email delivery services, analytics providers, and payment processors. All service providers are contractually obligated to maintain confidentiality and security of the information.

Legal Requirements

We may disclose information if required by law, legal process, litigation, or requests from governmental authorities. We will make reasonable efforts to notify affected organizations unless prohibited by law.

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, user information may be transferred. We will provide notice before information is transferred and becomes subject to a different privacy policy.

Data Isolation

We maintain strict data isolation between organizations. Data from one organization will never be shared with another organization unless explicitly authorized through defined processes. Our multitenant architecture ensures complete separation of organizational data.

5

Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption: All data is encrypted in transit using TLS/SSL protocols and at rest using AES-256 encryption.

  • Access Controls: Role-based access controls ensure that users can only access information appropriate to their permissions. Multi-factor authentication is available for enhanced account security.

  • Infrastructure Security: Our Platform is hosted on secure cloud infrastructure with regular security audits, automated backups, and disaster recovery procedures.

  • Monitoring: We continuously monitor for security threats, unauthorized access attempts, and unusual activity patterns.

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6

Data Retention

We retain information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law or contractual obligations.

Organizations may request deletion of their data at any time, subject to: legal and regulatory retention requirements, ongoing contractual obligations, resolution of disputes or claims, and our legitimate business interests in maintaining operational records.

Upon termination of service, organization data will be retained for 90 days to allow for data retrieval, after which it will be permanently deleted unless otherwise required by law.

7

Your Rights and Choices

Organization Administrators

Organization administrators have the right to: access and export all organization data, modify or delete organization data, manage user permissions and access, configure data retention settings, request account termination and data deletion, and obtain copies of this Privacy Policy and related documentation.

Students and End Users

Individual students and end users should contact their organization administrator regarding: access to personal information, correction of inaccurate information, restriction or objection to processing, and questions about data usage. We act as a data processor on behalf of organizations and direct individual requests to the controlling organization.

Marketing Communications

You may opt out of marketing communications by following unsubscribe instructions in emails or contacting us directly. Note that you cannot opt out of service-related communications necessary for Platform operation.

8

International Data Transfers

The Platform is operated primarily in Kenya and may process data in multiple jurisdictions. If you access the Platform from outside Kenya, your information may be transferred to, stored, and processed in Kenya or other countries where our service providers operate.

We implement appropriate safeguards to ensure your information receives adequate protection in accordance with this Privacy Policy and applicable data protection laws.

9

Children's Privacy

Our Platform is designed to serve educational organizations managing students of all ages, including minors. We recognize the importance of protecting children's privacy.

Organizations are responsible for: obtaining appropriate consent from parents or guardians, ensuring compliance with applicable children's privacy laws (such as COPPA, GDPR provisions for children), implementing appropriate safeguards for minor students' data, and managing communications with minor students.

We do not knowingly collect information from children without appropriate authorization from their educational organization and parental consent.

10

Third-Party Links and Services

The Platform may contain links to third-party websites, applications, or services, including integrations with job listing platforms, mentorship services, and external educational resources.

We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through the Platform.

11

AI and Automated Processing

The Platform uses artificial intelligence and automated processing for various functions including: document review and analysis, fee calculation and financial processing, report generation, career guidance recommendations, and administrative task automation.

All AI-powered features include: human oversight and review capabilities, audit trails of automated decisions, ability to challenge or override automated results, and transparency about when AI is being used.

Organizations maintain ultimate control and responsibility for decisions affecting students, with AI serving as an assistive tool.

12

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify organizations of material changes by: email notification to organization administrators, prominent notice within the Platform, posting the updated policy on our website at openlabs.africa, and updating the "Last Updated" date at the top of this policy.

Continued use of the Platform after changes become effective constitutes acceptance of the updated Privacy Policy.

13

Data Processing Roles

For the purposes of data protection law:

Openlabs Africa acts as a data processor, processing data on behalf of organizations using the Platform.

Organizations using the Platform are data controllers, responsible for: determining purposes and means of processing, ensuring lawful basis for processing, obtaining necessary consents, responding to data subject requests, and compliance with applicable data protection laws.

We provide organizations with necessary tools and support to fulfill their obligations as data controllers.

14

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Openlabs Africa

Email: [email protected]

Website: https://openlabs.africa

Address: K-Mall Thindigua, Kiambu Road. Nairobi, Kenya

For security-related concerns, please contact: [email protected]

15

Governing Law

This Privacy Policy is governed by the laws of the Republic of Kenya. Any disputes arising from this Privacy Policy will be subject to the exclusive jurisdiction of the courts of Kenya.

16

Additional Rights for EU/EEA Users

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including: the right to access your personal data, the right to rectification of inaccurate data, the right to erasure (right to be forgotten), the right to restrict processing, the right to data portability, and the right to object to processing.

To exercise these rights, please contact your organization administrator or contact us directly at the information provided above.

Last updated