POPIA controls
POPIA Processing Summary
This practical summary is based on South Africa's Protection of Personal Information Act, Information Regulator guidance, and education-sector POPIA guidance. It explains the operating controls used for Harding Christian Academy school access.
Purpose
Kids WebDev processes learner, teacher, class, project, progress, review, payment/access, and audit information to operate school coding access and provide education support.
Children's Personal Information
School access treats learners under 18 as requiring appropriate school, parent, or guardian authority. A class code records class membership; learning access is unlocked only after an admin grants access for that learner.
Retention Defaults
- School access data is retained while the school programme is active.
- On withdrawal, learner access is deactivated immediately.
- Deletion or anonymisation is available through admin action after school confirmation.
- Audit records may be retained for accountability and security.
Safeguards
- Role-based learner, teacher, and admin areas.
- Server-side checks for class membership, school authorisation, ownership, and admin actions.
- Audit logs for agreements, learner authorisation changes, deactivation, and anonymisation.
- Rate and size limits on higher-risk routes and autosave requests.