← Back to Home

Data Security Policy

Last updated: February 14, 2026

1. Overview

At Kleartech Solutions, we understand that educational institutions entrust us with sensitive student, staff, and financial data. This Data Security Policy outlines the technical and organisational measures we implement to protect this information.

2. Encryption

2.1 Data in Transit

All data transmitted between your browser and KlearSkool servers is encrypted using TLS 1.2 or higher. We enforce HTTPS for all connections.

2.2 Data at Rest

All stored data is encrypted using AES-256 encryption. Database backups are also encrypted before storage.

3. Access Control

  • Role-based access control (RBAC) ensures users can only access data relevant to their function
  • Multi-factor authentication available for administrator accounts
  • Automatic session timeout after periods of inactivity
  • All access attempts are logged and monitored for suspicious activity

4. Infrastructure Security

  • Servers hosted in secure, certified data centres
  • Network firewalls and intrusion detection systems
  • Regular security patches and updates
  • DDoS protection and mitigation

5. Backup & Disaster Recovery

  • Automated daily backups with encrypted storage
  • Point-in-time recovery capability
  • Geographically distributed backup storage
  • Regular disaster recovery testing
  • Recovery Time Objective (RTO): 4 hours
  • Recovery Point Objective (RPO): 1 hour

6. Incident Response

In the event of a security incident, we follow a structured response plan:

  1. Immediate containment and assessment
  2. Notification of affected institutions within 72 hours
  3. Root cause analysis and remediation
  4. Post-incident review and policy updates

7. Employee Security

  • Background checks for all employees with data access
  • Regular security awareness training
  • Principle of least privilege for internal access
  • Non-disclosure agreements for all staff

8. Compliance

We are committed to complying with applicable data protection regulations in Zambia, including the Data Protection Act. We regularly review our practices to align with evolving standards.

9. Security Audits

We conduct regular internal security audits and engage third-party security firms for annual penetration testing and vulnerability assessments.

10. Contact

To report a security concern or request more information about our security practices, contact our security team at security@kleartechsolutions.com.