Ardent SMS
FeaturesPricingFor SchoolsFor Parents
Sign inBook Demo
Demo

Privacy Policy

Last Updated: May 2026

Quick Summary: Ardent SMS is committed to protecting your privacy. We process data as a processor for schools and as a controller for our marketing activities. This policy explains what data we collect, how we use it, and your rights under Ghana Data Protection Act 2012 and GDPR.

1. Introduction

Ardent SMS ("Ardent", "we", "us", or "our") is committed to protecting the privacy of our users, including educational institutions ("Schools"), their staff, students, and guardians. This Privacy Policy explains how we collect, use, and safeguard personal data within our School Management System and associated marketing surfaces.

Our operations are governed by the Ghana Data Protection Act 2012 (Act 843) and we maintain alignment with international standards such as the GDPR for multinational tenants and cross-border data protection assurance.

2. Data We Collect

As a Data Processor for Schools:

  • Student Records: Enrollment data, academic performance, attendance, behavior logs, and safeguarding notes.
  • Staff Information: Employment details, payroll data, and professional profiles.
  • Guardian Data: Contact information, relationship to student, and financial transaction history for fee payments.

As a Data Controller for our Marketing Surfaces:

  • Lead Information: Names, school affiliations, and contact details provided via demo or contact forms.
  • Technical Data: IP addresses, browser types, and anonymous usage patterns collected via approved analytics cookies.

3. Lawful Basis for Processing

We process data only when a lawful basis exists under applicable law:

  • Contractual Necessity: To provide the core SMS services agreed upon with the School.
  • Legal Obligation: To comply with educational reporting requirements and financial regulations in Ghana.
  • Legitimate Interest: To secure our infrastructure, prevent fraud, and improve service performance.
  • Consent: For marketing communications and optional third-party integrations (e.g., Cal.com).

4. Data Security

Ardent implements industry-standard technical and organizational measures (TOMs) to protect your data:

  • Encryption: AES-256 encryption at rest and TLS 1.3 for all data in transit.
  • Isolation: Multi-tenant database architecture with Postgres Row-Level Security (RLS).
  • Access Control: Granular, role-based access controls with MFA requirements for administrative users.
  • Auditing: Comprehensive logging of all privileged actions and data access events.

5. Your Rights

Under the Ghana Data Protection Act, individuals have the right to:

  • Access their personal data and receive information about its processing.
  • Rectify inaccurate or incomplete information.
  • Object to processing for direct marketing purposes.
  • Request the erasure of data (subject to legal retention obligations).

Student and Guardian rights should primarily be exercised through their respective School, which acts as the Data Controller.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Student Records: Retained for the duration of enrollment plus 7 years for academic records (as required by Ghana Education Service regulations).
  • Financial Data: Retained for 7 years to comply with tax and accounting regulations.
  • Marketing Leads: Retained for 3 years or until consent is withdrawn.
  • System Logs: Retained for 90 days for security and troubleshooting purposes.

7. International Data Transfers

Your data is primarily stored and processed in Ghana. However, some of our subprocessors (such as AWS, Supabase) may process data in other jurisdictions. We ensure that:

  • All international transfers comply with Ghana Data Protection Act requirements
  • Adequate safeguards are in place through Standard Contractual Clauses (SCCs)
  • Subprocessors maintain equivalent data protection standards
  • Data sovereignty requirements for educational institutions are respected

8. Children's Privacy

Our platform is designed for use by educational institutions and processes data about students of all ages. We take special care to protect children's data:

  • Schools act as the Data Controller for student data and are responsible for obtaining necessary parental consent
  • We do not knowingly collect personal information directly from children under 13 without school authorization
  • Student data is never used for marketing or advertising purposes
  • Enhanced security measures protect student records from unauthorized access

9. Automated Decision-Making

We use limited automated processing for:

  • Early Warning System: Automated alerts for attendance patterns, academic performance drops, or behavioral concerns. These are advisory only and require human review.
  • Fee Payment Reminders: Automated notifications for outstanding balances.
  • Fraud Detection: Automated systems to detect suspicious login attempts or payment activities.

No significant decisions affecting students are made solely by automated means without human intervention.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will:

  • Notify Schools of material changes via email and in-app notifications
  • Update the "Last Updated" date at the top of this policy
  • Provide a summary of significant changes
  • Obtain fresh consent where required by law

11. Contact Information

For privacy-related inquiries or to exercise your data rights, please contact our Data Protection Officer:

Data Protection Officer

Email: privacy@ardentsms.com

Phone: +233 (0) 30 123 4567

Ardent Africa Technology LTD
123 Independence Avenue
Accra, Ghana

If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission of Ghana.