Privacy Policy

Effective Date: January 2025
Last Updated: November 2025

This Privacy Policy explains how Decoveo Ltd (“Decoveo”, “we”, “our”, “us”) collects, uses, discloses, and protects personal information across all our products and services, including the VeraSlate mobile application, ScreenLine, school portals, websites, consulting offerings, and any related platforms (“Services”).

By using our Services, you agree to the terms described in this Privacy Policy.

1. Introduction & Scope

This Privacy Policy applies to:

  • Students, teachers, parents, and school administrators
  • General consumers using VeraSlate outside a school context
  • Visitors to our websites or marketing platforms
  • Users of our mobile applications
  • Institutions using Decoveo products in an educational or business context

This Privacy Policy applies regardless of whether you access our Services via web browser, mobile app, API, or through integrations used by your institution.

2. Who We Are

Decoveo Ltd is a technology company providing:

  • Learning platforms and student mobile applications
  • School management and administrative systems
  • Web development, hosting and maintenance solutions
  • Digital consulting and IT services

We operate internationally and process data on behalf of clients and end users in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), UK GDPR, and the Nigeria Data Protection Act (NDPA).

3. Information We Collect

We collect information necessary to provide, secure, and improve our Services. The types of data collected depend on how you use our products.

3.1 Information You Provide Directly

  • Account information: name, email address, phone number, password (hashed)
  • Profile information: school name, student ID, programme, role (e.g. student, teacher, administrator)
  • Educational data: assignments, submissions, assessments, lesson notes, comments
  • Financial data: invoice details, amounts paid or outstanding, payment references
  • Communications: messages sent via the platform, support tickets, feedback, survey responses

We never store passwords in plain text. Passwords are securely hashed.

3.2 Information Collected Automatically

When using our Services, we may automatically collect:

  • Device type, operating system, browser type and version
  • IP address and approximate location
  • Mobile device identifiers and app instance identifiers
  • Push notification tokens
  • Usage data such as pages visited, features used, and time spent
  • Error logs, diagnostics, and performance metrics
  • Authentication and session tokens for secure access

3.3 Payment Information

Payments made through our platforms are processed by third-party payment providers such as Paystack.

We may collect and store:

  • Payment reference and transaction ID
  • Invoice or fee identifiers
  • Amount paid, currency, and payment status
  • Non-card payment metadata necessary for reconciliation and reporting

We do not store or process full credit or debit card numbers on our servers.

3.4 School or Institution Data

When our products are used by schools and other institutions, we may process:

  • Student and staff profiles
  • Course enrolments and class lists
  • Timetables, attendance, and academic performance
  • School-generated content such as announcements, notices, and assessments

This information is typically supplied and controlled by the institution.

4. How We Use Personal Information

We use the information we collect to:

  • Authenticate users, manage accounts, and maintain secure access
  • Connect users to the correct backend system via discovery and tenant routing services
  • Personalise dashboards, course content, and schedules
  • Display educational, financial, and communication information
  • Process and verify payments and reconcile invoices
  • Deliver notifications, reminders, and institutional announcements
  • Monitor, maintain, and improve the performance, reliability, and usability of our Services
  • Provide technical support and respond to user enquiries
  • Comply with legal, regulatory, and contractual obligations

5. Legal Basis for Processing (GDPR, UK GDPR, NDPA)

Where GDPR, UK GDPR, or the NDPA applies, we process personal data under one or more of the following legal bases:

  • Contractual necessity: to provide the Services requested by you or your institution, including account management, course delivery, and billing.
  • Legitimate interests: to improve our Services, ensure platform security, prevent fraud, and support customer service, provided these interests are not overridden by your rights.
  • Consent: for certain optional features such as marketing communications or specific types of notifications, where required by law.
  • Legal obligations: to comply with financial, regulatory, tax, and other legal requirements.

6. Data Controller and Data Processor Roles

Decoveo operates under a dual-role model, acting as either a Data Controller or Data Processor depending on the context.

6.1 When Decoveo Is a Data Processor

For school-managed accounts and institutional use of our platforms, the relevant school or institution typically acts as the Data Controller. In these circumstances, Decoveo acts as a Data Processor, processing personal data on the written instructions of the institution.

This applies to:

  • Student and staff accounts provisioned by a school
  • Academic and administrative records managed through our platforms
  • Institution-specific workflows, reporting, and integrations

In these cases, the institution determines what data is collected, how it is used, and how long it is retained. Users should first contact their institution for requests regarding access, correction, or deletion of their personal data.

6.2 When Decoveo Is a Data Controller

Decoveo acts as a Data Controller in relation to:

  • General users of VeraSlate who register independently of any school or institution
  • Visitors to our websites and marketing pages
  • Corporate clients and decision-makers engaging us for digital or consulting services
  • Billing, subscription management, and direct customer communications
  • Analytics and service improvement activities at an aggregated or pseudonymised level

In these scenarios, Decoveo determines the purposes and means of processing and is responsible for responding to data subject requests directly.

6.3 Independent Controllers

In some circumstances, both Decoveo and an institution may act as independent Data Controllers for distinct processing activities (for example, the institution managing student records while Decoveo manages platform analytics or error logs). In such cases, each party is responsible for its own compliance obligations.

7. VeraSlate Mobile App — Specific Practices

The VeraSlate mobile application collects additional information necessary to deliver a mobile-first learning and student experience.

7.1 Discovery and Tenant Routing

To connect you to the correct school or backend service, VeraSlate may process:

  • School or institution identifier
  • Domain or subdomain used for login
  • Tenant mapping information used solely for routing

This process does not involve storing sensitive personal information beyond what is necessary to route your request.

7.2 Device and Mobile Data

When using the mobile app, we may collect:

  • Device type and operating system version
  • Mobile app version and configuration
  • Push notification tokens
  • Diagnostics and crash information
  • Session and authentication tokens

This information helps us ensure the app functions correctly across different devices and improves stability and performance.

7.3 HTML Content and Embedded Media

Course notes and lesson content in VeraSlate may include:

  • Rich text, formatting, and HTML markup
  • Embedded images or media
  • Links to external content, such as videos hosted on third-party platforms

Such content is typically authored and managed by your institution or content provider. We render this content within the app where appropriate and subject to technical and security constraints.

7.4 Payments in the VeraSlate App

Where enabled by your institution, the VeraSlate app supports secure payments (for example, fees or invoices) via integrated payment providers such as Paystack. We may process:

  • Invoice identifiers and payment references
  • Transaction status and metadata
  • Calculated fees and amounts due

We do not store full card details within the app or on our servers.

7.5 Push Notifications

VeraSlate may send push notifications to:

  • Remind you of upcoming classes or assessments
  • Notify you of new content, announcements, or notices
  • Inform you about invoice updates or payment confirmations

You can manage or disable push notifications at any time through your device settings. Some important notifications may still be delivered via email or in-app messages.

8. Cookies and Tracking Technologies

Our websites may use cookies, web beacons, and similar technologies to:

  • Maintain your login session
  • Remember preferences and settings
  • Measure website performance and usage patterns
  • Support security and fraud prevention

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our websites.

Our mobile applications do not use browser cookies but may use secure local storage, device identifiers, and analytics tools for functionality, diagnostics, and performance monitoring.

9. How We Share Personal Information

We may share personal information as follows:

9.1 With Schools and Institutions

For school-managed users, we share necessary information with your institution to deliver the Service, in accordance with our contractual obligations and the institution’s instructions.

9.2 With Service Providers

We engage third-party service providers to help operate and support our Services, including:

  • Payment processors (e.g. Paystack)
  • Cloud hosting providers (e.g. Amazon Web Services)
  • Mobile infrastructure platforms (e.g. Expo)
  • Email, SMS, and push notification delivery services
  • Analytics, monitoring, and logging tools

These providers process personal data only on our behalf and are required to maintain appropriate security measures.

9.3 Legal and Regulatory Disclosures

We may disclose personal information where we reasonably believe it is necessary to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to valid requests from law enforcement or regulatory authorities
  • Protect the rights, property, or safety of Decoveo, our users, or the public

We do not sell personal data.

10. International Data Transfers

Personal data may be stored and processed in countries where we or our service providers operate, including:

  • Nigeria
  • United Kingdom
  • European Union member states
  • United States
  • Other jurisdictions as needed to provide the Services

Where required, we implement appropriate safeguards for international transfers, such as contractual protections or other mechanisms recognised under applicable data protection laws.

11. Security Measures

We implement technical and organisational measures designed to protect personal data, including:

  • Encrypted communication (HTTPS/TLS) for data in transit
  • Secure token-based authentication and access controls
  • Segregation of duties and role-based permissions
  • Regular updates and security patches for our systems
  • Monitoring, logging, and incident response procedures

While we strive to protect your information, no method of transmission or storage is completely secure. We continually work to improve our security practices and mitigate potential risks.

12. Data Retention

We retain personal data only for as long as necessary to:

  • Provide and maintain the Services
  • Comply with legal and regulatory obligations
  • Resolve disputes and enforce agreements
  • Fulfil our contractual commitments to schools and institutions

Retention periods may vary depending on the type of data, the nature of our relationship with you or your institution, and applicable legal requirements.

13. Children’s Privacy

Some of our Services are used in educational contexts involving minors. In such cases:

  • Student accounts are generally created and managed by the school or institution.
  • Decoveo processes student data under the authority and instructions of the institution.
  • Personal data of minors is used solely for educational, administrative, and related purposes.

We do not knowingly permit children to create accounts or use our Services independently without appropriate institutional or parental authorisation.

14. Your Rights (GDPR, UK GDPR, NDPA)

Depending on your location and applicable law, you may have the following rights in relation to your personal data:

  • Right of access: to obtain a copy of your personal data we hold.
  • Right to rectification: to correct inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data in certain circumstances.
  • Right to restriction: to limit the processing of your data under specific conditions.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: to receive your data in a structured, commonly used format in certain cases.

For users whose data is managed by a school or institution, some requests may need to be directed to that institution as the Data Controller. We will cooperate with institutions to support the handling of such requests in accordance with our contractual and legal obligations.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or data practices. When we make material changes, we will take reasonable steps to notify you, such as:

  • Posting an updated version on our website
  • Displaying notices within our applications
  • Sending email notifications where appropriate

Your continued use of the Services after any changes become effective will constitute your acknowledgement of the updated Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can contact us at:

Decoveo Ltd
Email: support@decoveo.com
Website: https://www.decoveo.com