← Back to Home

Privacy Policy

Last Updated: May 17, 2026

POPIA Compliance Notice: This Privacy Policy complies with the Protection of Personal Information Act (POPIA) of South Africa. For our comprehensive POPIA policy, please see our separate POPIA Policy document.

1. Introduction

MyEncore CC ("we", "us", "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our MyEncore SchoolsApp service.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

Student Information: Names, ID numbers, contact details, academic records, attendance data, photographs
Parent/Guardian Information: Names, contact details, relationship to student, payment information
Staff Information: Names, contact details, employment records, qualifications
School Information: School name, contact details, administrative data

2.2 Technical Information

Device information and identifiers
IP addresses (for security, fraud prevention, and legal compliance)
Browser type and version (user agent)
Access timestamps and session information
Usage analytics and app performance data
Log files and error reports

2.3 Communications Data

SMS messages sent through our platform
Push notifications and in-app messages
Support communications

2.4 Legal Compliance Data

Terms and conditions acceptance records
Consent timestamps and version tracking
IP addresses at time of acceptance
Browser and device information for audit purposes

3. How We Use Your Information

3.1 Service Provision

Providing school administration and management services
Processing payments and managing subscriptions
Facilitating communication between schools, parents, and students
Managing attendance, marks, and academic records

3.2 Service Improvement

Analyzing usage patterns to improve our service
Developing new features and functionality
Troubleshooting technical issues

3.3 Legal Compliance

Complying with applicable laws and regulations
Responding to legal requests and preventing fraud
Protecting our rights and those of our users

4. Information Sharing and Disclosure

4.1 Limited Sharing

We do not sell, trade, or rent your personal information. We may share information only in these limited circumstances:

Within School Community: Sharing relevant information among authorized school staff, parents, and students
Service Providers: Third-party vendors who assist in service provision (under strict confidentiality agreements)
Legal Requirements: When required by law or to protect legal rights
Business Transfer: In the event of a merger, acquisition, or sale of assets

4.2 Cross-Border Transfers

Your data is primarily stored on servers located in South Africa. Any cross-border transfers comply with POPIA requirements and are protected by appropriate safeguards.

5. Data Security

5.1 Security Measures

We implement comprehensive security measures including:

Encryption of data in transit and at rest
Regular security audits and vulnerability assessments
Access controls and authentication systems
Employee training on data protection
Incident response procedures

5.2 Data Breach Response

In the event of a data breach, we will notify affected parties and relevant authorities within 72 hours as required by POPIA.

6. Data Retention

We retain personal information only as long as necessary for the purposes outlined in this policy:

Active Accounts: For the duration of your subscription plus 3 years
Academic Records: As required by educational regulations (typically 7 years)
Financial Records: As required by tax and accounting laws (typically 5 years)
Technical Data: Generally 2 years unless required for longer periods
Terms Acceptance Records: 7 years for legal compliance and audit purposes
IP Address Logs: 2 years for security and fraud prevention

7. Your Rights

Under POPIA and other applicable laws, you have the right to:

Access: Request copies of your personal information
Correction: Request correction of inaccurate information
Deletion: Request deletion of personal information (subject to legal requirements)
Objection: Object to processing of your personal information
Portability: Request transfer of your data in a portable format
Consent Withdrawal: Withdraw consent where processing is based on consent

8. Cookies and Tracking

We use cookies and similar technologies to:

Remember your preferences and settings
Analyze website and app usage
Provide personalized content
Improve service performance

You can control cookie settings through your browser or device settings.

9. Children's Privacy

Our service is designed for educational institutions and may process information about minors. We:

Only collect information necessary for educational purposes
Require parental consent where legally required
Implement additional safeguards for children's data
Do not use children's data for marketing purposes

10. Third-Party Services

We may integrate with third-party services (such as payment processors, SMS providers, calendar providers and video-conferencing providers). These services have their own privacy policies, and we encourage you to review them.

11. Google & Microsoft Integrations (Sign-In, Calendar, Drive)

11.1 Google API Services User Data Policy — Limited Use

MyEncore's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In plain terms, this means MyEncore does not:

use Google user data to serve advertisements;
use Google user data to train generalised or large-language AI/ML models;
transfer Google user data to any third party except as necessary to provide or improve user-facing features the user enabled, to comply with applicable law, or as part of a merger/acquisition/sale in which the receiving party honours this policy;
allow humans to read Google user data, except: (a) with the user's explicit consent for support, (b) when necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymised for internal operations.

11.2 Google Sign-In (Authentication)

If you choose to sign in to MyEncore with a Google account (via the "Sign in with Google" button) we authenticate you using Google's standard OpenID Connect / Firebase Authentication flow and request only these non-sensitive scopes:

openid, email, profile — your Google account's email address, display name and profile picture, used only to create or look up your MyEncore user account and display your name in the app.

We do not access your Gmail, Contacts, Photos, search history, location history or any other Google product data through Sign-In.

11.3 Google Calendar Integration (Appointment Bookings)

When a staff member (host) opts in to "Connect Google Calendar" inside MyEncore to enable parent-meeting bookings, MyEncore requests the following OAuth scopes via Google's standard consent screen:

https://www.googleapis.com/auth/calendar.events — create, read, update and delete only the calendar events MyEncore needs to manage on the host's behalf (parent appointments and the corresponding Google Meet link). MyEncore does not access events on the host's calendar that were not created by MyEncore.

How we use this data:

Create a Google Calendar event in the host's primary calendar when a parent books an appointment;
Attach a Google Meet conferencing link to that event when the host has selected Meet as their meeting venue;
Update or cancel an event when an appointment is rescheduled or cancelled inside MyEncore.

11.4 Google Drive Integration (Optional Assessment Storage)

When a host opts in to "Connect Google Drive" inside MyEncore to store assessment files in their own Google Drive instead of on MyEncore's servers, MyEncore requests these scopes:

https://www.googleapis.com/auth/drive.file — create, read and modify only files that MyEncore itself creates in your Drive (typically a MyEncore-Assessments folder). MyEncore cannot see any other files in your Drive with this scope.
https://www.googleapis.com/auth/drive.appdata — store small, hidden, app-specific configuration data (such as folder IDs) in a private application area of your Drive that is not visible to other apps or to you in the Drive UI.

How we use this data:

Upload assessment artefacts (PDFs, audio recordings, rubrics) that the host explicitly chooses to store in Drive;
Read those same artefacts back when the host or a permitted reviewer opens them inside MyEncore;
Delete those artefacts when the host deletes the corresponding assessment inside MyEncore.

MyEncore never browses your wider Drive contents and cannot access files it did not create.

11.5 Microsoft 365 / Outlook / OneDrive Integration

Where a host instead chooses to connect a Microsoft 365 account, MyEncore requests the Microsoft Graph scopes offline_access Calendars.ReadWrite OnlineMeetings.ReadWrite for calendar/Teams bookings, and (optionally) Files.ReadWrite / Files.ReadWrite.All / User.Read for OneDrive-backed assessment storage. The same Limited-Use, no-advertising, no-AI-training, storage, retention and deletion principles described in this section apply to Microsoft user data.

11.6 Storage, Retention and Deletion

Tokens: OAuth access tokens and refresh tokens for Google and Microsoft are stored encrypted at rest in our South African production database (tables calendar_integrations and cloud_storage_accounts) and transmitted only over HTTPS/TLS.
Event references: We store the Google or Microsoft event ID for each booking so we can update or cancel the event later. We do not retain a copy of the event body, attendees or notes.
Free/busy data: Free/busy responses are queried in real time and are not persisted to our database.
Drive / OneDrive files: File content remains in your own Google Drive or OneDrive. MyEncore stores only the file's ID and a short reference (filename, content type, size) needed to render and re-download it.
Sign-In profile data: Your Google or Microsoft email, name and profile picture URL are stored in your MyEncore user record only.
Account deletion: When a host or school account is deleted, all associated Google and Microsoft tokens, event-ID references, file-ID references and integration records are deleted within 30 days.

11.7 Revoking Access

You can revoke MyEncore's access to your Google or Microsoft account at any time:

Inside the MyEncore app: Settings → Integrations → Disconnect;
Directly with Google: https://myaccount.google.com/permissions;
Directly with Microsoft: https://account.live.com/consent/Manage.

Revoking access at the provider also invalidates the tokens stored by MyEncore.

12. Updates to Privacy Policy

We may update this Privacy Policy periodically. We will notify users of significant changes via email or through our service. Continued use after changes indicates acceptance.

13. Information Officer

Our Information Officer, as required by POPIA, can be contacted at:

Information Officer
MyEncore CC
Email: [email protected]
Phone: 061 542 8842
Address: 524 Retriever Street, Garsfontein

14. Complaints

If you have concerns about our privacy practices, please contact us first. You also have the right to lodge a complaint with the Information Regulator of South Africa:

Information Regulator (South Africa)
Website: https://www.justice.gov.za/inforeg/
Email: [email protected]

15. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

MyEncore CC
Email: [email protected]
Phone: 061 542 8842
Website: https://myencore.co.za