Children’s Data Protection Policy

1. Purpose and Commitment

This Children’s Data Protection Policy explains how FastLearners Limited (“FastLearners”, “we”, “us”, or “our”) collects, uses, protects, and handles the personal data of children under the age of 18 when they use our digital learning platform.

We recognise that children are particularly vulnerable and deserve heightened protection. We are committed to safeguarding children’s privacy in full compliance with the Nigeria Data Protection Act 2023 (NDPA), especially Section 31 on the processing of personal data of a child, the General Application and Implementation Directive (GAID) 2025, and all applicable guidelines issued by the Nigeria Data Protection Commission (NDPC).

This policy should be read together with our Privacy Policy and Terms of Service. Parents, guardians, and schools are strongly encouraged to review it carefully before allowing a child to use the Platform.

2. Definition of a Child

For the purpose of this policy, a “Child” or “Minor” refers to any individual under the age of 18 years.

FastLearners applies the highest standard of protection across all countries where we operate (Nigeria, Ghana, Sierra Leone, Gambia, Liberia, and others). Even where local laws set a lower age threshold for consent, we treat every user under 18 as a child and require verifiable parental or legal guardian consent before processing their personal data for non-essential services.

3. Types of Children’s Personal Data We Collect

When a child uses the FastLearners Platform, we may collect the following categories of personal data:

• Identification information: full name, username, and date of birth or age
• Educational information: class/grade level, subjects studied, quiz and test responses, academic progress, performance analytics, and learning activity logs
• Contact and account information: parent/guardian email address or phone number (required for consent and communication)
• Technical and usage data: login activity, device information, IP address (anonymised where possible), and session timestamps
• Any other data the child inputs or generates while using the learning tools (e.g., answers to exercises or uploaded schoolwork)

We limit collection to what is necessary for providing educational services and do not knowingly collect sensitive personal data (such as health, biometric, or religious information) unless explicitly required and supported by additional consent or legal basis.

4. Verifiable Parental Consent

We only process a child’s personal data with verifiable parental or legal guardian consent. This is a core requirement under the NDPA.

We use the following methods to obtain and verify parental consent:

• Email verification linked to a parent or guardian’s account

Consent is obtained during the child’s initial signup or when a parent creates a profile for their child. Parents must actively confirm consent — payment alone does not constitute verifiable consent. We keep records of when and how consent was obtained.

Parents can withdraw consent at any time. Withdrawal of consent may limit or terminate the child’s ability to use certain features of the Platform.

5. Rights of Parents and Guardians

Parents and legal guardians have full control over their child’s personal data. They may exercise the following rights at any time by contacting us:

• Request access to the child’s personal data and obtain a copy
• Request correction of any inaccurate or incomplete data
• Request deletion (erasure) of the child’s data
• Withdraw consent previously given
• Request portability of the child’s data (where technically feasible)

We will respond to valid parental requests within one (1) month, or as otherwise required by the NDPA. In cases involving children’s data, we may take additional steps to verify the requester’s identity as the parent or guardian before acting on the request.

6. How We Use Children’s Data

We use children’s personal data solely for legitimate educational purposes, including:

• Creating and managing the child’s learning account
• Delivering personalised educational content and adaptive learning experiences
• Tracking academic progress and generating performance insights for the child and parent
• Providing support and answering questions from the child or parent
• Improving the overall quality and safety of the Platform

We do not use children’s data for behavioural advertising, profiling for marketing purposes, or any non-educational commercial activities.

7. Data Sharing and Third Parties

Children’s personal data is never shared with third parties without explicit parental consent or unless required by law.

Where sharing is necessary (for example, with cloud hosting providers, analytics tools used strictly for service improvement, or authorised schools), we ensure that such third parties are bound by strict data processing agreements that meet or exceed NDPA standards. We remain responsible for any processing carried out by these third parties on our behalf.

8. Data Retention for Children’s Data

We retain a child’s personal data only for as long as necessary to provide the educational services or as required by law.

• Active accounts: data is retained for the duration the child actively uses the Platform.
• Upon withdrawal of consent or a deletion request from a parent/guardian, the child’s account and associated data will be deleted or anonymised as soon as reasonably practicable.
• Inactive children’s accounts are generally deleted or anonymised after 24 months of inactivity.

We do not retain children’s data longer than necessary, and we apply stricter retention periods where appropriate due to the sensitive nature of the data.

9. Security Measures for Children’s Data

We apply enhanced security safeguards to protect children’s personal data, including:

• Encryption of data both in transit and at rest where technically feasible
• Strict role-based access controls so that only authorised personnel can access children’s data
• Regular security audits, vulnerability assessments, and penetration testing
• Staff training on handling children’s data and recognising risks
• Background checks (where applicable) for employees with direct access to children’s data
• Monitoring systems to detect and prevent unauthorised access

In the event of a data breach involving children’s data, we will follow our Data Breach Response Policy with heightened urgency and will notify parents/guardians immediately where there is a high risk to the child.

11. Changes to This Policy

We may update this Children’s Data Protection Policy from time to time. We will notify parents of material changes through the Platform, email, or other appropriate channels and update the effective date. Continued use of the Platform by a child after such changes constitutes acceptance of the updated policy.