Child Data Protection Statement

Edminhub is a school management platform owned and operated by Simple Software Development LLC. The platform is designed to help schools manage learner records, attendance, subjects, classes, academic information, disciplinary processes, communication, and related school administration.

Because Edminhub may process information relating to children and learners, Simple Software Development LLC recognises that learner data requires special protection. This Child Data Protection Statement explains how Edminhub approaches the protection of learner information and how responsibility is shared between Simple Software Development LLC and the school using the platform.

This statement should be read together with the Edminhub Security and Privacy Statement, the Edminhub SaaS Subscription Agreement, and the Edminhub Data Processing Agreement, where applicable.

Simple Software Development LLC is committed to protecting learner information processed through Edminhub.

We apply reasonable technical and organisational safeguards intended to protect learner data against unauthorised access, misuse, loss, alteration, or unauthorised disclosure.

Edminhub is designed to support legitimate school administration and educational management. It is not designed to exploit learner information, profile children for advertising, or use learner information for unrelated commercial purposes.

The school is primarily responsible for deciding what learner information is collected, why it is collected, how it is used, who may access it, and how long it should be retained.

In most cases, the school acts as the party responsible for the lawful collection and use of learner information. Simple Software Development LLC processes learner information on behalf of the school for the purpose of providing and supporting the Edminhub service.

The school is responsible for ensuring that it has the necessary authority, consent, legal basis, institutional mandate, or parent/guardian authorisation, where applicable, to collect and process learner information in Edminhub.

This approach is important because many child-data and privacy frameworks place special conditions on the processing of children's personal information. For example, South Africa's Protection of Personal Information Act, 2013 places restrictions on the processing of children's personal information unless a recognised authorisation applies. The EU General Data Protection Regulation also gives children specific protection in relation to their personal data, including special rules for consent in relation to information society services offered directly to a child.

Edminhub is not presented as POPIA-certified, GDPR-certified, or formally approved by any regulator. However, Simple Software Development LLC aims to align Edminhub's child-data practices with recognised privacy principles, including lawfulness, fairness, transparency, purpose limitation, data minimisation, access control, security safeguards, accountability, and appropriate handling of parent or guardian requests. The school remains responsible for determining which laws apply to its own operations and whether its use of Edminhub meets those requirements.

Depending on how a school configures and uses Edminhub, the platform may process learner information such as:

Edminhub should only be used to process learner information that is necessary for legitimate school administration, education management, safeguarding, compliance, communication, or related school purposes.

Learner information may be processed in Edminhub for purposes such as:

1. Managing learner enrolment and school records.
2. Managing grades, classes, subjects, and academic structures.
3. Recording attendance and absenteeism.
4. Recording academic performance and reports.
5. Managing disciplinary or behavioural processes.
6. Communicating with parents, guardians, teachers, and school administrators.
7. Supporting school administration and compliance.
8. Maintaining platform security, auditability, and service reliability.
9. Providing technical support to the school.
10. Improving the functionality, reliability, and security of the Edminhub platform.

Simple Software Development LLC does not use learner information for unrelated advertising, resale, or unauthorised commercial profiling.

Edminhub uses role-based access control to restrict access to learner information based on the user's authorised role.

Depending on the school's configuration, users may include:

The school is responsible for assigning user roles correctly and ensuring that staff, parents, guardians, and learners are only given appropriate access.

Simple Software Development LLC is not responsible for unauthorised access caused by incorrect role assignment, shared passwords, unmanaged user accounts, insecure school devices, or failure by the school to remove access when a user leaves or changes role.

Simple Software Development LLC applies reasonable security measures to protect learner information processed through Edminhub.

These measures may include:

Security controls are reviewed and improved as Edminhub matures.

Edminhub performs daily backups with a retention period of 7 days.

Point-in-time backups may be available where a school makes a special arrangement with Edminhub / Simple Software Development LLC.

Backups are intended for disaster recovery and operational resilience. They are not a substitute for the school's own recordkeeping obligations, internal policies, independent exports, or statutory retention requirements.

Depending on applicable law and the school's internal policies, parents, guardians, and learners may have rights to request access to, correction of, or deletion of certain personal information.

Because the school controls the learner relationship and determines how learner information is used, requests from parents, guardians, or learners should generally be directed to the school first.

Simple Software Development LLC may assist the school with reasonable technical steps required to access, correct, export, restrict, or delete learner information where technically possible, legally appropriate, and commercially reasonable.

Simple Software Development LLC is not responsible for deciding whether a parent, guardian, learner, or third party is legally entitled to receive learner information. That responsibility remains with the school unless otherwise agreed in writing.

The school is responsible for obtaining any parent, guardian, learner, or staff consent that may be required by applicable law or school policy.

Simple Software Development LLC does not independently verify whether the school has obtained all required consents before entering learner information into Edminhub.

Where the law requires parental or guardian consent for the processing of child data, the school must ensure that such consent has been obtained and properly recorded.

This position is especially relevant because some jurisdictions impose specific child-data consent requirements. Under the EU GDPR, where consent is relied on in relation to information society services offered directly to a child, a child must generally be at least 16 years old to provide consent, although EU Member States may set a lower age not below 13. Where the child is below the applicable age, consent must be given or authorised by the holder of parental responsibility. Under South Africa's POPIA framework, children's personal information is subject to special protection and may only be processed where a recognised authorisation applies.

Learner information processed through Edminhub is not used for behavioural advertising, targeted advertising, resale, or advertising profiles.

Simple Software Development LLC does not permit learner information entered by schools into Edminhub to be sold to third parties or used to advertise unrelated third-party products or services to learners.

The platform may send school-related communications where enabled by the school, such as notices, academic updates, attendance alerts, administrative messages, or platform-related notifications.

Simple Software Development LLC may use reputable third-party service providers to host, operate, secure, monitor, back up, support, or improve Edminhub.

Such providers may include hosting providers, infrastructure providers, email delivery services, backup services, monitoring tools, support tools, analytics tools, or security services.

Where third-party providers are used, Simple Software Development LLC seeks to limit access to learner information to what is reasonably necessary for the relevant service. Third-party providers are not permitted to use learner information for their own unrelated purposes.

Simple Software Development LLC is not responsible for third-party systems or services separately selected, connected, or used by the school outside the Edminhub platform.

Edminhub may be hosted using reputable cloud infrastructure providers. Depending on the hosting environment, learner information may be processed or stored outside the country where the school is located.

By using Edminhub, the school acknowledges that cross-border processing may occur where necessary to provide, support, secure, back up, or maintain the service.

The school remains responsible for ensuring that its use of Edminhub, including any cross-border transfer of learner information, is permitted under laws applicable to the school.

Simple Software Development LLC will apply reasonable safeguards to protect learner information processed through its service environment.

Learner information is retained for as long as necessary to provide the Edminhub service, comply with legal obligations, support operational requirements, resolve disputes, enforce agreements, maintain audit records, or meet contractual commitments.

The school is responsible for deciding how long learner records should be retained for educational, legal, operational, or statutory purposes.

Upon termination or expiry of the school's subscription, the school may request export of available learner information within a reasonable period. After termination, Simple Software Development LLC may retain learner information for a limited period for backup, legal, audit, billing, security, or operational purposes, after which it may delete or anonymise the information in accordance with its retention practices, unless otherwise agreed in writing.

Deleted information may remain in backups for a limited period until those backups expire or are overwritten.

In the event of a confirmed security incident affecting learner information, Simple Software Development LLC will take reasonable steps to:

1. Investigate the incident.
2. Contain and mitigate the impact.
3. Restore affected services where technically possible.
4. Notify the affected school where appropriate.
5. Provide reasonable information to assist the school with its own legal, regulatory, stakeholder, or parent communication obligations.

Notification timelines may depend on the nature of the incident, applicable legal requirements, the information available at the time, and the need to avoid compromising security investigations.

Simple Software Development LLC does not accept liability for incidents caused by the school's own systems, user devices, shared passwords, incorrect permissions, unauthorised internal users, third-party integrations selected by the school, or misuse of the platform by the school or its users.

The school is responsible for:

Simple Software Development LLC is not responsible for school-level decisions about discipline, assessment, attendance, learner promotion, parent communication, access rights, or the lawful basis for collecting learner information.

Simple Software Development LLC will use reasonable efforts to protect learner information processed through Edminhub. However, no system can be guaranteed to be completely secure, uninterrupted, error-free, or immune from all cyber threats.

To the fullest extent permitted by applicable law, Simple Software Development LLC, its directors, officers, members, employees, agents, contractors, and affiliates shall not be liable for indirect, incidental, special, punitive, exemplary, or consequential loss arising from the use of Edminhub, including loss of data, loss of profits, business interruption, reputational harm, or claims arising from the school's own use, misuse, configuration, or administration of the platform.

Nothing in this statement is intended to expand Simple Software Development LLC's liability beyond the limits agreed in the applicable SaaS Subscription Agreement, Data Processing Agreement, or other written contract with the school.

Edminhub is designed to support responsible handling of learner information in a school environment.

Simple Software Development LLC aims to align Edminhub with recognised good practices in information security, privacy, and child data protection. However, unless specifically stated in writing, Edminhub should not be interpreted as certified under ISO/IEC 27001, ISO 9001, SOC 2, Cyber Essentials, POPIA, GDPR, or any other formal certification or regulatory approval scheme.

The school remains responsible for determining whether Edminhub is suitable for its own legal, regulatory, educational, and operational requirements.

Simple Software Development LLC may update this Child Data Protection Statement from time to time to reflect changes in the Edminhub platform, legal requirements, operational practices, or security improvements.

Where material changes are made, Simple Software Development LLC may notify schools through appropriate channels, such as email, platform notice, or updated documentation.

Continued use of Edminhub after the effective date of an updated statement may be treated as acceptance of the updated statement, subject to the terms of the applicable agreement with the school.

Questions about Edminhub child data protection, privacy, or security may be directed to: