Privacy Policy

At Dugsikaab, we prioritize the security and privacy of the educational institutions we serve. This policy explains how we handle data within our School Management System (SMS).

1. Information We Collect

To provide a functional school management experience, we process the following categories of data:

• Student Records: Names, dates of birth, places of birth, academic marks, and enrollment history.
• Guardian Information: Names, phone numbers (for billing and SMS), and family relationships.
• Financial Data: Fee bills, payment history, and school expenditure records.
• Staff Data: Names, roles, and system activity logs.

2. How Data is Used

We use the collected information solely to:

• Generate academic transcripts and report cards.
• Manage family-centric billing and sibling debt tracking.
• Provide administrative oversight for school owners.
• Maintain an audit trail (The Black Box) for security and accountability.

3. Data Isolation (The SaaS Wall)

Our system is built on a "Multi-Tenant" architecture. This means:

• Zero Leakage: Database queries are strictly enforced with a school_id filter. Staff from "School A" can never view or modify data from "School B".
• Encrypted Passwords: All user and guardian passwords are hashed using industry-standard BCRYPT algorithms.

4. Data Sharing

We never sell, rent, or share school data with third parties. Data is only disclosed if required by Somali Law or with the explicit written consent of the School Administrator.

5. Security Measures

We implement multiple layers of security, including:

• CSRF Protection: Preventing unauthorized commands from being sent to our servers.
• Session Management: Secure handling of user logins and permissions.
• Regular Backups: Daily snapshots of the database to prevent data loss.

6. Contact Us

If you have questions regarding your school's data or our privacy practices, please contact our support team:

info@dugsikaab.com
www.dugsikaab.com