Privacy Policy

1. Introduction

Duksi ("we", "our", or "us") provides a madrasa management application for admins, teachers, and parents (the "App"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Duksi mobile app and related services at myduksi.com.

We are committed to protecting the privacy of all users, including the personal data of children enrolled in madrasas using our platform. This policy forms part of our Terms of Service. By using Duksi, you agree to the practices described in this policy.

2. Information we collect

2.1 Account information

• Full name, email address, and phone number
• Role within the app (admin, teacher, or parent)
• Profile photo, if you choose to upload one
• If you sign in with Google, we receive basic profile information from Google (such as your name, email address, and profile photo) as permitted by your Google account settings

2.2 Madrasa & student data

• Madrasa name and institution details
• Student names, ages, and class assignments
• Attendance records and Quran memorisation progress
• Behaviour notes and educational records entered by authorised staff
• Teacher assignments and schedules

2.3 Communications

• Messages exchanged between teachers, parents, and admins within the app
• Announcements and notices posted by madrasa administrators

2.4 Device & technical data

• Push notification tokens required to deliver notifications
• Basic technical data (device type, OS version) needed to operate and secure the service
• Limited technical logs needed for authentication, error diagnosis, and security — we do not use advertising or behavioural analytics in the app

3. How we use your information

We use the information we collect to:

• Provide, operate, and maintain the Duksi application
• Authenticate users and enforce role-based access controls
• Display student progress, attendance records, and relevant notifications
• Send push notifications that you have enabled
• Facilitate communication between teachers, parents, and administrators
• Improve reliability, security, and customer support
• Comply with legal obligations under applicable law, including Kenya's Data Protection Act (2019)

4. Legal basis for processing

We process your personal data on the following legal grounds:

• Consent — where you have given explicit consent, such as enabling push notifications or uploading a profile photo
• Contract — processing necessary to provide the services you have requested
• Legitimate interests — to improve the security, reliability, and performance of our services, where this does not override your rights
• Legal obligation — where we are required to process data to comply with applicable laws

5. How information is stored

Duksi uses Google Firebase (Authentication, Cloud Firestore, Cloud Storage, and Cloud Messaging) to store and process data securely. All data is associated with your specific madrasa and is accessible only to authorised users according to app permissions and security rules.

International data transfers

Firebase infrastructure is operated by Google LLC and data may be stored and processed on servers located outside of Kenya, including in the United States and the European Economic Area. Google maintains appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by relevant data protection authorities.

6. Sharing of information

We do not sell, rent, or trade your personal information to third parties. Information is shared only in the following circumstances:

• Within your madrasa — between authorised admins, teachers, and parents as required to operate the app
• Service providers — with Firebase/Google Cloud and other technology partners that help us run the service, under strict data processing agreements
• Legal requirements — when required by applicable law, court order, or to protect the safety, rights, or property of Duksi, its users, or the public
• Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to equivalent privacy protections

7. Children and student data

Duksi is designed to be used by madrasa institutions to manage student records. Student profiles, including data about minors, are created and managed exclusively by authorised madrasa administrators and staff.

Parents and guardians access only information related to their own children. Madrasa administrators are responsible for ensuring that appropriate consent has been obtained before entering student data, including data relating to minors under the age of 18.

If you believe information about a student has been entered incorrectly or without proper consent, please contact your madrasa administrator or reach us at support@myduksi.com.

8. Your rights

Under Kenya's Data Protection Act (2019) and applicable privacy laws, you have the following rights:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure — request deletion of your personal data (see Section 9)
• Right to restriction — request that we restrict processing in certain circumstances
• Right to object — object to processing based on legitimate interests
• Right to data portability — request your data in a structured, machine-readable format

To exercise any of these rights, contact us at support@myduksi.com. We will respond within 30 days of receiving your request.

If you are in Kenya and believe your data protection rights have been infringed, you may also lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at odpc.go.ke.

9. Account and data deletion

You have the right to request deletion of your account and associated personal data at any time. To make a deletion request:

• Email us at support@myduksi.com with the subject line "Data Deletion Request", or use our support page
• Include your full name, registered email address, and madrasa name

We will process your request within 30 days. Please note that madrasa administrators may retain certain records as required by law or institutional policy. Student data entered by madrasa administrators may be managed separately by the relevant institution.

10. Data retention

We retain personal information for as long as your madrasa account is active and as necessary to provide the service. Where a madrasa account is closed or deactivated, we will delete or anonymise associated data within a reasonable period, unless we are required to retain it for legal or regulatory purposes.

Madrasa administrators may delete student records and associated data from within the app where that feature is available.

11. Security

We implement industry-standard security measures to protect your personal data, including:

• Encrypted data transmission using HTTPS/TLS
• Firebase security rules to enforce role-based access controls
• Authentication controls including secure session management
• Regular review of security practices and app permissions

No method of data transmission or storage is 100% secure. While we work diligently to protect your information, we cannot guarantee absolute security. In the event of a data breach that is likely to affect your rights and freedoms, we will notify you as required by applicable law.

12. Cookies and analytics

The Duksi mobile app does not use browser cookies. Our website (myduksi.com) may use essential cookies to maintain your session and basic analytics to understand how visitors use our site. We do not use advertising cookies or share web analytics data with advertisers.

The app does not sell your data or use third-party advertising trackers. Technical data processed through Firebase is used solely to operate and secure the service.

13. Third-party services

Duksi integrates the following third-party services to operate the app:

• Google Firebase — authentication, database, storage, and cloud messaging
• Google Sign-In — optional sign-in; Google may share your name, email, and profile photo according to your Google account permissions. See Google's Privacy Policy

These providers process data on our behalf under their own privacy policies and data processing agreements. We encourage you to review Google's Privacy Policy.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will:

• Post the updated policy on this page with a revised "Last updated" date
• Notify users via the app or by email where the changes are significant

Your continued use of Duksi after the effective date of any changes constitutes your acceptance of the updated policy.

15. Contact us