Data Protection
Security Architecture
Institutional-Grade Security
We defend your data with the same rigor you defend your reputation.
1. Encryption Standards
In Transit:
All data moving between your school and our servers is encrypted using TLS 1.2/1.3 (Transport Layer Security).
At Rest:
All databases are encrypted using AES-256 standards (Advanced Encryption Standard), ensuring that even in the unlikely event of a physical breach, the data remains unreadable.
2. Role-Based Access Control (RBAC)
We enforce a strict "Need-to-Know" policy.
- Proprietors: See aggregate school health and revenue risk.
- Academic Coordinators: See class-level risk and teacher performance.
- Teachers: See only the students in their specific classes.
- Sajilan Staff: Have zero access to PII (Personally Identifiable Information) unless a temporary access token is granted by the School for support purposes.
3. Data Residency
To ensure compliance with local sovereignty laws, all primary data is hosted on secure cloud infrastructure with compliant nodes. We prioritize data residency within the African region where infrastructure permits.
4. Incident Response
In the event of a detected vulnerability, Sajilan is contractually obligated to notify the designated Data Officer of the Institution within 24 hours, detailing the nature of the event and the mitigation steps taken.
Additional Information
For data protection inquiries or to exercise your data subject rights, contact us at support@sajilan.com or visit our contact page.
For more information about our privacy practices, see our Privacy Policy.