EduBridge

Effective Date: 01 January 2026

Platform: EduBridge

Operator: ABNO Softwares International Ltd

Website: www.edubridgeapp.com

Support Email: info@edubridgeapp.com

1. Introduction

EduBridge respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how ABNO Softwares International Ltd collects, uses, stores, shares and protects personal data when you use EduBridge websites, mobile applications, trainee portals, institution portals, trainer/assessor portals, partner portals, support tools, payment flows and related services.

EduBridge is a digital Portfolio of Evidence, assessment readiness, assessment registration and trainee support platform. It helps trainees activate profiles, check registered assessment units, upload PoE evidence, receive trainer feedback, track readiness and follow the correct assessment pathway.

EduBridge also helps institutions, trainers, assessors, QABs, QAIs and authorized reviewers support digital PoE readiness, assessment registration workflows, reporting, review, verification and certification support where applicable.

By using EduBridge, creating an account, activating a profile, subscribing to a plan, uploading evidence, activating an institution workspace, or submitting information through any EduBridge form, you agree to the practices described in this Privacy Policy.

2. Who This Policy Applies To

This Privacy Policy applies to:

  • 1.
    Trainees.
  • 2.
    Students or candidates using EduBridge.
  • 3.
    Parents or guardians, where applicable.
  • 4.
    Institutions and Assessment Centers.
  • 5.
    Institution administrators.
  • 6.
    Trainers, assessors, verifiers and moderators.
  • 7.
    HODs, registrars, finance officers, ICT officers and focal persons.
  • 8.
    QABs and QAIs using EduBridge or CBET Master workflows.
  • 9.
    EduBridge partners, ambassadors and applicants.
  • 10.
    Website visitors.
  • 11.
    Support users.
  • 12.
    Other authorized users of EduBridge.
3. Important Definitions
  • EduBridge means the platform, website, mobile application, portals, dashboards, support tools and related services operated by ABNO Softwares International Ltd.
  • ABNO, we, us or our means ABNO Softwares International Ltd.
  • User, you or your means any person or organization using EduBridge.
  • Trainee means a student, learner, candidate or person using EduBridge to activate a profile, check registered units, upload evidence, register for assessment where enabled, or manage PoE readiness.
  • Institution means an Assessment Center, TVET institution, university, QAI, QAB, training provider or any organization using EduBridge.
  • Assessment Center means an institution or center recognized for trainee assessment, including TVET CDACC Assessment Centers where applicable.
  • PoE means Portfolio of Evidence, including digital photos, videos, documents, forms, attachments, logs and other evidence uploaded or managed through EduBridge.
  • Assessment Pathway means the route through which a trainee’s programme, evidence or assessment workflow is reviewed, including TVET CDACC-assessed programmes, QAB/QAI-assessed programmes or CBET Master-supported workflows.
  • CBET Master means ABNO’s assessment workflow platform used where applicable for QAI/QAB assessment, moderation, verification, reporting and certification support.
  • Personal Data means information that identifies or can reasonably identify a person.
  • Sensitive Personal Data means data that may require extra protection under applicable law, including identification documents, disability information, health-related information, biometric information, images, videos, or other protected categories where collected.
4. Legal and Compliance Framework

EduBridge is operated in Kenya and is designed to comply with applicable Kenyan data protection requirements, including the Data Protection Act, 2019, and related data protection principles.

We aim to process personal data lawfully, fairly, transparently, securely and only for legitimate education, assessment, support, compliance, payment and platform purposes.

This Privacy Policy should be read together with:

  • 1.
  • 2.
    EduBridge Data Processing Agreement, where applicable.
  • 3.
    Institution onboarding terms.
  • 4.
    QAI/QAB onboarding agreements, where applicable.
  • 5.
    Any applicable MoU, service agreement or institution-specific terms.

Where an institution, regulator, QAI, QAB or assessment body has additional approved requirements, those requirements may also apply.

5. Personal Data We Collect

EduBridge may collect different categories of personal data depending on how you use the platform.

5.1 Trainee Profile Data

We may collect or process:

  • Full name.
  • Admission number.
  • Assessment registration number.
  • National ID number.
  • Passport number.
  • Birth certificate number.
  • Phone number.
  • Email address, where provided.
  • Institution or Assessment Center.
  • Department.
  • Programme.
  • Level, cycle, module or class.
  • Registered units.
  • Assessment pathway.
  • Enrolment year.
  • Course or programme status.
  • Profile activation status.
  • Subscription status.
  • Payment references.
  • Consent records.

5.2 Identity and Verification Data

We may collect or process:

  • OTP verification records.
  • Masked or verified phone numbers.
  • Email verification status.
  • Login credentials in protected form.
  • Password reset records.
  • Device information.
  • IP address.
  • Account security events.
  • Failed login attempts.
  • Profile claim attempts.

We do not store passwords in plain text.

5.3 PoE Evidence and Uploaded Content

Trainees may upload:

  • Photos.
  • Videos.
  • Documents.
  • Project evidence.
  • Practical work evidence.
  • Logbook entries.
  • Reflections or notes.
  • Attachments required by institutions or assessment workflows.
  • Industry training or teaching practice evidence, where enabled.
  • Other assessment-related files.

Uploaded content may contain images of trainees, trainers, workspaces, equipment, locations, documents or other people. Users must only upload content they are allowed to upload and share for education, assessment or portfolio purposes.

5.4 Assessment Registration Data

Where Assessment Registration is enabled, we may collect or process:

  • Selected assessment series.
  • Registration type.
  • Selected units.
  • Unit categories.
  • Approval status.
  • Trainer review decisions.
  • HOD review decisions.
  • Finance clearance status.
  • Registrar approval decisions.
  • Return or rejection reasons.
  • Destination system status.
  • Push success or failure status.
  • Submission references.
  • Integration error records.
  • Audit logs.

5.5 Institution and Assessment Center Data

For institutions, we may collect:

  • Institution name.
  • Center code.
  • Accreditation number.
  • Official email.
  • Official phone number.
  • Address.
  • County and sub-county.
  • Institution type.
  • Official website.
  • Programme list.
  • Department list.
  • Number of programmes.
  • Institution workspace status.
  • Focal person details.
  • Trainer and assessor details.
  • Institution user roles and permissions.
  • Institution consent and activation records.

5.6 Trainer, Assessor and Institution User Data

We may collect:

  • Full name.
  • Official email.
  • Phone number.
  • Job title or role.
  • Institution.
  • Department.
  • Assigned programmes or units.
  • Review actions.
  • Comments and feedback.
  • Approval or rejection actions.
  • Login and security records.
  • Audit logs.

5.7 QAI / QAB Onboarding Data

Where an institution requests EduBridge + CBET Master onboarding, we may collect:

  • QAI/QAB name.
  • Institution type.
  • County.
  • Contact person name.
  • Designation.
  • Official email.
  • Phone number.
  • Number of programmes expected.
  • Candidate volume estimate.
  • Areas of interest.
  • Assessment workflow needs.
  • Notes submitted through the onboarding form.

5.8 Partner and Ambassador Data

For partners, ambassadors or activation support applicants, we may collect:

  • Name.
  • Phone number.
  • Email.
  • ID or passport number, where required.
  • Institution affiliation.
  • County, sub-county or ward.
  • Partner type.
  • Education and experience.
  • M-Pesa number for approved incentives, where applicable.
  • Referee information, where required.
  • Approval, screening and onboarding status.
  • Activity and referral records.

5.9 Payment Data

We may collect or process:

  • Plan selected.
  • Amount paid.
  • Payment reference.
  • Transaction status.
  • Payment date and time.
  • Phone number used for payment.
  • Failed payment records.
  • Refund or duplicate payment requests.
  • Payment gateway response.

We do not ask for, collect or store your M-Pesa PIN.

5.10 Support and Communication Data

When you contact EduBridge, we may collect:

  • Name.
  • Phone number.
  • Email address.
  • Institution.
  • Support ticket content.
  • Screenshots or attachments.
  • Chat messages.
  • Call notes.
  • Issue category.
  • Resolution notes.
  • Support satisfaction feedback.

5.11 Technical and Usage Data

We may collect:

  • IP address.
  • Device type.
  • Browser type.
  • Operating system.
  • App version.
  • Login time.
  • Pages or screens visited.
  • Clicks and feature usage.
  • Error logs.
  • Crash logs.
  • Session activity.
  • Security logs.
  • Approximate location derived from IP or user input.
6. How We Collect Personal Data

We may collect personal data from:

  • 1.
    You directly when you create an account, activate a profile, upload evidence, submit a form or contact support.
  • 2.
    Your institution or Assessment Center.
  • 3.
    TVET CDACC-linked records or approved integration channels, where applicable.
  • 4.
    QAI/QAB or CBET Master workflows, where applicable.
  • 5.
    Trainers, assessors, HODs, registrars or institution administrators.
  • 6.
    Payment processors.
  • 7.
    EduBridge partners or ambassadors, where authorized.
  • 8.
    System logs and platform activity.
  • 9.
    Communication channels such as email, SMS, WhatsApp, phone or in-app messages.
7. Why We Use Personal Data

EduBridge uses personal data for the following purposes.

7.1 Account Creation and Authentication

We use data to:

  • Create trainee and institution accounts.
  • Verify phone numbers and emails.
  • Manage passwords and access.
  • Prevent unauthorized access.
  • Recover accounts.
  • Protect against profile takeover.

7.2 Profile Activation and Matching

We use data to:

  • Match trainees to assessment records.
  • Confirm identity using Assessment Center, admission number and ID/passport/birth certificate number.
  • Prevent another person from claiming a trainee profile.
  • Link trainees to the correct institution and programme.
  • Show registered units.

7.3 PoE Upload and Management

We use data to:

  • Store trainee evidence.
  • Organize evidence by programme, unit, outcome or workflow.
  • Display evidence to the trainee.
  • Enable review by authorized trainers, assessors or institution users.
  • Track upload status and readiness.
  • Support future career portfolio use where enabled.

7.4 Assessment Registration and Readiness

Where enabled, we use data to:

  • Show open assessment series.
  • Show eligible units.
  • Allow trainees to submit unit registration requests.
  • Route registrations through institution approval workflows.
  • Support trainer, HOD, finance and registrar review.
  • Submit approved records through the correct assessment pathway.
  • Monitor registration status and exceptions.

7.5 Institution Dashboards and Reports

We use data to:

  • Show trainee activation progress.
  • Show subscription and PoE upload status.
  • Track trainer review progress.
  • Identify readiness gaps.
  • Generate reports for institution users.
  • Support intervention before assessment deadlines.
  • Provide audit and compliance records.

7.6 Assessment Pathway Support

We use data to support:

  • TVET CDACC-assessed programme workflows.
  • QAI/QAB-assessed programme workflows.
  • CBET Master integration where configured.
  • Assessment, verification, moderation, reporting and certification support where applicable.

7.7 Payments and Subscription Management

We use data to:

  • Process subscriptions.
  • Confirm payments.
  • Activate plans.
  • Manage storage limits.
  • Handle failed, duplicate or disputed payments.
  • Process refunds where approved.
  • Prevent payment fraud.

7.8 Support and Communication

We use data to:

  • Respond to support requests.
  • Send OTPs and security alerts.
  • Send activation reminders.
  • Send assessment registration updates.
  • Send PoE readiness reminders.
  • Send payment confirmations.
  • Notify users about system changes.
  • Communicate onboarding and training information.

7.9 Security, Fraud Prevention and Compliance

We use data to:

  • Detect unauthorized access.
  • Prevent profile takeover.
  • Prevent payment fraud.
  • Investigate suspicious activity.
  • Maintain audit logs.
  • Enforce terms of service.
  • Comply with legal and regulatory obligations.

7.10 Product Improvement

We may use aggregated or anonymized data to:

  • Improve EduBridge features.
  • Understand platform performance.
  • Improve user experience.
  • Improve support processes.
  • Monitor adoption and readiness trends.
  • Improve training and onboarding materials.
8. Legal Basis for Processing

Depending on the context, we may process personal data based on one or more of the following legal grounds:

  • 1.
    Your consent.
  • 2.
    Performance of a contract or service.
  • 3.
    Legitimate interests in providing, securing and improving EduBridge.
  • 4.
    Compliance with legal or regulatory obligations.
  • 5.
    Education, assessment, institutional or certification requirements.
  • 6.
    Public interest or official assessment-related functions where applicable.
  • 7.
    Protection of users, institutions and platform security.

Where we rely on consent, you may withdraw consent where applicable. Some services may not work properly if consent required for that service is withdrawn.

9. How We Share Personal Data

EduBridge does not sell trainee personal data to advertisers.

We may share relevant personal data only where necessary for service delivery, assessment readiness, institutional support, compliance, payment, security or legal purposes.

9.1 With Your Institution or Assessment Center

We may share data with your institution or Assessment Center, including:

  • Activation status.
  • Registered units.
  • Subscription status.
  • PoE upload status.
  • Assessment registration status.
  • Readiness progress.
  • Trainer feedback and review status.
  • Support issues linked to institutional workflows.

9.2 With Trainers, Assessors and Reviewers

Authorized trainers, assessors, verifiers or reviewers may access relevant data and evidence for assigned trainees, units, programmes or workflows.

9.3 With QAI/QAB and CBET Master Users

Where configured, relevant data may be shared with QAI/QAB users and CBET Master workflows for assessment, verification, moderation, reporting or certification support.

9.4 With TVET CDACC or Assessment Bodies

Where applicable and authorized, data may be shared with TVET CDACC or other assessment bodies for assessment readiness, verification, reporting, integration or compliance purposes.

9.5 With Payment Processors

Payment data may be shared with payment providers to process subscriptions, confirm payments, handle failed transactions and support refunds.

9.6 With Communication Providers

We may use SMS, email, WhatsApp or notification service providers to send OTPs, alerts, reminders and support messages.

9.7 With Cloud and Technical Service Providers

EduBridge may use cloud hosting, storage, database, monitoring, backup, analytics and security service providers to operate the platform.

9.8 With ABNO Support and Technical Teams

ABNO support, engineering, product and administrative teams may access data where necessary to provide support, resolve issues, secure the platform, improve features or comply with obligations.

9.9 With Legal or Regulatory Authorities

We may disclose data if required by law, court order, regulator, assessment authority, lawful investigation, dispute resolution or to protect users, institutions, ABNO or the platform.

10. Data Shared With Institutions

Because EduBridge supports institution readiness, institutions may see certain trainee information.

This may include:

  • 1.
    Trainee name.
  • 2.
    Admission number.
  • 3.
    Programme and department.
  • 4.
    Registered units.
  • 5.
    Activation status.
  • 6.
    Subscription status.
  • 7.
    Evidence upload status.
  • 8.
    Unit readiness status.
  • 9.
    Trainer review status.
  • 10.
    Returned evidence status.
  • 11.
    Assessment registration status.
  • 12.
    Payment or clearance status where institution policy applies.
  • 13.
    Reports and dashboards.

Institutions should use this data only for legitimate education, assessment, readiness, support and reporting purposes.

11. Data Shared With Trainees

Trainees may see:

  • 1.
    Their own profile.
  • 2.
    Programme and institution details.
  • 3.
    Registered units.
  • 4.
    Assessment pathway.
  • 5.
    Upload and storage status.
  • 6.
    Trainer comments.
  • 7.
    Assessment registration status.
  • 8.
    Payment or subscription status.
  • 9.
    Notifications and reminders.

Trainees cannot access other trainees’ private profiles or PoE evidence.

12. Partner and Ambassador Data Use

If you apply to become an EduBridge partner or ambassador, we may use your data to:

  • 1.
    Review your application.
  • 2.
    Screen your suitability.
  • 3.
    Contact referees or institutions where applicable.
  • 4.
    Approve or reject your application.
  • 5.
    Assign roles.
  • 6.
    Track referrals or activation support.
  • 7.
    Process approved incentives.
  • 8.
    Monitor compliance with partner rules.
  • 9.
    Prevent fraud or misuse.

Partners and ambassadors must follow EduBridge privacy, payment and safety rules.

13. Children and Younger Users

EduBridge may be used by trainees who are minors or younger learners, depending on the institution and programme.

Where a user is below the age required for independent consent under applicable law or institution policy, EduBridge may rely on consent or authorization from a parent, guardian, institution or other lawful basis as appropriate.

Institutions are responsible for ensuring that trainees are onboarded in line with applicable school, institution, parental consent and data protection requirements.

EduBridge does not knowingly collect personal data from children for unrelated commercial advertising purposes.

14. Sensitive Personal Data

EduBridge may process sensitive personal data where necessary for assessment readiness, accessibility, support or legal compliance.

This may include:

  • 1.
    ID or passport information.
  • 2.
    Birth certificate number.
  • 3.
    Disability or special needs information.
  • 4.
    Photos or videos showing a person.
  • 5.
    Assessment records.
  • 6.
    Health-related information if submitted for accommodation, disability or special support purposes.
  • 7.
    Biometric information only where explicitly enabled and lawfully permitted.

We process sensitive personal data with additional care and only where necessary for the relevant service, institution workflow, user consent, legal requirement or assessment purpose.

15. Storage and Hosting

EduBridge stores data on secure cloud infrastructure and related systems.

Data may be stored, backed up or processed on servers located in Kenya or outside Kenya, depending on cloud infrastructure, service providers, backup arrangements and operational needs.

Where personal data is transferred across borders, we take reasonable steps to ensure appropriate safeguards, contractual protections or lawful transfer mechanisms are in place.

16. Security Measures

We use reasonable technical and organizational measures to protect personal data.

These may include:

  • 1.
    Password protection.
  • 2.
    OTP verification.
  • 3.
    Role-based access control.
  • 4.
    Secure cloud hosting.
  • 5.
    Encryption in transit where applicable.
  • 6.
    Restricted access to sensitive records.
  • 7.
    Audit logs.
  • 8.
    Backups.
  • 9.
    Monitoring and error logs.
  • 10.
    Security alerts.
  • 11.
    Internal access controls.
  • 12.
    Staff confidentiality obligations.

No system is completely risk-free. Users must also protect their accounts by using strong passwords, keeping OTPs private and reporting suspicious activity.

17. OTP, Password and Payment Safety

EduBridge will never ask for your:

  • 1.
    OTP.
  • 2.
    Password.
  • 3.
    M-Pesa PIN.
  • 4.
    Full card PIN or banking password.

Do not share these with anyone, including persons claiming to be EduBridge staff, institution staff, ambassadors, trainers or partners.

All payments must be made only through official EduBridge payment channels.

Do not send money to personal phone numbers unless the payment channel is officially provided by EduBridge.

18. Audit Logs

EduBridge maintains audit logs to support security, accountability, institutional review and compliance.

Audit logs may record:

  • 1.
    Login activity.
  • 2.
    Profile activation.
  • 3.
    Phone or email verification.
  • 4.
    Evidence upload.
  • 5.
    Evidence review.
  • 6.
    Registration submissions.
  • 7.
    Approval or rejection actions.
  • 8.
    Payment and clearance events.
  • 9.
    Institution setup actions.
  • 10.
    User role changes.
  • 11.
    Integration submissions.
  • 12.
    Support actions.
  • 13.
    Data correction requests.
  • 14.
    Failed access attempts.

Audit logs may include names, user IDs, roles, IP addresses, device information, timestamps, action details and status changes.

Audit logs may be retained even where other user data is corrected, archived or deleted, where required for compliance, security or dispute resolution.

19. Data Retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, including:

  • 1.
    Providing EduBridge services.
  • 2.
    Maintaining trainee PoE records.
  • 3.
    Supporting assessment readiness.
  • 4.
    Supporting institution dashboards and reports.
  • 5.
    Completing assessment, verification or certification workflows.
  • 6.
    Handling subscriptions and payments.
  • 7.
    Meeting legal, audit and compliance obligations.
  • 8.
    Resolving disputes.
  • 9.
    Preventing fraud.
  • 10.
    Maintaining backups and system integrity.

Retention periods may differ depending on the type of data, user role, institution requirements, assessment body requirements, subscription status and legal obligations.

Trainee PoE evidence may remain available during an active subscription or as otherwise allowed by EduBridge plan rules, institution requirements or applicable law.

20. Account Closure and Deletion

A user may request account closure through EduBridge support.

When an account is closed, EduBridge may:

  • 1.
    Deactivate access.
  • 2.
    Archive certain records.
  • 3.
    Retain data required for assessment, audit, payment, dispute resolution or legal purposes.
  • 4.
    Retain institution-related records where required by the institution or assessment workflow.
  • 5.
    Delete or anonymize data where lawful and appropriate.

Some records may not be deleted immediately if they are part of assessment, audit, payment, regulatory, security or institutional records.

21. User Rights

Subject to applicable law and verification, you may have rights to:

  • 1.
    Access your personal data.
  • 2.
    Request correction of inaccurate data.
  • 3.
    Request deletion of data where legally permitted.
  • 4.
    Object to certain processing.
  • 5.
    Withdraw consent where processing is based on consent.
  • 6.
    Request restriction of processing where applicable.
  • 7.
    Request information about how your data is used.
  • 8.
    Lodge a complaint with a data protection authority where applicable.

Some rights may be limited where data must be retained for assessment, certification, legal, audit, payment, security or institutional purposes.

To exercise your rights, contact info@edubridgeapp.com.

22. Correction of Official or Synced Records

Some data in EduBridge may come from official institution, TVET CDACC, QAI/QAB or assessment records.

If official or synced data is incorrect, EduBridge may not be able to directly edit it without confirmation from the relevant source.

Examples include:

  • 1.
    Assessment Center name.
  • 2.
    Center code.
  • 3.
    Admission number.
  • 4.
    Assessment registration number.
  • 5.
    Programme mapping.
  • 6.
    Registered units.
  • 7.
    Assessment pathway.
  • 8.
    Institution official email.
  • 9.
    Accreditation details.

Where correction requires the institution or assessment body, EduBridge may guide you on the correction process or escalate the issue to the appropriate party.

23. Cookies and Tracking Technologies

EduBridge websites and portals may use cookies or similar technologies to:

  • 1.
    Keep users logged in.
  • 2.
    Improve website performance.
  • 3.
    Remember preferences.
  • 4.
    Understand website usage.
  • 5.
    Improve security.
  • 6.
    Support analytics.
  • 7.
    Detect errors or misuse.

You may adjust browser settings to block cookies, but some platform features may not work properly without them.

24. Marketing and Service Communications

EduBridge may send service-related communications such as:

  • 1.
    OTPs.
  • 2.
    Activation messages.
  • 3.
    Payment confirmations.
  • 4.
    Subscription reminders.
  • 5.
    Assessment registration updates.
  • 6.
    PoE readiness notifications.
  • 7.
    Security alerts.
  • 8.
    Support responses.
  • 9.
    Institution onboarding updates.
  • 10.
    Training and webinar invitations.

We may also send relevant product updates, offers or educational messages where permitted.

You may opt out of non-essential marketing communications, but you may still receive essential service messages required for account security, payment, assessment readiness or platform use.

25. Automated Decisions and Profiling

EduBridge may use automated rules to:

  • 1.
    Match trainee profiles.
  • 2.
    Detect duplicate accounts.
  • 3.
    Validate eligibility.
  • 4.
    Show registered units.
  • 5.
    Flag mapping issues.
  • 6.
    Enforce storage limits.
  • 7.
    Detect suspicious login or payment activity.
  • 8.
    Route records based on assessment pathway.

EduBridge does not use automated processing alone to make final assessment, certification or competency decisions. Those decisions remain subject to trainers, assessors, institutions, QABs, QAIs, TVET CDACC or other authorized assessment bodies, where applicable.

26. Data Accuracy

Users are responsible for providing accurate information.

Institutions are responsible for ensuring that institution users, trainers, assessors, focal persons and related records are accurate.

Trainees should report any incorrect profile, unit, programme or assessment pathway information before continuing with activation, registration or PoE submission.

EduBridge may suspend, correct, flag or restrict records that appear inaccurate, duplicated or suspicious.

27. Third-Party Links

EduBridge may include links to third-party websites, documents, payment pages or external resources.

We are not responsible for the privacy practices of third-party websites that are not controlled by ABNO.

You should review their privacy policies before submitting personal data.

28. Third-Party Service Providers

EduBridge may use third-party service providers for:

  • 1.
    Cloud hosting.
  • 2.
    Data storage.
  • 3.
    Email delivery.
  • 4.
    SMS delivery.
  • 5.
    WhatsApp messaging where enabled.
  • 6.
    Payment processing.
  • 7.
    Analytics.
  • 8.
    Error monitoring.
  • 9.
    Customer support.
  • 10.
    Security monitoring.
  • 11.
    Backups.
  • 12.
    Document generation.
  • 13.
    Communication and onboarding.

We require service providers to process personal data only for authorized purposes and to apply reasonable confidentiality and security measures.

29. Data Breach and Incident Response

If we become aware of a data security incident that affects personal data, we will take reasonable steps to:

  • 1.
    Investigate the incident.
  • 2.
    Contain the issue.
  • 3.
    Assess the risk.
  • 4.
    Notify affected parties where required.
  • 5.
    Notify regulators where legally required.
  • 6.
    Improve safeguards to reduce future risk.
30. Institution Responsibilities

Institutions using EduBridge must:

  • 1.
    Add only authorized institution users.
  • 2.
    Remove users who no longer require access.
  • 3.
    Use trainee data only for legitimate education, assessment and readiness purposes.
  • 4.
    Avoid exporting or sharing trainee data unnecessarily.
  • 5.
    Protect downloaded reports.
  • 6.
    Respect trainee privacy.
  • 7.
    Ensure trainers, assessors and staff follow data protection obligations.
  • 8.
    Report suspected misuse or unauthorized access promptly.

Institutions should not use EduBridge data for unrelated commercial, political or unauthorized purposes.

31. Trainer and Assessor Responsibilities

Trainers, assessors and reviewers must:

  • 1.
    Access only assigned trainees or records.
  • 2.
    Use PoE evidence only for assessment, review, feedback and readiness purposes.
  • 3.
    Keep trainee information confidential.
  • 4.
    Avoid downloading or sharing evidence unnecessarily.
  • 5.
    Avoid using trainee images or videos outside authorized purposes.
  • 6.
    Report incorrect mappings or suspicious records.
  • 7.
    Log out from shared devices.
32. Trainee Responsibilities

Trainees must:

  • 1.
    Activate only their own profile.
  • 2.
    Provide accurate contact details.
  • 3.
    Keep passwords private.
  • 4.
    Never share OTPs.
  • 5.
    Upload only relevant and lawful evidence.
  • 6.
    Avoid uploading another person’s content without permission.
  • 7.
    Report incorrect details before proceeding.
  • 8.
    Use official EduBridge payment channels only.
  • 9.
    Report suspicious requests for money, OTPs or passwords.
33. International Access

EduBridge may be accessed from outside Kenya by users, institutions, partners or support teams.

If you access EduBridge from outside Kenya, your data may still be processed according to this Privacy Policy, applicable Kenyan law and any other applicable legal requirements.

34. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Updates may be posted on the EduBridge website, app or portal.

Where changes are material, we may notify users through email, SMS, in-app notice or institution communication.

Continued use of EduBridge after a policy update means you accept the updated policy.

35. Contact Us

For privacy questions, correction requests, account issues, data requests or security concerns, contact:

EduBridge Support
Email: info@edubridgeapp.com
Website: https://www.edubridgeapp.com

You may also use the official support channels provided within the EduBridge platform.

Privacy Summary for Trainees

EduBridge uses your data to activate your profile, show your registered units, help you upload PoE evidence, support trainer review, process subscriptions, send reminders and help your Assessment Center track readiness.

Your PoE belongs to you. Your institution may see progress and readiness information so they can support you.

EduBridge will never ask for your OTP, password or M-Pesa PIN.

Use only official EduBridge payment channels.

For support, contact info@edubridgeapp.com.

Privacy Summary for Institution Activation

EduBridge uses institution and user data to activate your workspace, verify official contacts, configure trainee activation, support trainer/assessor access, manage assessment registration and generate readiness reports.

Some institution data may be synced from TVET CDACC, QAI/QAB or institution records.

Actions in the workspace may be logged with user, timestamp and IP address for audit, compliance and support purposes.

For support, contact info@edubridgeapp.com.

EduBridge processes personal data for trainee activation, PoE upload, assessment readiness, assessment registration, payment, support and institution reporting. By using EduBridge, you agree to our Privacy Policy and Terms of Service.

For privacy support, contact info@edubridgeapp.com.