A
Auntysue Tutorial Center Sign in
Auntysue Tutorial Center

Data Policy

Effective from January 2026  ·  Reviewed annually

This policy explains what personal information we collect when you use the Auntysue Tutorial Center portal, how we use it, and your rights regarding your data. We are committed to handling your information responsibly and in accordance with applicable data protection laws.

1. Who We Are

Auntysue Tutorial Center is an educational institution operating in Namibia. We are the data controller responsible for personal information collected through this portal. For data-related enquiries, please contact the school administration.

2. Information We Collect

Account Information

  • Full name (first and last name)
  • Email address
  • Password (stored as a one-way cryptographic hash — we cannot read it)
  • Account role (student, teacher, parent, or admin)
  • Date of account creation
  • Email verification status

Student-Specific Information

  • Grade level and class enrolment
  • Assignment submissions (text and file uploads)
  • Marks and grades per subject and component
  • Attendance records (present, absent, late, excused)
  • Report card data (CA marks, exam marks, teacher remarks)
  • E-learning progress (lessons viewed, quiz scores)
  • A unique student identifier (e.g. STU2026001)

Teacher-Specific Information

  • Subject and class assignments
  • Assignments created and marks entered
  • Attendance records marked
  • E-learning content created
  • A unique teacher identifier (e.g. TCH2026001)

Parent-Specific Information

  • Linked student relationship
  • Portal activity (pages viewed)

Technical Information

  • Session data (stored temporarily in server-side sessions, not accessible to other users)
  • Uploaded files (assignment submissions, lesson PDFs, announcement attachments)

3. How We Use Your Information

We use the personal information we collect exclusively for the following educational purposes:

  • Account management — to create, verify, and maintain your portal account
  • Academic records — to record and display grades, attendance, and assignment progress
  • Communication — to deliver school announcements and in-portal notifications
  • E-learning — to track lesson progress and quiz results
  • Reporting — to generate end-of-term report cards visible to students and parents
  • Password recovery — to send password reset links when requested
  • Security — to protect accounts against unauthorised access

We do not use your information for marketing, advertising, or any purpose unrelated to your education at this institution.

4. Who Has Access to Your Information

Within the Portal

  • Admin — can view and manage all user accounts, academic records, report cards, attendance, and announcements across the school
  • Teachers — can view the names, grades, and attendance of students enrolled in their assigned classes only
  • Students — can view only their own grades, attendance, assignments, timetable, and report cards
  • Parents — can view the academic data of their linked children only

Outside the Portal

We do not share, sell, rent, or disclose your personal information to any third party except:

  • Where required by Namibian law or a lawful court order
  • To prevent fraud or protect the safety of students or staff
  • With your explicit written consent

5. Data Storage & Security

  • All portal data is stored on a secured server. Access is protected by role-based authentication.
  • Passwords are stored as one-way bcrypt hashes and are never readable by staff or admins.
  • Password reset and email verification tokens expire after a short window (30 minutes for resets, 24 hours for verification).
  • Sessions expire after 2 hours of inactivity to prevent unauthorised access on shared devices.
  • File uploads are stored in a protected directory not directly accessible via URL without authentication.

6. Data Retention

  • Active accounts — data is retained for the duration of your enrolment or employment at Auntysue Tutorial Center.
  • Inactive/deactivated accounts — data is retained for a minimum of 3 years after deactivation for academic record purposes, then reviewed for deletion.
  • Uploaded files — assignment submissions and lesson files are retained for the current academic year and reviewed at year end.
  • Notification records — in-portal notifications are retained for up to 6 months.

7. Your Rights

You have the following rights regarding your personal information:

  • Right to access — you may request a copy of the personal information we hold about you
  • Right to correction — you may request that inaccurate information be corrected
  • Right to deletion — you may request deletion of your personal data, subject to our legal obligation to retain certain academic records
  • Right to object — you may object to how your data is being used
  • Right to portability — you may request your data in a portable format

To exercise any of these rights, please submit a written request to the school administration. We will respond within 30 days.

8. Children's Privacy

Many of our students are under the age of 18. We collect only the minimum information required for educational purposes. Parental or guardian accounts are available so that parents can monitor their child's academic progress. Parents may contact admin to request access to, correction of, or deletion of their child's data.

9. Cookies & Sessions

The portal uses a single session cookie (PHPSESSID) to maintain your logged-in state. This cookie:

  • Is stored only for the duration of your browser session (or up to 2 hours of inactivity)
  • Does not track you across other websites
  • Does not contain any personal information — only a random session identifier
  • Is marked HttpOnly and SameSite=Lax for security

We do not use advertising cookies, analytics cookies, or any third-party tracking.

10. Third-Party Services

The portal may optionally use:

  • Google OAuth — if you choose to sign in with Google, your Google account email and name are used to create or log into your portal account. Your Google account data is not stored beyond what is necessary for login.
  • Google Fonts — the Inter typeface is loaded from Google Fonts. This involves a connection to Google's servers when you load any page.
  • YouTube — lesson videos may be embedded from YouTube. YouTube's own privacy policy applies when these embeds load.

11. Changes to This Policy

We may update this Data Policy from time to time. When we make significant changes, we will post an announcement in the portal and update the effective date above. Continued use of the portal after changes are posted constitutes your acceptance of the revised policy.

12. Contact

For any questions, concerns, or requests regarding your personal data, please contact the school administration directly. We are committed to addressing your enquiry promptly and fairly.