iWhiz Data Protection and Privacy Policy

iWhiz, a South African digital education platform, is committed to protecting the privacy and personal information of all users—learners, parents, educators, partners, and employees—by aligning with the Protection of Personal Information Act (POPIA) 4 of 2013.

This policy outlines how personal data is collected, used, stored, and safeguarded throughout the iWhiz learning ecosystem.

• Ensure lawful, fair, and transparent processing of personal and special personal information.
• Protect the integrity and confidentiality of learner data.
• Build trust with stakeholders through compliance with data protection standards.
• Empower users with control over their personal information.

Applies to:

• All iWhiz services, systems, platforms, and user interactions.
• All iWhiz data subjects including children, parents, educators, tutors, and administrative staff.
• All personal data collected via mobile apps, websites, assessments, and communication channels.

• Personal Information: Any information that identifies or relates to a specific individual, such as name, ID number, contact details, learning history, or IP address.
• Special Personal Information: Sensitive data including age, school performance, or contact details—especially in the case of minors.
• Data Subject: Any individual whose information is collected or processed by iWhiz.
• Operator: A third-party service provider contracted to process data on behalf of iWhiz.
• Processing: Any operation such as collection, storage, use, modification, or deletion of data.

• Learner profile data (name, grade, school, gender, language)
• Guardian/parent contact details
• Academic engagement (lesson views, quiz scores, workbook progress)
• Payment and subscription data (where applicable)
• Communications and feedback
• Device and usage metadata

iWhiz adheres to POPIA principles:

• Accountability: iWhiz ensures compliance through staff training and oversight.
• Processing Limitation: Collect only what is necessary with explicit or implied consent.
• Purpose Specification: Use data for clearly defined educational and operational purposes.
• Information Quality: Keep records accurate, complete, and up-to-date.
• Openness: Inform users of data use, rights, and protection.
• Security Safeguards: Encrypt, restrict access, and regularly audit security.
• Data Subject Participation: Enable data access, correction, or deletion upon request.

• iWhiz prioritises the protection of learner data, especially minors.
• Verifiable parental/guardian consent is required for the collection of special personal data.
• No data is sold or shared for marketing purposes.

• To deliver personalised learning experiences and academic reports
• To monitor learner progress and enhance app features
• To communicate with parents and schools
• Data is shared only with approved Operators for service delivery (e.g., cloud storage, analytics), under strict data protection agreements

• Data is retained only for as long as necessary to fulfil its intended educational purpose
• Archived learner data may be anonymised for research
• Upon user request or contract termination, data is de-identified or securely deleted

• Encryption of data in transit and at rest
• Secure servers and access control
• Password protection for all sensitive communications
• Regular data audits and penetration testing
• Controlled access by authenticated staff only

Users may:

• Request access to their personal information
• Request corrections or deletion
• Withdraw consent for data processing
• Lodge complaints with iWhiz’s Information Officer or the Information Regulator of South Africa

iWhiz will notify affected users and the Information Regulator of any data breach that compromises personal data as required by law, and implement corrective actions.

This policy is reviewed annually or upon any legal, operational, or technological change affecting data protection.

• iWhiz staff and partners who violate this policy may face disciplinary action.
• Operators found to be non-compliant will have their contracts reviewed or terminated.

iWhiz is committed to protecting learner dignity, privacy, and digital safety while enabling educational excellence. This policy reflects our promise to uphold trust and comply with South Africa’s data protection laws.