Privacy Policy

Last updated: 9/28/2025

1. Introduction

EPass Africa ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our educational platform and services.

By using EPass Africa, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

2. Information We Collect

2.1 Personal Information

When you create an account with EPass Africa, we collect essential personal information to provide you with a personalized educational experience. This includes your full name, email address, phone number, date of birth, and educational institution details. This information helps us create your profile and ensure age-appropriate content delivery.

For payment processing, we collect billing address information and payment method details. However, all payment information is processed securely through certified third-party payment processors, and we do not store your complete payment card details on our servers. We only retain the necessary information to process your transactions and manage your subscription.

As you use our platform, we collect academic information including your exam preferences (WAEC, NECO, UTME, PUTME), study progress, performance data, and test scores. This data enables us to track your learning journey, identify areas for improvement, and provide personalized recommendations to enhance your exam preparation.

We also maintain records of your communications with our support team, including messages, feedback, and correspondence. This helps us provide better customer service and address any concerns you may have about our platform.

2.2 Automatically Collected Information

When you access our platform, we automatically collect certain technical information about your device and usage patterns. This includes your IP address, browser type and version, operating system, device identifiers, and screen resolution. This information helps us optimize our platform for your specific device and troubleshoot technical issues.

We track your usage data to understand how you interact with our platform, including which pages you visit, how much time you spend on different sections, which features you use most frequently, and your study patterns. This data is crucial for improving our platform's functionality and developing new features that better serve your educational needs.

We use cookies and similar tracking technologies to enhance your experience on our platform. These technologies help us remember your preferences, maintain your login session, and provide personalized content recommendations. You can control cookie settings through your browser preferences, though disabling certain cookies may affect platform functionality.

3. How We Use Your Information

The information we collect serves multiple purposes, all aimed at providing you with the best possible educational experience while maintaining the highest standards of privacy and security.

Service Provision and Platform Maintenance: We use your personal information to create and maintain your account, provide access to our educational content, and ensure the smooth operation of our platform. This includes processing your exam preferences, tracking your progress, and delivering the specific educational materials you need for your chosen examinations.

Personalization and Learning Enhancement: Your academic data and usage patterns help us customize your learning experience. We analyze your performance, study habits, and preferences to recommend relevant content, identify areas where you need additional practice, and suggest study schedules that work best for your learning style. This personalized approach helps maximize your exam preparation effectiveness.

Progress Monitoring and Performance Analytics: We continuously monitor your academic progress to provide detailed insights into your performance. This includes tracking your test scores, identifying strengths and weaknesses, and generating comprehensive reports that help you understand your learning trajectory and make informed decisions about your study approach.

Communication and Support: We use your contact information to send important updates about our platform, notify you of new features, provide study reminders, and respond to your inquiries. We also use this information to send educational content, exam tips, and motivational messages to support your learning journey.

Payment Processing and Subscription Management: Your payment information is used exclusively to process transactions, manage your subscription, and provide you with access to premium features. We work with trusted payment processors to ensure your financial information is handled securely and in compliance with industry standards.

Platform Improvement and Research: We analyze aggregated usage data to improve our services, develop new features, and conduct research on educational effectiveness. This analysis helps us understand how students learn best and enables us to continuously enhance our platform's educational value.

Legal Compliance and Security: We use your information to comply with applicable laws and regulations, protect our platform from fraud and abuse, and ensure the security of all users. This includes implementing security measures, investigating potential violations of our terms of service, and cooperating with legal authorities when required.

4. Legal Basis for Processing (GDPR Compliance)

Under the General Data Protection Regulation (GDPR) and other applicable privacy laws, we process your personal data based on several legal grounds, ensuring that our data processing activities are lawful, fair, and transparent.

Consent: We process your personal data when you have given us explicit consent for specific purposes. This includes marketing communications, certain analytics, and optional features. You have the right to withdraw your consent at any time, and we will stop processing your data for those purposes immediately upon receiving your withdrawal request.

Contract Performance: We process your personal data to fulfill our contractual obligations to provide you with educational services. This includes creating and maintaining your account, providing access to exam materials, tracking your progress, and delivering the services you have subscribed to. This legal basis ensures we can provide you with the educational experience you expect from our platform.

Legitimate Interests: We process your data based on our legitimate interests in improving our services, preventing fraud, ensuring platform security, and conducting research to enhance educational outcomes. We carefully balance our legitimate interests against your privacy rights and ensure that our processing is necessary and proportionate. You have the right to object to processing based on legitimate interests.

Legal Obligation: We process your personal data when required by applicable laws and regulations. This includes maintaining records for tax purposes, complying with educational regulations, responding to legal requests from authorities, and fulfilling other legal requirements that may apply to our operations.

5. Data Sharing and Disclosure

We are committed to protecting your privacy and only share your personal information in specific, limited circumstances. We never sell your personal information to third parties for marketing or any other purposes.

Service Providers and Business Partners: We may share your information with trusted third-party vendors who assist us in operating our platform, processing payments, providing customer support, conducting analytics, and delivering our services. These service providers are contractually bound to protect your information and use it only for the specific purposes we have authorized. They are not permitted to use your information for their own purposes or share it with other parties.

Educational Partners and Institutions: With your explicit consent, we may share your academic progress and performance data with your school, educational institution, or designated educational partners. This sharing is designed to support your educational journey and help your teachers or mentors understand your learning progress. We only share this information when you have given us clear permission to do so.

Legal Requirements and Safety: We may disclose your information when required by law, regulation, legal process, or governmental request. We may also share information when we believe it is necessary to protect our rights, property, or safety, or that of our users or the public. This includes responding to court orders, subpoenas, or other legal requests, and cooperating with law enforcement investigations.

Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will ensure that any such transfer is subject to appropriate privacy protections and that you are notified of any material changes to how your information is handled.

With Your Explicit Consent: We may share your information with third parties when you have given us explicit consent to do so. This includes situations where you choose to connect your account with other educational platforms or services, or when you participate in research studies or surveys.

Aggregated and Anonymized Data: We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This information helps researchers, educators, and policymakers understand educational trends and improve learning outcomes without compromising individual privacy.

6. Data Security

We take the security of your personal information extremely seriously and have implemented comprehensive technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

Encryption and Data Protection: All data transmitted between your device and our servers is encrypted using industry-standard SSL/TLS protocols. Your personal information is also encrypted when stored on our servers, ensuring that even if our systems were compromised, your data would remain protected. We use strong encryption algorithms and regularly update our encryption methods to maintain the highest level of security.

Infrastructure Security: Our platform is hosted on secure, enterprise-grade cloud infrastructure with multiple layers of security controls. We implement firewalls, intrusion detection systems, and regular security monitoring to protect against cyber threats. Our servers are located in secure data centers with physical security measures, including access controls, surveillance, and environmental protections.

Access Controls and Authentication: We implement strict access controls to ensure that only authorized personnel can access your personal information. All access is logged and monitored, and we use multi-factor authentication for administrative access. Our staff members are granted access only to the information necessary for their specific job functions, following the principle of least privilege.

Regular Security Assessments: We conduct regular security assessments, vulnerability scans, and penetration testing to identify and address potential security weaknesses. We also perform regular security audits and compliance reviews to ensure our security measures meet industry standards and regulatory requirements.

Staff Training and Awareness: All our employees receive comprehensive training on data protection practices, security protocols, and privacy requirements. We maintain strict confidentiality agreements and ensure that our staff understands their responsibilities in protecting your personal information.

Incident Response and Monitoring: We have established incident response procedures to quickly detect, investigate, and respond to any security incidents. Our security team monitors our systems 24/7 for any suspicious activity, and we have protocols in place to notify affected users and authorities in the event of a data breach, as required by law.

Data Backup and Recovery: We maintain secure, encrypted backups of your data to ensure business continuity and data recovery in case of system failures or disasters. These backups are stored separately from our primary systems and are regularly tested to ensure their integrity and availability.

7. Your Rights (GDPR Rights)

Under the General Data Protection Regulation (GDPR) and other applicable privacy laws, you have several important rights regarding your personal data. We are committed to helping you exercise these rights and will respond to your requests promptly and transparently.

Right of Access: You have the right to request copies of your personal data that we hold. This includes information about what data we have, how we use it, who we share it with, and how long we keep it. We will provide this information in a clear, understandable format within one month of receiving your request.

Right to Rectification: If you believe that any of your personal data is inaccurate or incomplete, you have the right to request that we correct or update it. We will verify the accuracy of the information and make the necessary corrections promptly.

Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, when you withdraw your consent, or when the data has been unlawfully processed. However, we may need to retain some information for legal or regulatory reasons.

Right to Restrict Processing: You have the right to request that we limit how we use your personal data in certain situations. This means we can store your data but not use it for most purposes. This right applies when you contest the accuracy of the data, when the processing is unlawful, or when you need the data for legal claims.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another organization. This right applies when we process your data based on consent or contract performance.

Right to Object: You have the right to object to the processing of your personal data when we process it based on legitimate interests or for direct marketing purposes. We will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.

Right to Withdraw Consent: When we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that significantly affect you, unless such processing is necessary for entering into or performing a contract, or is based on your explicit consent.

To exercise any of these rights, please contact us at hello@epass.africa. We will respond to your request within one month and may ask for additional information to verify your identity. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Our data retention practices are designed to balance your privacy rights with our legitimate business needs and legal requirements.

Active Account Data: While your account is active, we retain your personal information to provide our services, maintain your learning progress, and support your educational journey. This includes your profile information, academic progress, and usage data that helps us personalize your experience.

Legal and Regulatory Requirements: We may retain certain information for longer periods when required by applicable laws and regulations. This includes financial records for tax purposes, educational records for compliance with educational regulations, and other data that we are legally obligated to maintain.

Dispute Resolution and Legal Claims: We may retain information that is relevant to resolving disputes, enforcing our terms of service, or defending against legal claims. This retention is limited to the information necessary for these purposes and is subject to applicable statute of limitations.

Service Improvement and Analytics: We may retain anonymized or aggregated data for longer periods to improve our services, conduct research, and develop new features. This data cannot be used to identify you personally and helps us understand educational trends and improve learning outcomes.

Account Deletion: When you delete your account or request data deletion, we will securely delete or anonymize your personal information within a reasonable timeframe, typically within 30 days. However, some information may be retained for longer periods if required by law or for legitimate business purposes.

Secure Deletion: When data is no longer needed, we use secure deletion methods that ensure the information cannot be recovered. This includes both digital deletion from our active systems and secure destruction of any physical records or backup media.

9. International Data Transfers

As a global educational platform, your information may be transferred to and processed in countries other than your own. We are committed to ensuring that any international transfers of your personal data are conducted in compliance with applicable privacy laws and with appropriate safeguards to protect your information.

Transfer Mechanisms: When we transfer your personal data to countries outside your jurisdiction, we rely on appropriate transfer mechanisms to ensure adequate protection. This includes Standard Contractual Clauses (SCCs) approved by relevant data protection authorities, adequacy decisions by competent authorities recognizing that certain countries provide adequate protection, and other legally recognized transfer mechanisms.

Service Provider Transfers: Some of our service providers, including cloud hosting providers, payment processors, and analytics services, may be located in different countries. We ensure that all such transfers are subject to appropriate contractual safeguards and that our service providers are bound by data protection obligations that meet or exceed applicable legal requirements.

Your Rights: Regardless of where your data is processed, you retain all the rights outlined in this Privacy Policy. We will ensure that any international transfers do not diminish your privacy rights or the protections afforded to your personal information.

10. Children's Privacy

Our services are designed to support students of all ages, including minors, in their educational journey. We take children's privacy very seriously and comply with all applicable children's privacy laws, including the Children's Online Privacy Protection Act (COPPA) and other relevant regulations.

Age Verification and Parental Consent: We do not knowingly collect personal information from children under 13 without verifiable parental consent. When users under 13 attempt to create an account, we require parental or guardian consent before collecting any personal information. We use reasonable methods to verify parental identity and consent.

Limited Data Collection for Minors: For users between 13 and 18, we collect only the minimum amount of information necessary to provide our educational services. We avoid collecting unnecessary personal information and do not use personal information for marketing purposes without explicit consent from both the minor and their parent or guardian.

Parental Rights: Parents and guardians have the right to review, request deletion of, or refuse further collection of their child's personal information. They can also request that we stop using their child's information for any purpose. We provide parents with access to their child's information and allow them to make changes or request deletion.

Educational Focus: Our platform is designed with education as the primary purpose, and we do not engage in practices that could be harmful to children. We do not use personal information for behavioral advertising to children, and we implement additional safeguards to protect minors' privacy and safety.

Reporting Concerns: If you believe we have collected information from a child under 13 without proper consent, or if you have concerns about how we handle children's information, please contact us immediately at hello@epass.africa. We will investigate and take appropriate action to address any concerns.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform, provide personalized content, and improve our services. These technologies help us understand how you interact with our platform and enable us to deliver a better educational experience.

Types of Cookies We Use: We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a set period). We also use first-party cookies (set by our platform) and third-party cookies (set by our service providers) to support various platform functions.

Functional Cookies: These cookies are essential for the basic functionality of our platform. They remember your login status, language preferences, and other settings that make your experience more convenient. Without these cookies, certain features of our platform may not work properly.

Analytics Cookies: We use analytics cookies to understand how you use our platform, which pages you visit most frequently, and how long you spend on different sections. This information helps us improve our platform's design, identify popular features, and optimize the user experience.

Personalization Cookies: These cookies help us provide personalized content and recommendations based on your learning preferences, exam choices, and study patterns. They enable us to customize your dashboard, suggest relevant study materials, and track your progress across different subjects.

Security Cookies: We use security cookies to protect against fraud, unauthorized access, and other security threats. These cookies help us verify your identity, detect suspicious activity, and maintain the security of your account and our platform.

Cookie Management: You can control cookie settings through your browser preferences. Most browsers allow you to refuse cookies, delete existing cookies, or receive notifications when cookies are being set. However, disabling certain cookies may affect the functionality of our platform and your ability to access certain features.

Third-Party Cookies: Some of our service providers may set their own cookies on our platform. These include analytics providers, payment processors, and other third-party services. We do not control these cookies, and you should review the privacy policies of these third parties to understand how they use cookies and other tracking technologies.

12. Third-Party Services

Our platform integrates with various third-party services to provide you with a comprehensive educational experience. These services include payment processors, analytics providers, cloud hosting services, and other tools that help us deliver and improve our platform.

Payment Processing: We use trusted third-party payment processors to handle all financial transactions securely. These processors are PCI DSS compliant and use industry-standard encryption to protect your payment information. We do not store your complete payment card details on our servers.

Analytics and Performance Monitoring: We use analytics services to understand how our platform is performing, identify areas for improvement, and ensure optimal user experience. These services help us track platform usage, performance metrics, and user engagement patterns.

Cloud Infrastructure: Our platform is hosted on secure cloud infrastructure provided by reputable service providers. These providers implement robust security measures and comply with industry standards for data protection and privacy.

Educational Content and Resources: We may integrate with third-party educational content providers to offer you additional study materials, practice questions, and learning resources. These integrations are designed to enhance your educational experience.

Third-Party Privacy Policies: Each third-party service we use has its own privacy policy that governs how they collect, use, and protect your information. We encourage you to review these privacy policies to understand how your data is handled by these services. We are not responsible for the privacy practices of third-party services.

Data Sharing with Third Parties: When we share your information with third-party services, we ensure that appropriate safeguards are in place and that the sharing is limited to what is necessary for the service to function. We require our third-party partners to maintain the same level of data protection that we do.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We are committed to keeping you informed about how we collect, use, and protect your information.

Notification of Changes: When we make material changes to this Privacy Policy, we will notify you through prominent notice on our platform, email notification, or other appropriate means. We will also update the "Last updated" date at the top of this policy to reflect when the changes were made.

Review Period: We will provide you with reasonable advance notice of any material changes, typically at least 30 days before the changes take effect. This gives you time to review the changes and understand how they may affect you.

Continued Use: Your continued use of our platform after the effective date of any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the changes, you may discontinue using our platform and request deletion of your account.

Minor Changes: For minor changes that do not materially affect your privacy rights or how we use your information, we may update this policy without providing individual notice. However, we will always update the "Last updated" date to reflect when changes were made.

Historical Versions: We maintain records of previous versions of this Privacy Policy for your reference. If you would like to review a previous version, please contact us at hello@epass.africa.

14. Contact Information

If you have questions about this Privacy Policy, our data practices, or if you would like to exercise any of your privacy rights, we encourage you to contact us. We are committed to addressing your concerns promptly and transparently.

Data Protection Officer: For privacy-related inquiries, you can contact our Data Protection Officer at hello@epass.africa. Our team is trained to handle privacy requests and will respond to your inquiry within the timeframes required by applicable law.

General Inquiries: For general questions about our platform, services, or this Privacy Policy, you can reach us at:

Response Times: We aim to respond to all privacy-related inquiries within 30 days, as required by applicable privacy laws. For urgent matters or data breach notifications, we will respond as quickly as possible.

Complaints: If you are not satisfied with our response to your privacy inquiry, you have the right to lodge a complaint with your local data protection authority. We will cooperate with any investigation and work to resolve any legitimate concerns.

15. App Store Compliance

This Privacy Policy is designed to comply with the requirements of major app stores and privacy regulations worldwide. We are committed to meeting the highest standards of privacy protection and transparency.

Apple App Store Compliance: Our privacy policy meets Apple's App Store Privacy Guidelines, including requirements for data collection disclosure, user consent, and data handling practices. We provide clear information about what data we collect and how we use it, as required by Apple's privacy requirements.

Google Play Store Compliance: We comply with Google Play Store's privacy policy requirements, including data safety requirements, user data handling disclosures, and privacy policy accessibility. Our policy clearly explains our data practices in a way that meets Google's standards for transparency and user protection.

GDPR Compliance: Our privacy policy and practices are designed to comply with the General Data Protection Regulation (GDPR), including requirements for lawful basis for processing, user rights, data protection by design, and privacy impact assessments. We implement appropriate technical and organizational measures to protect personal data.

CCPA Compliance: We comply with the California Consumer Privacy Act (CCPA), including requirements for data collection disclosure, user rights, and opt-out mechanisms. California residents have specific rights regarding their personal information, which are outlined in this policy.

NDPR Compliance: We comply with the Nigerian Data Protection Regulation (NDPR), including requirements for data processing principles, user consent, data subject rights, and data protection impact assessments. Our practices align with Nigerian privacy laws and regulations.

Ongoing Compliance: We regularly review and update our privacy practices to ensure continued compliance with evolving privacy laws and app store requirements. We stay informed about changes in privacy regulations and adjust our practices accordingly to maintain the highest standards of privacy protection.