Complete Privacy & Data Governance Policy
Effective date: April 8, 2026. This comprehensive privacy policy outlines how JustoHelps ("the Company," "We," "Us") collects, uses, protects, and manages personal data from learners, parents, educators, schools, and business partners. This policy should be read together with our Terms of Service, Billing Terms, and service-specific agreements where applicable. Last updated: April 8, 2026.
Policy Overview & Commitment
JustoHelps is committed to maintaining the highest standards of data protection and privacy governance. This platform serves millions of learners across Kenya and operates under strict compliance with the Kenya Data Protection Act (KDPA) and applicable international privacy standards. Our mission is to deliver educational excellence while safeguarding the personal, academic, and financial information entrusted to us by our users. We believe that transparency in data handling builds confidence, and we are committed to giving users full visibility into how their data is collected, used, stored, and protected.
Scope of This Policy: This policy applies to all personal data collected through our web platform, mobile applications, API integrations, learning management systems, AI tutoring engines, billing systems, and any other JustoHelps-operated services. If you do not agree to the terms of this policy, you should not use our services.
6. Data Security & Technical Protections
JustoHelps implements enterprise-grade security infrastructure to protect personal data from unauthorized access, alteration, disclosure, or destruction. Our security measures include:
Encryption Standards: All data in transit is encrypted using TLS 1.2 or higher. Sensitive data at rest is encrypted using AES-256 encryption standards.
Access Controls: Personal data access is limited to authorized personnel on a need-to-know basis. All staff undergo security training and sign data confidentiality agreements.
Network Security: Our infrastructure includes firewalls, intrusion detection systems, DDoS protection, and continuous security monitoring.
Regular Audits: We conduct quarterly security audits, vulnerability assessments, and penetration testing to identify and remediate potential risks.
Incident Response: In the event of a data breach, we will notify affected users and relevant authorities within 24 hours as required by law.
7. Data Retention & Deletion Policies
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our retention framework is as follows:
Active Accounts: While your account is active, we retain your identity, contact, academic history, and billing information indefinitely unless you request deletion.
Inactive Accounts: Accounts inactive for more than 24 months may be archived. Archived data is retained for compliance purposes but not actively processed.
Financial Records: Billing, invoice, and transaction data are retained for seven (7) years in compliance with Kenyan tax and accounting regulations.
System Logs: Technical logs, IP addresses, and device identifiers are retained for up to 90 days for security and troubleshooting purposes.
Backup Data: Data may persist in backup systems for up to 30 days after deletion to ensure business continuity.
Requesting Deletion: You may request permanent deletion of your account and associated data by contacting our Data Protection Officer. We will process deletion requests within 30 days, except where legal or contractual obligations require retention.
8. Children's Privacy & Parental Controls
JustoHelps prioritizes the protection of learners under 18 years of age. We implement additional safeguards for child data collection and processing:
Parental Consent: For users under 18, we require verifiable parental or guardian consent before processing personal data. Parents/guardians receive notification of data collection and may request access or deletion at any time.
Limited Data Collection: We collect only data necessary for academic, security, and billing purposes. We do not collect social media profiles, location data (except for general school affiliation), or other non-essential information from minors.
Parental Dashboard: Parents/guardians have access to a dedicated dashboard where they can monitor their child's academic progress, review data we hold, and adjust privacy settings.
Safe Communication: We do not use child data for targeted advertising or marketing. Any communications sent to child accounts are educational or security-related.
9. International Data Transfers & Cross-Border Compliance
While JustoHelps is primarily based in Kenya, some of our infrastructure, service providers, and backup systems may be located outside Kenya. Such transfers are governed by:
Data Processing Agreements: All third-party service providers sign Data Processing Agreements (DPAs) requiring compliance with KDPA and data protection standards.
Adequacy Determinations: We only transfer data to countries with adequate data protection frameworks or implement Standard Contractual Clauses for transfers to other jurisdictions.
Transparency: Users are informed where their data may be transferred and can request information about specific third-party locations.
10. AI & Automated Decision-Making
JustoHelps employs artificial intelligence and machine learning algorithms to enhance learning experiences. Users have the right to be informed about automated decision-making that affects them:
AI Tutor Personalization: Our AI engine analyzes your academic performance to recommend custom study paths. This is informational and does not make binding educational decisions.
Grading Assistance: AI-assisted grading provides preliminary assessment marks but is always reviewed and finalized by qualified educators before being recorded.
Right to Explanation: If an automated recommendation significantly impacts your learning experience, you may request a human review and explanation of how the AI made its determination.
Data Used: AI systems use only academic performance data, learning behavior, and general performance metrics—never sensitive personal information, health data, or protected characteristics.
11. Business Partner & School Data Handling
Schools, corporations, and B2B partners using JustoHelps have additional contractual obligations and data governance requirements:
Data Processing Agreements: All B2B customers must sign a Data Processing Agreement specifying data ownership, use limitations, and liability.
School Admin Access: School administrators have controlled access to learner data necessary for their administrative functions. This access is logged and monitored.
Data Portability: Schools may request their data in structured, commonly-used formats for migration to other systems.
Service Termination: Upon contract termination, all school data is deleted or returned within 60 days unless legal holds apply.
12. Cookies, Tracking & Analytics
JustoHelps uses cookies and similar tracking technologies to enhance user experience and analyze platform usage:
Essential Cookies: Required for authentication, account security, and platform functionality. These cannot be disabled.
Preference Cookies: Remember your language, theme, and user preference settings. You may disable these without losing core functionality.
Analytics Cookies: Collect aggregated, anonymized data about platform usage to improve features and performance. These are non-identifying and can be disabled via your account settings.
Third-Party Analytics: We use analytics partners (e.g., established monitoring services) that are bound by data protection agreements. Users can opt-out of non-essential analytics.
13. Your Rights Under Kenya Data Protection Act
Under the Kenya Data Protection Act (KDPA) and this policy, you have the following rights. To exercise any of these rights, contact our Data Protection Officer.
Right to Access: You can request a copy of all personal and academic data we hold about you in a structured, portable format.
Right to Correction: If your data is inaccurate, incomplete, or out of date, you can request correction. We will update your information within 14 days and notify you of changes.
Right to Erasure (Deletion): You can request deletion of your account and data, except where legal obligations, contractual requirements, or financial outstanding balances prevent deletion.
Right to Data Portability: You can request your data in a machine-readable format (e.g., CSV, JSON) for transfer to competing services.
Right to Restrict Processing: You can ask us to limit how we use your data for specific purposes while maintaining your account and legal obligations.
Right to Object: You can object to marketing communications, profiling, or certain processing activities. We will cease non-essential processing within 14 days.
Right to Lodge a Complaint: If you believe your data has been misused, you can lodge a complaint with the Data Protection Commissioner of Kenya.
14. Data Protection Officer & Contact Information
JustoHelps has appointed a dedicated Data Protection Officer (DPO) responsible for ensuring compliance with this policy and applicable data protection laws.
Email: dpo@justohelps.co.ke
Primary Support: info@justohelps.co.ke
Response Time: We aim to respond to all data subject requests within 14 days. Complex requests may require up to 30 days.
Complaint Verification: All requests must include sufficient identifying information to verify the requester's identity and support relationship with JustoHelps.
15. Policy Changes & Notifications
JustoHelps may update this privacy policy to reflect changes in our practices, technology, legal requirements, or other factors. When material changes are made:
We will notify all active users via email at least 30 days before the changes take effect.
Continued use of JustoHelps after the effective date constitutes acceptance of the updated policy.
Significant changes that restrict your rights will require explicit opt-in consent.
The version number and "Last Updated" date appear at the top of this policy.
