When your school uses YESS, the school is the data controller and ENFURISED is the data processor. This document spells out our obligations under that relationship.
Plain language
Your school decides what data to put into YESS. ENFURISED processes it on your instruction — to run the platform, to keep it secure, to support you when things break. We don't process student data for any other purpose. We list every sub-processor we use, where they store data, and what they do. You can audit us. You can terminate. We delete or hand back everything when you do.
The school is the data controller. ENFURISED (acting through the YESS platform) is the data processor. Where the school configures third-party integrations (Zoom, Cloudinary, mobile-money providers), those vendors are independent processors with their own DPAs.
Personal data of staff, students, parents, and alumni — names, contact details, academic records, attendance, grades, fees, conduct events, payroll where applicable. Processing is limited to running the platform, providing support, detecting fraud and abuse, and meeting legal obligations.
Current sub-processors we engage:
We notify school admins by email at least 30 days before adding a new sub-processor with access to personal data.
TLS 1.3 in transit, AES-256 at rest. Row-Level Security partitions every tenant table by school_id. Immutable audit log of sensitive mutations. Annual vulnerability scans + quarterly internal pentests. Coordinated disclosure programme for external researchers. Detailed in our security policy at /security.
Primary storage in Frankfurt by default (EU GDPR region). Regional alternatives — Cape Town for South African schools, São Paulo for Latin American operations — available on request. We do not transfer personal data outside the school's chosen region without explicit consent.
We notify the school of a personal-data breach within 72 hours of becoming aware of it, with the facts we know, the categories of data affected, and the steps we are taking. We coordinate notification to data subjects and regulators under the school's direction.
The school may audit ENFURISED's compliance once per year on 30 days' notice, during business hours, at the school's cost. We share existing third-party attestations (SOC-style trust report, ISO documentation) so most schools never need to invoke this clause.
On termination of the underlying service agreement, ENFURISED returns a complete export of the school's data within 30 days and deletes the school's data from active systems within 60 days. Backups retain it up to 90 days then are purged.
Questions? Contact ENFURISED.