Contents
1 Overview
SM@RT (Student Management & Academic Record Toolkit) is a web-based application developed by Phirm Tech Inc. and designed for use by schools and educational institutions to manage student academic records, attendance, disciplinary information and related administrative data.
This Privacy Policy explains what personal information SM@RT collects, how it is used, who it belongs to, and the rights of users and data subjects. By using SM@RT, your school and its authorised users agree to the terms of this policy.
SM@RT is designed with data minimisation in mind. We collect only the information necessary to deliver the service. All data belongs to the school or organisation using SM@RT — not to Phirm Tech Inc.
2 Who We Are
SM@RT is a product of Phirm Tech Inc., an information technology company registered in Saint Lucia, West Indies.
For any privacy-related enquiries, you may contact us at:
- Email: randal.neptune@outlook.com
- Phone: (758) 732-6984
3 Data We Collect
SM@RT collects and stores only the data necessary to provide its academic record management service. This includes:
Student Information:
- Full name
- Gender
- Date of birth
- Contact information (where provided)
- Academic records (grades, assessments, attendance, disciplinary records)
- Medical conditions (where entered by the school)
- Student photograph (where uploaded by the school)
Staff / Teacher Information:
- Full name
- Email address (used for login and communications)
- Academic and professional qualifications (where entered)
- Digital signature (where uploaded for use on term reports)
Parent / Guardian Information:
- Full name
- Contact information (email address and/or phone number)
Usage Data:
- Login activity and session data
- Actions performed within the application (maintained as an audit log at the database level for security purposes)
SM@RT does not collect financial information, national identification numbers, passport details or any other sensitive personal data beyond what is listed above.
4 How We Use Your Data
Data collected within SM@RT is used exclusively for the following purposes:
- Providing and maintaining the SM@RT application and its features
- Enabling authorised school staff to manage student academic records
- Enabling parents and guardians to view their child's academic information
- Generating term reports, transcripts and other academic documents
- Maintaining security, access control and audit logs within the application
- Providing technical support to the school
Data is not used for marketing, profiling, advertising or any purpose beyond the direct delivery of the SM@RT service to the subscribing school.
5 Data Ownership
All data entered into SM@RT belongs to the school or organisation that subscribes to the service. Phirm Tech Inc. acts as a data processor — not a data owner.
Phirm Tech Inc. does not claim ownership of, or any rights over, the student, staff or institutional data entered into SM@RT. The subscribing school retains full ownership of its data at all times.
Upon termination of a school's subscription, the school may request a full export of its data prior to deletion. Phirm Tech Inc. will honour such requests within a reasonable timeframe.
6 Data Sharing
Phirm Tech Inc. does not sell, rent, trade or share any personal data stored in SM@RT with any third party, for any reason, except in the following limited circumstances:
- Legal obligation: Where we are required to disclose information by law, court order or regulatory authority.
- Hosting infrastructure: SM@RT is hosted on a third-party server. The hosting provider has access to the physical server environment but does not have access to, or rights over, the application data.
In all other circumstances, your school's data remains strictly private and is accessible only to authorised users within your institution and to Phirm Tech Inc. personnel for the purposes of support and maintenance.
7 Google Sign-In
SM@RT offers users the option to log in using their Google account via Google Sign-In (OAuth 2.0). This feature is entirely optional — users may also log in using a standard username and password.
What we access when you use Google Sign-In:
- Your Google account name
- Your Google email address
We use this information solely for the purpose of authenticating your identity and linking your Google account to your SM@RT user account. We do not access your Google Drive, Gmail, contacts, calendar or any other Google service.
SM@RT's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
You may revoke SM@RT's access to your Google account at any time. To do so, visit your Google Account Permissions page and remove SM@RT from the list of connected applications. Alternatively, visit our Opt-Out page for step-by-step instructions.
8 Data Security
SM@RT employs industry-standard security measures to protect the data stored within the application, including:
- Two-factor authentication (2FA) for user accounts
- Enforced password complexity requirements
- Encrypted password storage
- Permission-based access control — users can only access data they are specifically authorised to view
- Automatic session timeout after a configurable period of inactivity
- A full audit log of user actions maintained at the database level
- Internal access controls that prevent URL manipulation to access unauthorised screens
While we take every reasonable measure to protect your data, no system is entirely immune to risk. We encourage schools to maintain strong password practices and to promptly report any suspected security concerns to us at randal.neptune@outlook.com.
9 Data Retention
Data is retained within SM@RT for as long as the school's subscription remains active. Schools are responsible for managing the data within their SM@RT instance, including the archiving or deletion of records that are no longer required.
Upon cancellation of a subscription, Phirm Tech Inc. will retain the school's data for a reasonable period (not exceeding 90 days) to allow for data export, after which it will be permanently deleted from our systems.
10 Your Rights
Individuals whose data is stored in SM@RT have the following rights, subject to applicable law:
- Right of access: You may request a copy of the personal data held about you.
- Right to correction: You may request that inaccurate personal data be corrected.
- Right to deletion: You may request that your personal data be deleted, subject to the school's retention obligations.
- Right to withdraw consent: Where processing is based on consent (e.g. Google Sign-In), you may withdraw that consent at any time.
Requests relating to student data should be directed to the school or institution in the first instance, as they are the data owner. For technical assistance with such requests, the school may contact Phirm Tech Inc.
11 Contact Us
If you have any questions, concerns or requests regarding this Privacy Policy or the handling of your data, please contact us:
- Email: randal.neptune@outlook.com
- Phone: (758) 732-6984
- Company: Phirm Tech Inc., Saint Lucia, W.I.
We aim to respond to all privacy-related enquiries within 5 business days.