Last updated: July 18, 2026
Roxan Education OS ("Roxan", "we", "us", "our") is committed to protecting the privacy of all users, including students, parents, teachers, administrators, and institutional representatives who use our multi-tenant education management platform. This Privacy Policy describes how we collect, use, store, share, and protect personal information when you use our services.
When an institution is provisioned on our platform, we collect: institution name, address, contact details, administrator name, email address, and phone number. Individual users provide their name, email, role, and authentication credentials.
Institutions may enter student information including names, dates of birth, guardian details, academic records, attendance data, medical information, and financial records (fees, payments, invoices). This data is entered and managed exclusively by authorized institution personnel.
We automatically collect usage data including IP addresses, browser type, device information, pages visited, features used, session duration, and interaction patterns to improve our services and provide analytics.
Messages, announcements, and broadcasts sent through our communication hub are stored to maintain communication history and enable audit trails.
Each institution on Roxan operates in a completely isolated environment. Institution data is stored in separate database branches with unique access credentials. No institution can access another institution's data. Platform administrators (Super Admins) have oversight capabilities limited to subscription management and platform health monitoring — they do not access individual student records.
We do not sell personal information. We may share data with: payment processors (for fee transactions), communication service providers (for SMS/email delivery), cloud infrastructure providers (for hosting and storage), and legal authorities when required by law. All third-party processors are bound by data processing agreements.
Institutional data is retained for the duration of the subscription and for a reasonable period after termination (typically 90 days) to allow for data export. Students' academic records may be retained longer at the institution's request to support alumni verification and transcript services. Audit logs are retained for a minimum of 2 years.
We implement industry-standard security measures including: TLS encryption for all data in transit, AES-256 encryption for data at rest, role-based access controls at every level, multi-factor authentication support, regular security audits and penetration testing, automated backup systems, and incident response procedures.
Depending on your jurisdiction, you may have the right to: access your personal data, correct inaccurate data, request deletion of your data, restrict processing, data portability, and withdraw consent. Institutions can exercise these rights on behalf of their users. Contact us at privacy@roxan.com to exercise these rights.
Our platform processes student data on behalf of educational institutions. We rely on the institution's lawful basis (typically legitimate interest or contractual necessity in the education context) for processing minors' data. We do not directly collect data from children — all student data is entered by authorized institutional personnel.
For privacy-related questions or concerns, contact our Data Protection Officer at privacy@roxan.com or write to: Roxan, Accra, Ghana.