Educate! Mobile Application Data Protection Policy

1. Policy Introduction

This Privacy Policy details how Educate! collects, uses, and protects information submitted to the organization by frontline program teams (internal staff) in Educate’s countries of operation. This policy applies to information submitted to the Organization from mobile applications for the purposes of program delivery and monitoring.

2. Information Collected

2.1 Information Provided to the Organization

  • a. User Account Information: Name, email address, phone number, employee ID, role and position, and department

  • b. Report Data: Program delivery reports, including text, images, location data, timestamps, and any attachments

  • c. Authentication Data: Login credentials and security information

2.2 Information Automatically Collected

  • a. Device Information: Device type, operating system, unique device identifiers, and mobile network information

  • b. Usage Data: Application usage patterns, features accessed, time usage in application, and crash reports

  • c. Location Data: GPS coordinates and location information when submitting reports (if location services are enabled)

  • d. Technical Data: IP address, browser type, app version, and system logs

3. How Information is Utilized

  • a. Program Monitoring: Analyze and monitor program delivery effectiveness and performance

  • b. Report Processing: Process, store, and analyze submitted reports for organizational decision-making

  • c. User Management: Manage user accounts, authentication, and access controls

  • d. Application Improvement: Enhance app functionality, fix bugs, and improve user experience

  • e. Communication: Send notifications, updates, and administrative messages

  • f. Compliance: Meet legal and regulatory requirements for program reporting

4. Data Sharing and Disclosure

4.1 Internal Sharing

  • a. Report data may be shared with authorized personnel within the Organization for purposes of program monitoring and management

  • b. Aggregated, anonymized data may be shared with management and stakeholders for reporting purposes

4.2 Third-Party Sharing

The Organization may share data with:

  • a. Service Providers: Third-party vendors who provide technical services, data hosting, or analytics a. Legal Requirements: When required by law, court order, or regulatory authority

  • b. Emergency Situations: To protect the safety and security of users or the public

4.3 We Do Not Sell Data

a. The Organization will not sell, rent, or trade your personal information to third parties for commercial purposes.

5. Data Security

Educate! implements appropriate technical and organizational measures to protect data, including:

  • a. Encryption: Data is encrypted in transit and at rest using industry-standard protocols

  • b. Access Controls: Role-based access controls limit data access to authorized personnel only

  • c. Authentication: Multi-factor authentication and secure login processes

  • d. Regular Audits: Periodic security assessments and vulnerability testing

  • e. Staff Training: Regular privacy and security training for all Organization personnel

6. Data Retention

  • a. Report Data: Retained for the duration necessary to fulfill program monitoring purposes, typically 3 years.

  • b. User Account Data: Retained while accounts are active and for 3 years after account closure

  • c. Technical Data: Retained for up to 3 years for security and improvement purposes

7. User Data Rights

  • a. Access: Request copies of personal data

  • b. Correction: Request correction of inaccurate or incomplete data

  • c. Deletion: Request deletion of data (subject to legal and operational requirements)

  • d. Portability: Request transfer data in a machine-readable format

  • e. Opt-Out: Disable location services or certain data collection features

  • f. Notification: Be informed of data breaches that may affect your information

8. Location Data

  • a. Location data is collected only when necessary for report context and program monitoring

  • b. You can disable location services through your device settings

  • c. Disabling location services may limit some app functionality

9. International Data Transfers

If data is transferred internationally, the Organization ensures appropriate safeguards are in place, including:

  • a. Adequacy decisions by relevant authorities

  • b. Standard contractual clauses

  • c. Other legally recognized transfer mechanisms

10. Children's Privacy

  • a. This application is not intended for use by individuals under 18 years of age. The Organization does not knowingly collect personal information from children.

11. Data Breach Response

In the event of a data breach, we will:

  • a. Investigate and contain the breach promptly

  • b. Notify affected users within 3 days

  • c. Report to relevant authorities as required by law

  • d. Provide support and guidance to affected users

12. Updates to This Policy

This Policy is subject to updates periodically. Changes will be:

  • a. Posted in the application with the updated effective date

  • b. Communicated through in-app notifications for material changes

  • c. Available for review before you continue using the application

13. Contact Information

For questions about this Privacy Policy or data rights, contact:

14. Governing Law

This Privacy Policy is governed by the laws of Educate’s countries of operation, including the Data Protection and Privacy Act in each country, and other applicable data protection regulations.

15. Consent

By using and submitting information to Educate!’s mobile applications, you acknowledge that you have read, understood, and agree to this Privacy Policy, and the collection and use of data described herein.

Applies to: Educate! Field and Programs Teams

Approved by: Ivan Ssenfuma, CFO

Reviewed: July 1, 2025