Privacy Policy
This policy explains how personal information is handled in SyncPoint Notify, the respective roles of your school and SyncPoint Digital Solutions (Pty) Ltd, and how data-subject rights can be exercised. It is designed to support POPIA-aligned processing and is not a guarantee of full legal compliance.
Last updated: 10 July 2026
Purpose of processing
The purpose of processing in SyncPoint Notify is school communication — enabling a school to send SMS notices (such as reminders, alerts and event information) to the guardians of its learners.
School communication is the purpose for which the data is used. It is not itself the lawful basis for processing. Each school is responsible for identifying and, where required, establishing the appropriate lawful basis (for example consent, a legitimate interest, or a legal duty) for collecting and sharing the learner and guardian information it supplies to the platform.
Roles: responsible party and operator
In the usual arrangement:
- The school acts as the responsible party for its learner and guardian records and for its messaging decisions — it decides what data to load, who to message and what to say.
- SyncPoint Digital Solutions (Pty) Ltd generally acts as an operator, processing that information on the school's documented instructions in order to provide the service.
This describes the typical relationship rather than an absolute rule. Where SyncPoint determines its own purposes and means for certain processing — for example securing and maintaining the platform, preventing abuse, meeting our own legal obligations, and billing — SyncPoint acts as a responsible party for that processing.
Information we process
- Learner records: name, grade/class and an optional admission number.
- Guardian records: name, phone number, relationship and opt-out status.
- Staff accounts: name, email, role and approval status.
- Message data: the notices you send and their delivery status.
- Operational logs: audit entries for sensitive actions and exports.
Data minimisation & children's information
Learner data concerns children, so we apply strong data minimisation. We only keep what is needed to deliver SMS notices. Our importer automatically excludes and does not store sensitive fields that often appear in school exports — including national ID numbers, medical/health information, home addresses, marks/results, and disciplinary records. Schools should not attempt to store such information in SyncPoint Notify.
Retention periods
- Active learner and guardian records are retained while the school uses the service. Learners removed from an import are marked inactive (excluded from messaging) and kept only for continuity of history.
- Message and delivery history is retained to give schools a record of what was sent; schools may request deletion of older history.
- Audit logs are retained to support security and accountability.
- On account closure, data is deleted following the process below.
A school (as responsible party) may set shorter retention requirements; we will act on documented instructions to delete data sooner.
Account closure, export and deletion
A school may close its account at any time by contacting us. On closure we will, on request, provide an export of the school's data in a portable format, and then delete the school's learner, guardian and message data from active systems within a reasonable period, subject to any deletion that must be delayed to meet a legal obligation. Backups age out on their normal cycle.
Data-subject rights & requests
Guardians and learners (data subjects) have rights under POPIA, including to access, correct, or request deletion of their personal information, and to object to processing. Because the school is the responsible party, requests are usually directed to and handled by the school. Schools can log and track such requests inside SyncPoint Notify (Admin → Privacy & security).
If you contact us directly with a request, we will help route it to the relevant school and support them in responding. Reach us at info@syncpointsolutions.co.za.
Security
We protect data with per-school isolation, encryption in transit and at rest, role-based access with administrator approval, leaked-password protection, and audit logging of sensitive actions. See our Trust & Security page for detail. No system can be guaranteed perfectly secure, and we do not make absolute security claims.
Subprocessors
We rely on managed cloud hosting/database providers and an SMS delivery provider (BulkSMS) to operate the service. They process personal information on our and the school's behalf solely to deliver the platform and its messages.
Changes to this policy
We may update this policy as the platform evolves. Material changes will be reflected here with a new "last updated" date.
Questions, or a privacy / data-subject request? Contact info@syncpointsolutions.co.za.
SyncPoint Notify is built and operated by SyncPoint Digital Solutions (Pty) Ltd.
