SMASHRITE PRIVACY POLICY
Last Updated: February 13, 2026
1. INTRODUCTION
Smashrite Technologies Limited ("we," "our," or "Smashrite") is committed to protecting the privacy and security of users of our mobile examination platform across Africa. This Privacy Policy explains how we collect, use, store, and protect information when you use the Smashrite Core mobile application and related services.
Smashrite Core is a B2B2C service: we provide our platform to educational institutions ("Institutions") across Africa, who then provide examination services to their students ("Users" or "Students"). This policy covers both institutional and student data.
Geographical Coverage: This policy applies to all users of Smashrite Core services across Africa, including but not limited to institutions and students in Nigeria, Ghana, Kenya, South Africa, Uganda, Tanzania, Rwanda, Ethiopia, and other African countries where our services are available.
2. INFORMATION WE COLLECT
2.1 Student Information (Provided by Institutions)
- Student ID/Registration number
- Full name
- Email address (if provided)
- Department/Faculty/Program information
- Academic session/year
- Exam registration data
- Nationality/country of residence (if required by institution)
2.2 Exam Data
- Exam responses and answers
- Exam start and completion times
- Question navigation patterns
- Flagged questions
- Submission timestamps
- Exam scores and results
2.3 Device and Security Information
- Device model and manufacturer
- Operating system version
- Device unique identifier (for security purposes)
- Screen resolution
- Available storage space
- Network connectivity status
- Device security status (root/jailbreak detection)
- App installation source verification
- Device integrity checks
2.4 Security Monitoring Data
- Unauthorized app usage attempts during exams
- Screen recording or screenshot attempts
- App switching or exit attempts
- Suspicious activity patterns
- Security violation timestamps
- Network manipulation attempts
2.5 Technical and Usage Information
- App version
- Crash reports and error logs
- App performance metrics
- Feature usage statistics
- Login/logout times
- General location (country/region - for service optimization, not precise GPS)
2.6 Information We DO NOT Collect
- Precise location data (GPS coordinates)
- Contact lists
- Photos or media files
- SMS or call logs
- Microphone or camera access (unless specifically required and authorized for exam proctoring features)
- Social media information
- Browsing history
- Information from other apps on your device
- Financial or payment information
3. HOW WE USE INFORMATION
3.1 Primary Purposes
- Deliver secure examination services across Africa
- Authenticate students and prevent unauthorized access
- Monitor and prevent examination malpractice
- Generate exam results and performance analytics
- Provide exam support and troubleshooting
- Ensure platform security and integrity
- Comply with examination regulations in your country
3.2 Security and Fraud Prevention
- Detect and prevent cheating and exam malpractice
- Verify device integrity and security status
- Identify unauthorized access attempts
- Monitor for suspicious activity patterns
- Maintain audit trails for institutional and regulatory compliance
3.3 Service Improvement
- Analyze platform performance across different regions and infrastructure conditions
- Identify and fix technical issues
- Improve user experience for African users
- Develop new features suited to African educational contexts
- Ensure offline-first reliability across diverse network conditions
4. DATA STORAGE AND LOCATION
4.1 Local Storage (Institution Servers)
Smashrite Core operates on a local infrastructure model designed for African contexts. All student data, exam content, and results are stored on servers maintained by your educational institution within their premises or chosen hosting location in your country. Smashrite Technologies does not store exam content or student personal data on external cloud servers outside your institution's control.
Data Sovereignty: Your institution maintains complete control over where student data is stored. Data typically remains within your country or region, subject to your institution's infrastructure decisions and local data protection requirements.
4.2 Temporary Mobile Storage
The mobile app temporarily stores:
- Downloaded exam questions (encrypted, deleted after submission)
- Cached student credentials (encrypted)
- Offline exam responses (until synchronized with institutional server)
- App settings and preferences
All temporary data is encrypted and automatically deleted after successful synchronization or exam completion.
4.3 Smashrite Technologies Data
We only store:
- Aggregate usage statistics (anonymized, no personal data)
- Technical performance metrics (anonymized, no personal data)
- Crash and error reports (no personal data)
- License and subscription information for institutions
This limited data may be stored on cloud infrastructure outside your country solely for platform improvement purposes and contains no personally identifiable information.
5. DATA SHARING AND DISCLOSURE
5.1 With Your Educational Institution
All exam data, responses, results, and security monitoring information is shared with your educational institution. Your institution is the primary data controller for your personal and academic information.
5.2 Third-Party Service Providers
We do not share data with third-party marketing companies or advertisers. We may share technical data with:
- Cloud infrastructure providers (only for anonymized analytics)
- Security service providers (for platform security)
- Technical support partners (under strict confidentiality agreements)
All third-party service providers are contractually bound to protect your data and use it only for specified purposes.
5.3 Cross-Border Data Transfers
In general, your personal and exam data does not leave your country, as it is stored on your institution's local servers. However, anonymized technical data may be processed outside your country for platform improvement. When data is transferred internationally, we ensure appropriate safeguards are in place, including:
- Standard contractual clauses
- Data encryption in transit and at rest
- Compliance with applicable data protection laws
5.4 Legal Requirements
We may disclose information if required by:
- National laws or regulations in your country
- Court orders or legal processes
- Regulatory or examination bodies (through your institution)
- Protection of rights, safety, or property
5.5 Institutional Transfers
If your institution changes examination platforms, we will work with them to facilitate data transfer or deletion according to their instructions and applicable regulations in your country.
6. DATA SECURITY
6.1 Technical Security Measures
- End-to-end encryption for data transmission
- Encrypted local storage on mobile devices
- Secure authentication protocols
- Device integrity verification
- Tamper-proof exam delivery
- Regular security audits
- Intrusion detection systems
6.2 Organizational Security
- Access controls and role-based permissions
- Staff confidentiality agreements
- Regular security training
- Incident response procedures
- Data backup and recovery systems
6.3 Offline Security
- Encrypted offline exam storage
- Secure synchronization protocols
- Automatic deletion of temporary files
- Device-level encryption requirements
7. YOUR RIGHTS AND CHOICES
Your data protection rights may vary depending on your country's laws. Common rights across African jurisdictions include:
7.1 Access and Correction
You have the right to:
- Access your exam data through your institution
- Request correction of inaccurate personal information
- Review your exam responses and results
- Request information about data processing
- Obtain a copy of your personal data
Contact your institution's examination or IT department to exercise these rights.
7.2 Data Deletion and Portability
- Exam responses are retained according to your institution's academic record policies and national regulations
- You can request deletion of your account (subject to institutional retention requirements and legal obligations)
- Temporary mobile data is automatically deleted after synchronization
- You can uninstall the app at any time to remove all local data
- You may request data portability where applicable under your country's laws
7.3 Opt-Out Limitations
Because Smashrite Core is an examination platform:
- You cannot opt out of security monitoring during exams
- Device integrity checks are mandatory for exam access
- Violation detection is required for platform security
- Basic exam data collection is necessary for service delivery
7.4 Withdrawal of Consent
Where we process your data based on consent, you have the right to withdraw that consent at any time. However, this may affect your ability to take exams through the platform.
8. INSTITUTIONAL RESPONSIBILITIES
Your educational institution is responsible for:
- Obtaining proper consent for data collection under local laws
- Complying with national data protection regulations
- Managing student records and retention in accordance with local requirements
- Providing notice of examination policies
- Handling data subject requests under applicable laws
- Maintaining server security
- Data backup and disaster recovery
- Ensuring compliance with examination board regulations in your country
9. CHILDREN'S PRIVACY
Smashrite Core is provided to institutions that serve students of various ages across Africa. We do not knowingly collect data from children under the minimum age required by local laws (typically 13-16 years) without institutional authorization and appropriate parental or guardian consent.
Institutions are responsible for:
- Obtaining appropriate consents for minor students as required by local law
- Ensuring compliance with child protection regulations in their country
- Implementing age-appropriate data handling practices
10. COMPLIANCE WITH AFRICAN DATA PROTECTION LAWS
Smashrite Core is committed to compliance with data protection laws across Africa. We adhere to the requirements of various national and regional data protection frameworks, including:
10.1 Nigeria
Nigeria Data Protection Regulation (NDPR) 2019 and Nigeria Data Protection Act (NDPA) 2023:
- We process data lawfully, fairly, and transparently
- We collect data for specific, legitimate purposes
- We implement appropriate technical and organizational security measures
- We respect data subject rights as outlined in Nigerian law
- We maintain data processing records
- We provide mechanisms for data breach notification
10.2 Kenya
Kenya Data Protection Act, 2019:
- We ensure lawful processing of personal data
- We maintain data processing principles including accuracy and storage limitation
- We respect data subject rights including access, correction, and deletion
- We implement appropriate security safeguards
10.3 South Africa
Protection of Personal Information Act (POPIA), 2013:
- We process information lawfully and in a reasonable manner
- We collect information for specific, explicitly defined purposes
- We ensure information quality and accuracy
- We implement security safeguards
- We respect data subject participation rights
10.4 Ghana
Data Protection Act, 2012 (Act 843):
- We obtain consent where required
- We process data fairly and lawfully
- We maintain data accuracy
- We implement appropriate security measures
10.5 Other African Countries
For countries with emerging or established data protection frameworks (including Uganda, Rwanda, Tanzania, Ethiopia, and others), we:
- Monitor and comply with evolving data protection requirements
- Implement internationally recognized data protection principles
- Work with local institutions to ensure compliance with local regulations
- Adapt our practices to meet country-specific requirements
10.6 African Union Convention
We align our practices with the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention) principles, promoting harmonized data protection across the continent.
11. INTERNATIONAL AND REGIONAL STUDENTS
11.1 Students from Other African Countries
If you are studying in a different African country than your country of origin:
- Data is typically stored on your institution's local servers in the country where you study
- Your rights are generally governed by the data protection laws of the country where your institution is located
- You may also have rights under your home country's laws - contact your institution for guidance
11.2 Students from Outside Africa
For students from countries outside Africa studying at African institutions:
- Data is stored on your African institution's local servers
- We comply with applicable African data protection laws
- Your rights may vary based on your home country regulations (e.g., GDPR for EU students)
- Contact your institution for country-specific information and how to exercise your rights
12. CHANGES TO THIS POLICY
We may update this Privacy Policy periodically to reflect:
- Changes in our practices
- New features or services
- Legal or regulatory requirements in African countries
- Security improvements
- Expansion to new African markets
We will notify institutions of material changes, and institutions will notify students. The "Last Updated" date will always reflect the most recent version. Continued use of Smashrite Core after changes constitutes acceptance of the updated policy.
13. DATA RETENTION
- Exam responses: Retained according to institutional academic policies and national regulations (typically 2-7 years, varies by country)
- Security logs: Retained for audit purposes as required by institutional policy and local regulations (typically 1-5 years)
- Technical logs: Retained for 90 days unless investigating incidents
- Temporary mobile data: Deleted immediately after synchronization
- Account data: Retained while you are an active student, then archived per institutional policy and national archiving requirements
Specific retention periods may vary based on your country's education regulations and institutional policies.
14. CONTACT INFORMATION
For privacy questions or concerns:
For data access or correction requests:
Contact your educational institution's examination office or IT department first. They are the primary data controller for your academic information.
For regulatory complaints:
You have the right to lodge a complaint with the data protection authority in your country:
15. INSTITUTION-SPECIFIC POLICIES
Your institution may have additional privacy policies governing:
- Academic records
- Examination procedures
- Student data management
- Retention schedules
- Country-specific compliance requirements
Please review your institution's privacy notice and examination policies for complete information applicable to your specific situation.
ACKNOWLEDGMENT
By using Smashrite, you acknowledge that:
- You have read and understood this Privacy Policy
- You consent to data collection and processing as described
- You understand that your institution is the primary data controller for your academic data
- You agree to security monitoring during examinations
- You accept the use of device integrity checks for exam security
- You understand your rights under applicable data protection laws in your country
- You acknowledge that data protection laws may vary by country
For questions specific to your examination, personal data, or country-specific regulations, contact your institution's examination office.