Privacy Policy
Last Updated: June 05, 2026
Your Privacy Matters: We are committed to protecting your personal information and ensuring transparency in how we handle your data.
1. Introduction
Welcome to the KESUG School Results Management System ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our educational platform.
This system is exclusively designed for educational institutions to manage student academic records, teacher assignments, and examination results. We take your privacy seriously and are committed to protecting the confidentiality of all users.
2. Information We Collect
We collect only information necessary for the operation of the school results system:
- Student Information: Full name, registration number, class, stream, gender, and academic records (marks, grades, results).
- Teacher Information: Full name, username, assigned subjects, assigned classes, and contact information.
- Administrator Information: Full name, username, school affiliation, and contact details.
- Login Information: Username and encrypted password (never stored in plain text).
- Usage Data: Login timestamps, IP addresses (for security monitoring), and activity logs.
We DO NOT collect: Credit card information, social security numbers, government IDs, or any sensitive personal data beyond educational records.
3. How We Use Your Information
Your information is used exclusively for legitimate educational purposes:
- Generating and displaying student result slips and transcripts
- Managing teacher and administrator access to the system
- Tracking academic performance and generating reports
- Maintaining accurate school records
- Security monitoring and fraud prevention
- Communicating important system updates
We NEVER sell, rent, trade, or share your data with third parties for marketing or commercial purposes.
4. Data Security
We implement industry-standard security measures to protect your information:
- All passwords are encrypted using bcrypt hashing algorithm
- All database queries use PDO prepared statements to prevent SQL injection
- Cross-Site Request Forgery (CSRF) protection on all forms
- Session-based authentication with secure, HTTP-only cookies
- Rate limiting to prevent brute-force attacks
- Security headers (X-Frame-Options, XSS-Protection, Content-Security-Policy)
- IP-based monitoring for suspicious activity
- Automatic account lockout after multiple failed login attempts
5. Cookies
We use only essential cookies necessary for system functionality:
- Session Cookies: To maintain your login session while using the system
- Remember Me Cookies: Optional - to keep you logged in between visits
- Security Cookies: CSRF tokens to prevent cross-site request forgery attacks
No tracking, advertising, or third-party cookies are used. You can disable cookies in your browser, but this may prevent you from logging into the system.
6. Data Retention
We retain information as follows:
- Student Academic Records: Retained indefinitely as required for educational verification and transcript requests.
- User Accounts: Retained until deactivated by a school administrator or super admin.
- Login Logs: Retained for 90 days for security monitoring purposes.
Upon request, user accounts can be deactivated. Contact your school administrator to initiate this process.
7. Your Rights
Depending on your role, you have the following rights:
- Access: Students can view their own results. Teachers can view results for their assigned subjects. Administrators can access data within their school.
- Correction: Request correction of inaccurate academic records through your school administrator.
- Account Deactivation: Request account deactivation by contacting your school administrator.
8. Children's Privacy
This system is used by schools and may contain information about students of all ages. All data is managed by the respective school administrators who are responsible for obtaining appropriate parental consent where required by local laws. We do not knowingly collect information directly from children under 13 without school/parental authorization.
9. International Data Transfers
Your information is stored on servers located in the country where your school operates. We do not transfer personal data outside your country of residence without appropriate safeguards.
10. Data Breach Notification
In the unlikely event of a data breach, we will:
- Immediately notify affected school administrators
- Take immediate steps to secure the system and prevent further unauthorized access
- Cooperate with school authorities to notify affected individuals as required by law
11. Contact Information
If you have questions or concerns about this Privacy Policy, please contact:
Email: braynexltd@gmail.com
Phone: +255 683 776 086
Address: KESUG Educational Services, Tanzania
Alternatively, contact your school administrator directly for immediate assistance.
12. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. The "Last Updated" date at the top of this page indicates when changes were made. Continued use of the system constitutes acceptance of the updated policy.
13. Consent
By using the KESUG School Results Management System, you consent to this Privacy Policy and agree to its terms.
Return to Login