Legal

Privacy Policy

How Enaton Technologies collects, uses, and protects your data. Your trust is the foundation of everything we build.

Last updated: March 8, 2026

Bank-Level Security

Enaton uses AES-256 encryption at rest, TLS 1.3 in transit, role-based access control, and regular security audits to protect your school data.

1Introduction

Enaton Technologies (“Enaton,” “we,” “us,” or “our”) operates the school management platform available at enatontech.com and the parent portal at my.enatontech.com.

This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the Kenya Data Protection Act, 2019 (No. 24 of 2019) and the regulations issued by the Office of the Data Protection Commissioner (ODPC), including the ODPC Guidance Note for the Education Sector.

By using our platform, you consent to the practices described in this policy. If you do not agree, please discontinue use of our services.

2Information We Collect

We collect the following categories of information to provide and improve our services:

Account Information

Names, email addresses, phone numbers, roles, and credentials of school administrators, teachers, and staff who register on the platform.

School Data

Student records (names, admission numbers, grades, attendance), parent/guardian contact information, fee records, academic results, and other data entered by the school into the platform.

Payment Data

Transaction records processed through Enaton Pay, including M-Pesa and bank payment references. We do not store raw card numbers or M-Pesa PINs.

Usage Data

Browser type, device information, IP addresses, pages visited, and platform interactions collected automatically to improve performance and user experience.

3How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery — Operating the school management platform, parent portal, and payment processing
  • Communication — Sending SMS, email, and in-app notifications related to school activities, fees, and platform updates
  • Reports and analytics — Generating academic reports, financial summaries, and attendance records for schools
  • Payment reconciliation — Processing and reconciling fee payments through Enaton Pay
  • Technical support — Diagnosing issues and providing customer support
  • Platform improvement — Analysing usage patterns to improve features and performance
  • Security — Detecting and preventing unauthorised access, fraud, and abuse
  • Legal compliance — Meeting obligations under Kenyan law, including the Data Protection Act 2019

4Legal Basis for Processing

Under the Kenya Data Protection Act 2019, we process your data based on the following legal grounds:

  • Consent — Where you have given explicit consent for us to process your data (e.g., creating an account, submitting a contact form)
  • Contract performance — Where processing is necessary to deliver the services you or your school have subscribed to
  • Legitimate interest — Where processing is necessary for our legitimate business interests (e.g., platform security, fraud prevention) without overriding your rights
  • Legal obligation — Where processing is required to comply with Kenyan law

5Children's Data

Special Protection for Students

Student data receives the highest level of protection in our system, in compliance with Section 33 of the Kenya Data Protection Act 2019.

A significant portion of the data processed through Enaton relates to children (students). We take our obligations under Section 33 of the Data Protection Act 2019 seriously:

  • Student data is entered and managed by the school (as Data Controller) with the consent of parents or guardians
  • We process children's data solely to advance and protect the rights and best interests of the child
  • Parents and guardians can access their child's data through the parent portal at any time
  • We do not use student data for marketing, advertising, or profiling purposes
  • Student data is never sold, shared with third parties for commercial use, or used for purposes unrelated to the school's educational mission
  • We follow the ODPC Guidance Note for the Education Sector (December 2023) in all our data processing activities

6Data Sharing

We do not sell your data. We only share information in the following circumstances:

  • With the school — Schools access their own data through the platform as Data Controllers
  • With parents/guardians — Parents access their child's data through the parent portal as authorised by the school
  • Service providers — We use trusted third-party providers for hosting (cloud infrastructure), payment processing (M-Pesa, banks), and email delivery, all bound by data processing agreements
  • Legal requirements — When required by Kenyan law, court order, or regulatory authority (including the ODPC)

All third-party service providers are required to maintain equivalent data protection standards and are prohibited from using your data for their own purposes.

7Data Security

We implement bank-level security measures to protect your data:

AES-256 Encryption

All data encrypted at rest using the same standard used by banks and governments worldwide

TLS 1.3 in Transit

All data transmitted between your browser and our servers is encrypted with the latest TLS protocol

Role-Based Access

Granular access controls ensure users only see data relevant to their role

Regular Backups

Automated daily backups with point-in-time recovery to prevent data loss

Security Audits

Regular vulnerability assessments and penetration testing of our infrastructure

Multi-Tenant Isolation

Each school's data is logically isolated — no school can access another school's data

In the event of a data breach, we will notify the Office of the Data Protection Commissioner within 72 hours as required by the Data Protection Act 2019, and will inform affected users without undue delay.

8Data Ownership

Your school owns its data. Enaton acts as a Data Processor on behalf of the school (the Data Controller).

  • Schools retain full ownership of all data entered into the platform
  • Enaton processes this data solely to provide the services subscribed to by the school
  • Schools can export their data at any time in standard formats
  • Upon account termination, schools have a 30-day window to export their data before deletion

9Data Retention

We retain your data only for as long as necessary to provide our services and fulfil our legal obligations:

  • Active accounts — Data is retained for the duration of the school's subscription
  • After termination — Data is retained for 30 days to allow export, then securely deleted
  • Financial records — Payment records may be retained for up to 7 years as required by Kenyan tax and accounting regulations
  • Backup data — Removed from all backup systems within 90 days of account deletion

10International Transfers

Our primary infrastructure is hosted in secure data centres. Where data may be transferred outside Kenya (e.g., through cloud infrastructure providers), we ensure that equivalent data protection standards are maintained as required by the Data Protection Act 2019. All such transfers are governed by appropriate data processing agreements with our service providers.

11Your Rights

Under the Kenya Data Protection Act 2019, you have the following rights:

Right of Access

Request a copy of the personal data we hold about you

Right to Rectification

Request correction of inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data, subject to legal obligations

Right to Restriction

Request limitation of how we process your data

Right to Object

Object to processing based on legitimate interest or direct marketing

Right to Data Portability

Receive your data in a structured, machine-readable format

To exercise any of these rights, contact us at enatoninvestments@gmail.com or hello@enatontech.com. We will respond within 7 days as required by the Data Protection Act 2019. Parents and guardians may exercise these rights on behalf of their children.

12Cookies

We use cookies and similar technologies on our platform for:

  • Essential cookies — Required for authentication, session management, and security
  • Analytics cookies — Help us understand how the platform is used so we can improve it

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the platform.

13Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or a prominent notice on our platform. Continued use of our services after such notification constitutes acceptance of the updated policy.

14Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights:

Enaton Technologies

enatoninvestments@gmail.com

hello@enatontech.com

+254 746 342878

+254 722 455037

Nairobi, Kenya

Data Protection Authority

Office of the Data Protection Commissioner (ODPC)

Republic of Kenya

www.odpc.go.ke

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Office of the Data Protection Commissioner.

Terms of ServiceContact Us