PRIVACY POLICY — GEORGES ONLINE ACADEMY (Final Compliance Version)

Last updated: November 27, 2025

At Georges Online Academy, we adhere to the Data Protection Act, 2019 (Kenya) and the Google API Services User Data Policy standards to safeguard your privacy.

1. DATA WE COLLECT

We collect data necessary to deliver educational and administrative services.

1.1 Information You Provide Directly

I. Identity & Contact Data: Name, email address, phone number.II. Academic Data: Age, grade level, study preferences, attendance, and feedback.III. Financial Data: Payment and billing information.IV. Usage Data: Session recordings (with consent).

1.2 Google User Data (For Integration)

When you use Google-powered features, we request access to the following scopes. This access is strictly limited to the features that require it:I. Google Calendar: View and edit events on your calendar.II. Google Meet: Scheduling permissions to create new meeting spaces.III. Basic Profile: Name, email address, and profile photo.

2. HOW YOUR DATA IS USED

We process personal data only for legitimate purposes, including:I. Account Management: Creating and managing user accounts.II. Service Delivery: Scheduling sessions, generating meeting links, and delivering lessons.III. Financial Processing: Handling payments and invoices.

Use of Google Calendar & Google Meet Data

If granted permission, this data is used only for scheduling and conducting tutoring sessions:I. We create Google Calendar events and set reminders for scheduled classes.II. We generate secured Google Meet links for lessons.III. We never access your private, non-Academy related events or modify unrelated data.

3. GOOGLE API SERVICES: COMPLIANCE CLAUSES

For all users who authorize our application via Google, the following restrictions apply:

I. Limited Use Policy: We do not sell, share, or transfer Google user data to third parties for advertising or marketing purposes.II. Data Minimization: We access only the minimum data necessary to provide the features (Calendar/Meet scheduling).III. Prohibited Access: We do not allow humans to read Google data unless:A. You give explicit consent.B. It is required for security, bug resolution, or legal reasons.C. It is necessary to provide the specific service you requested.

4. LEGAL BASIS & DATA PROTECTION MECHANISMS

I. Lawful Grounds: We process data based on Consent, Contractual Necessity (delivering services), and Legal Obligation.

II. Data Protection Mechanisms (Google Requirement): We employ strong technical security measures. Specifically, all sensitive Google user data (Calendar/Meet information) is protected using industry-standard encryption both in transit (via HTTPS/SSL) and at rest (encrypted storage). Access to this data is strictly limited to secure, server-side environments and restricted only to the personnel and automated processes required to provide the core scheduling and meeting features.

III. Sharing: We only share data with trusted third-party processors (payment, communication tools) under strict confidentiality agreements.

5. USER RIGHTS (DPA 2019)

You have the right to:

I. Access your personal data.II. Request correction or deletion of your data.III. Withdraw your consent at any time.IV. Object to certain processing or request data portability.

6. CHILDREN’S DATA PROTECTION

I. Data is collected only with verifiable parental/guardian consent.II. Tutors follow strict child-protection rules; no private communication is allowed outside approved channels.

7. CONTACT INFORMATION

Georges Online Academy

• Email: georgesonlineacademy@gmail.com

  
  Website: www.georgesacademy.online