Get 50% discount if you get started right away.
S
SchoolBooks®

Legal Documents

Legal Documents

Terms of Service
Payment Service Terms
Privacy Policy
Cookie Policy
Acceptable Use Policy
Privacy Policy
Last Updated: October 26, 2025

1) Who we are

This Privacy Policy explains how Schoolbooks Accounting (“Schoolbooks,” “we,” “us,” “our”) collects, uses, discloses, and protects personal data in connection with our website and cloud services (the “Services”). It applies to website visitors, customers and their authorized users, individuals who engage with our marketing, and job applicants.

We process personal data in line with the Data Protection Act, 2019 (Kenya) and the Data Protection (General) Regulations, 2021. Where schools use our Services, the school is typically the data controller and Schoolbooks is a data processor. In those cases, our processing is governed by our agreements with the school (the controller’s privacy policy applies to their data subjects).

2) Personal data

“Personal data” means information relating to an identified or identifiable natural person (e.g., a teacher, guardian, student, or staff member). “Sensitive personal data” includes information such as health data or official identifiers, which we handle with additional safeguards where applicable under Kenyan law.

3) Our role vs. your school’s role

  • Controller (Schools): When a school uses our Services, the school decides the purposes and means of processing its community’s data (students, guardians, staff). The school’s privacy policy governs that processing.
  • Processor (Schoolbooks): We process personal data on the school’s instructions, implement appropriate security, and support the school in meeting its obligations (e.g., responding to access/correction requests) as set out in our agreement.

4) Personal data we collect

4.1 Data you provide

  • Registration/contact details (name, email, phone, role) when creating an account.
  • Operational data entered into the system (e.g., fee records, invoices, attendance, inventory, payroll inputs, documents, e-signatures, uploads/attachments).
  • Support/communications data (messages, feedback, attachments).
  • Recruitment data for job applicants (CV, education/employment history, references).

4.2 Data collected automatically

  • Device and log data (IP address, browser type, OS, device identifiers, pages viewed, timestamps).
  • Usage/telemetry data to improve performance, security, and usability.
  • Cookies and similar technologies (see our Cookie Policy for details and choices).

4.3 Data from third parties

  • Integrations you enable (e.g., M-PESA, card processors, SMS/email gateways, calendar or SSO providers).
  • Bank feeds or payment confirmations via authorized providers where enabled by you.

5) How we use personal data

  • Provide, secure, maintain, and improve the Services.
  • Configure accounts, authenticate users, and personalize experiences.
  • Process school operations (fees/invoicing, collections, accounting, attendance, documents/e-signatures, communications).
  • Monitor performance, debug issues, prevent fraud/abuse, and enhance security.
  • Provide support, respond to requests, and send service notices.
  • Generate de-identified/aggregated insights (never to re-identify individuals).
  • Comply with legal obligations (e.g., tax, financial record-keeping) and enforce our Terms.
  • With consent or as permitted by law, send product updates or marketing (you can opt out at any time).

Lawful bases under the DPA 2019 may include consent, performance of a contract, compliance with a legal obligation, or our/your school’s legitimate interests balanced against data subject rights.

6) Students & children’s data

We recognise the heightened protection applicable to children’s data (see the Children Act, 2022 (Kenya)) and the DPA 2019. Where a school inputs student data, the school is the controller and determines the lawful basis (e.g., a statutory mandate under the Basic Education Act, public interest, parental/guardian consent, or legitimate interests with appropriate safeguards).

  • We process student data only on the school’s documented instructions.
  • We implement appropriate technical and organisational measures to protect student data.
  • We do not use student data for advertising, profiling unrelated to education, or sell student data.
  • Where consent is used, the school is responsible for obtaining and managing valid consent from a parent/guardian.

7) How we share personal data

  • Service providers (processors): hosting, storage, email/SMS, telephony, analytics, payments, identity/SSO, and support tooling—bound by contracts and confidentiality.
  • Integrations you enable: e.g., M-PESA, card processors, bank APIs, SMS gateways, SSO (shared as needed to provide the feature).
  • Affiliates: for support and platform operations under equivalent protections.
  • Legal: to comply with applicable law, lawful requests, or enforce our rights.
  • Business transfers: during a merger, acquisition, or reorganisation under appropriate safeguards.
  • With consent: where you/your school explicitly agree.

We do not sell personal data. We do not share student data for advertising purposes.

8) International data transfers

The Services may be hosted or supported from locations outside Kenya. Where we transfer personal data across borders, we implement appropriate safeguards consistent with the Data Protection Act, 2019 and Regulations (e.g., contractual clauses, adequacy determinations, or other lawful mechanisms). Details can be provided on request.

9) Security

We employ administrative, technical, and physical controls designed to protect personal data (e.g., encryption in transit, access controls, logging). No system is 100% secure; we continually improve our safeguards and expect customers to maintain good security practices (e.g., strong passwords, MFA, role-based access).

10) Retention

We retain personal data for as long as necessary to provide the Services, comply with legal obligations (including financial/tax record rules), resolve disputes, and enforce agreements. Schools may set their own retention policies; when we act as processor, we follow the school’s instructions and our agreement.

11) Your privacy rights (Kenya)

Under the DPA 2019 and applicable Regulations, data subjects may have rights to:

  • be informed about the use of their personal data;
  • access their personal data;
  • request correction/rectification or deletion where appropriate;
  • object to or restrict certain processing;
  • data portability where applicable; and
  • withdraw consent where processing is based on consent.

If your data is processed for a school, please contact the school (controller) first. Where we are controller (e.g., for our own website, billing, or marketing), contact us at privacy@schoolbooks.co.ke. We may take steps to verify your identity before acting on a request.

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC), Kenya. We encourage you to contact us first so we can address your concerns.

12) Cookies & similar technologies

We use cookies and similar technologies for authentication, performance, analytics, and security. You can manage preferences through your browser or our Cookie controls (where available). See our Cookie Policy for details.

13) Marketing communications

You can unsubscribe from promotional emails at any time via the link in those emails. We may still send you transactional or service notices (e.g., password resets, billing notices).

14) Children’s privacy (direct use)

We do not offer accounts directly to children. Student data is provided by the school (controller) and processed by us under the school’s instructions. If you believe a child provided data to us directly, contact privacy@schoolbooks.co.ke.

15) Changes to this Policy

We will post updates to this Policy on this page and indicate the “Last Updated” date. Material changes will be notified through the Services or by email where appropriate.

16) Contact us

For questions or requests about this Policy or our data practices:
Email: privacy@schoolbooks.co.ke