1. Introduction
Edminhub is a school management platform owned and operated by Simple Software Development LLC. The platform is designed to help schools manage core administrative and academic processes, including learner records, teacher information, attendance, subjects, classes, disciplinary processes, academic records, communication, and related school operations.
Because Edminhub may process personal information relating to learners, parents or guardians, teachers, administrators, and other school stakeholders, Simple Software Development LLC treats information security and privacy as core design principles. This statement explains the security and privacy practices we apply to protect school data and support responsible use of the Edminhub platform.
2. Our Security Commitment
Simple Software Development LLC is committed to protecting the confidentiality, integrity, and availability of information processed through Edminhub.
Edminhub is developed and operated using security practices aligned with recognised information security principles, including the control objectives commonly associated with ISO/IEC 27001 and secure application development guidance such as the OWASP Application Security Verification Standard.
Edminhub is not currently presented as ISO-certified unless a valid certification has been formally obtained and published by Simple Software Development LLC.
3. Data Ownership
Schools remain responsible for the data they enter into Edminhub.
Simple Software Development LLC does not claim ownership of school data, learner records, academic records, attendance records, disciplinary records, parent information, or teacher information entered into the platform by a school or its authorised users.
Simple Software Development LLC processes this information only for the purpose of providing, supporting, securing, maintaining, and improving the Edminhub service, unless otherwise agreed in writing.
4. Types of Information Processed
Depending on how a school uses Edminhub, the platform may process information such as:
| Category | Examples |
|---|---|
| Learner information | Name, grade, class, learner number, attendance, subjects, academic performance, disciplinary records |
| Parent or guardian information | Name, contact details, relationship to learner |
| Staff information | Teacher names, subjects, classes, contact details, roles |
| School information | School name, grades, subjects, classes, academic structures |
| User account information | Usernames, email addresses, roles, permissions, login activity |
| System activity information | Audit logs, access logs, change records, error logs |
Edminhub is intended to process only information that is necessary for legitimate school administration and educational management purposes.
5. Access Control
Edminhub uses role-based access control to restrict access to information based on the user's role and responsibilities.
Typical roles may include school administrator, principal, teacher, parent, learner, or system administrator. Access rights are designed so that users can only access the functions and information required for their authorised duties.
Schools are responsible for ensuring that user accounts are assigned correctly and that users who leave the school or change roles have their access updated promptly.
6. Authentication and Account Security
Edminhub applies authentication controls to reduce the risk of unauthorised access.
These controls may include:
| Control | Purpose |
|---|---|
| Password-based authentication | Verifies user identity |
| Strong password requirements | Reduces weak password risk |
| Administrative access restrictions | Limits high-risk system functions |
| Session management | Reduces risk from unattended sessions |
| Optional or future MFA support | Strengthens access to sensitive accounts |
Users are responsible for keeping their login credentials confidential and must not share accounts or passwords.
7. Data Protection Measures
Simple Software Development LLC applies reasonable technical and organisational safeguards to protect information processed through Edminhub.
These safeguards may include:
| Area | Security measure |
|---|---|
| Data in transit | Use of encrypted connections where supported |
| Data storage | Controlled access to databases and storage systems |
| Backups | Daily backups with a 7-day retention period |
| Administrative access | Restricted to authorised personnel |
| Auditability | Logging of important system and user activities |
| Development practices | Secure coding practices and controlled deployment processes |
| Vulnerability management | Review and remediation of identified weaknesses |
Security controls are reviewed and improved as the platform matures.
8. Audit Logs and Monitoring
Edminhub may record system and user activity to support accountability, troubleshooting, security monitoring, and investigation of suspected misuse.
Audit logs may include information such as login activity, changes to key records, administrative actions, permission changes, and other significant system events.
Access to audit logs is restricted to authorised personnel.
9. Backups and Recovery
Simple Software Development LLC maintains backup and recovery practices intended to reduce the risk of data loss.
Backups are performed daily and retained for a period of 7 days.
Point-in-time backups may be available where a school makes a special arrangement with Edminhub / Simple Software Development LLC.
Backups are used for disaster recovery, operational resilience, and restoration of service where technically possible.
Backups are not a substitute for proper user controls, data governance, or school-level record management practices.
10. Privacy and Responsible Data Use
Simple Software Development LLC uses personal information processed through Edminhub only for legitimate purposes related to the delivery, support, maintenance, security, and improvement of the platform.
- We do not sell school data, learner data, parent data, or teacher data to third parties.
- We do not use learner information for advertising purposes.
- We do not disclose school data to unauthorised third parties, except where required by law, necessary to provide the service, required for security or technical support, or agreed with the school.
11. Children's and Learner Data
Edminhub may process information relating to children and learners. Simple Software Development LLC recognises that learner information requires special care.
Schools are responsible for ensuring that they have the necessary authority, consent, legal basis, or institutional mandate to collect and process learner information in Edminhub.
Simple Software Development LLC processes learner information on behalf of the school and applies reasonable safeguards to protect it from unauthorised access, misuse, loss, or disclosure.
12. Third-Party Service Providers
Edminhub may rely on trusted third-party providers for services such as hosting, infrastructure, email delivery, analytics, backups, monitoring, support, or security.
Where third-party providers are used, Simple Software Development LLC seeks to ensure that they are appropriate for the purpose for which they are engaged and that access to school data is limited to what is necessary to provide the service.
Simple Software Development LLC remains responsible for managing its service providers in a manner consistent with this Security and Privacy Statement.
13. Data Location and Hosting
Edminhub may be hosted using reputable cloud infrastructure providers. The specific hosting location, infrastructure provider, and data residency arrangement may depend on the deployment model selected by the school or offered by Simple Software Development LLC.
Where required, Simple Software Development LLC can provide additional information about hosting arrangements to schools during procurement or onboarding.
14. Incident Response
Simple Software Development LLC maintains procedures for responding to suspected or confirmed security incidents.
In the event of a security incident affecting school data, Simple Software Development LLC will take reasonable steps to:
- Investigate the incident.
- Contain and mitigate the impact.
- Restore affected services where possible.
- Notify affected schools where appropriate.
- Support the school with relevant information needed for its own legal, regulatory, or stakeholder obligations.
Notification timelines may depend on the nature of the incident, legal requirements, and the information available at the time.
15. User Responsibilities
Security is a shared responsibility. Schools and users are responsible for:
| Responsibility | Description |
|---|---|
| User access management | Creating, updating, and removing user accounts appropriately |
| Role assignment | Ensuring users only receive access needed for their duties |
| Password protection | Keeping login credentials confidential |
| Device security | Accessing Edminhub from reasonably secure devices |
| Data accuracy | Ensuring information entered into Edminhub is accurate and lawful |
| Internal policies | Ensuring Edminhub is used according to school policies and applicable laws |
Simple Software Development LLC cannot be responsible for unauthorised access caused by shared passwords, unmanaged user accounts, insecure devices, or incorrect role assignment by the school.
16. Data Retention and Deletion
School data is retained for as long as necessary to provide the Edminhub service, comply with legal obligations, support operational requirements, or meet contractual commitments.
When a school terminates its use of Edminhub, Simple Software Development LLC will follow the agreed termination, export, retention, and deletion process.
Where technically and legally possible, schools may request export or deletion of their data in line with the applicable service agreement.
17. Secure Development Practices
Simple Software Development LLC aims to develop Edminhub using secure software development practices.
These may include:
| Practice | Purpose |
|---|---|
| Code review | Reduces defects and security weaknesses |
| Separation of development and production environments | Reduces operational risk |
| Controlled deployment | Reduces unapproved changes |
| Dependency review | Reduces risk from vulnerable libraries |
| Input validation | Reduces injection and data manipulation risks |
| Access testing | Reduces unauthorised access between roles |
| Error handling | Reduces leakage of sensitive technical information |
As Edminhub matures, Simple Software Development LLC intends to strengthen these practices through structured security testing and independent review.
18. Security Testing
Simple Software Development LLC may perform internal security reviews, vulnerability checks, and application testing to identify and remediate weaknesses.
Where commercially appropriate, Simple Software Development LLC may also engage independent security professionals to perform vulnerability assessments or penetration testing.
Security testing results may be shared with client schools in summary form where appropriate and subject to confidentiality restrictions.
19. Compliance Position
Edminhub is designed to support responsible school administration and privacy-aware data processing.
Simple Software Development LLC aims to align Edminhub with recognised good practices in information security, privacy, and secure application development. However, unless specifically stated in writing, Edminhub should not be interpreted as certified under ISO/IEC 27001, ISO 9001, SOC 2, Cyber Essentials, or any other formal certification scheme.
Any formal certification status will be clearly communicated by Simple Software Development LLC if obtained.
20. Contact
Questions about Edminhub security, privacy, or data protection may be directed to:
Simple Software Development LLC
Email: info@simplesoftwaredevelopment.com
Website: www.simplesoftwaredevelopment.com
Address: 131 Continental Dr, Suite 305, Newark, Delaware.