Data Protection

How we protect and secure your information

Our Data Protection Framework

Zafarios implements comprehensive data protection measures to safeguard student, parent, and staff information. We treat data protection as a fundamental part of our platform, not an afterthought.

Technical Security Measures

Encryption

  • In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3
  • At Rest: Data stored in our databases is encrypted using AES-256
  • Backups: All backup data is encrypted and stored in secure, geographically distributed locations

Access Controls

  • Role-based access control (RBAC) ensures users only see data they're authorized to access
  • Multi-factor authentication (MFA) available for all accounts
  • Session timeouts and automatic logout for inactive users
  • Audit logging of all data access and modifications

Infrastructure Security

  • Hosted on secure, ISO 27001 certified data centers
  • Regular security audits and penetration testing
  • DDoS protection and web application firewall
  • 24/7 monitoring and incident response

Organizational Measures

  • Employee background checks and security training
  • Data processing agreements with all third-party vendors
  • Regular security awareness training
  • Incident response procedures and disaster recovery plans

Your Rights

Under applicable data protection laws, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your data (subject to legal retention requirements)
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to certain types of data processing
  • Restriction: Request restriction of processing in certain circumstances

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Active account data: Retained while account is active
  • Academic records: Retained per educational regulations (typically 7+ years)
  • Financial records: Retained per tax and accounting requirements
  • Log data: Retained for 12 months for security purposes

Data Processing Locations

Your data may be processed in the following regions, with appropriate safeguards in place:

  • European Union (GDPR compliant)
  • United States (with appropriate transfer mechanisms)

Data Protection Officer

For data protection inquiries, please contact:

Data Protection Team
Email: dpo@zafarios.com

Privacy Policy | Student Safety | Cookie Policy