Privacy Policy

Hessity ("we," "us," "our," or "Platform") is committed to protecting your privacy. This Privacy Policy explains how Hessity collects, uses, stores, shares, and protects personal data in connection with the Hessity educational management platform — including its website, mobile applications, and all related services (collectively, the "Services"). This Policy is governed by Egypt's Personal Data Protection Law No. 151 of 2020 and its Executive Regulations. By using the Services, you acknowledge that you have read and understood this Policy. If you do not agree, please do not use the Services. This Privacy Policy should be read alongside our Terms and Conditions, which are incorporated here by reference.

The data controller responsible for your personal data is: Hessity — EgyptContact: privacy@hessity.appFor data protection requests: privacy@hessity.app

This Policy applies to all individuals who interact with the Hessity platform, including: Students — of any age, whose data is processed as educational participants. Parents / Legal Guardians — who register accounts and monitor student activity. Teachers — who manage classes, sessions, attendance, and grades. Educational Centers (Workspace Owners) — who operate workspaces and manage staff. Staff Members — employed or contracted by educational centers. Visitors — who browse Hessity's public-facing website or marketing pages.

Full name, mobile phone number, email address, and profile photo (optional). We assign every user a Unified Identity ID — a unique identifier that allows a student to participate across multiple workspaces (teachers and centers) without creating separate accounts for each.

Attendance records (check-in/check-out timestamps and location within the educational site), session schedules, academic grades, homework submissions, workspace affiliations, and any notes or feedback added by teachers.

Wallet balances, transaction history (amounts, timestamps, and payer/payee identifiers), cash payment records, and outstanding Platform Debt balances. Digital payments are processed through Paymob; Hessity does not store raw credit or debit card numbers. Paymob's own privacy policy applies to card data.

Technical logs capturing every create, update, and delete action on the Platform, including the user ID performing the action and the timestamp. These logs exist to ensure data integrity and prevent unauthorized modifications to academic or financial records.

Content you voluntarily publish on a public teacher profile or student achievement page — including professional descriptions, qualifications, and academic highlights. You control what is displayed publicly.

IP address, device type and model, operating system, browser type, app version, session duration, feature usage patterns, and crash reports. This data is collected automatically to maintain platform security and improve performance.

Support tickets, in-platform messages, and email correspondence with Hessity's support or legal teams.

Hessity does not collect: national ID scans, passport numbers, biometric data, bank account numbers, or raw payment card details. We do not collect data unrelated to the educational management purpose of the Platform.

Under Egypt's Personal Data Protection Law No. 151 of 2020, Hessity processes personal data on the following legal bases: Contractual Necessity: Processing required to deliver the Services you have contracted for (e.g., attendance tracking, scheduling, financial records). Consent: Processing based on your explicit agreement, such as marketing communications and optional public profile features. You may withdraw consent at any time without affecting prior lawful processing. Legal Obligation: Processing required to comply with Egyptian laws, including financial record retention and responding to lawful government requests. Legitimate Interests: Processing for platform security, fraud prevention, product improvement, and audit log maintenance — where these interests are not overridden by your rights. Vital Interests: In cases involving the safety of a minor, Hessity may process data to the extent necessary to protect that individual.

Managing student profiles, class schedules, attendance, homework, grades, and center operations across all workspace types (Independent Teacher, Center Employee, Provider Model).

Sending real-time notifications to linked parents or guardians regarding their child's attendance, academic performance, and important updates — enhancing oversight, safety, and commitment.

Recording and auditing all financial transactions (cash and wallet), managing the student e-wallet system, calculating and displaying Platform Debt for cash transactions, and providing the "Digital Accountant" automated cashbox audit service.

Sending one-time passwords (OTPs) for secure login, detecting and preventing unauthorized access, and maintaining audit logs to deter fraudulent modifications to academic or financial data.

Generating aggregated, anonymized usage analytics to understand feature adoption, identify performance issues, and guide product development. Individual users are never identified in these analytics.

Sending transactional notifications (session reminders, payment confirmations, attendance alerts) and, with your consent, promotional communications about new Hessity features. You may opt out of promotional messages at any time.

Retaining records as required by Egyptian law, responding to lawful requests from competent authorities, and enforcing our Terms and Conditions.

Hessity's architecture enforces strict data isolation between workspaces: A student's data within Center A (grades, attendance, financial records) is completely invisible to Center B, even if the same student is enrolled in both. Teachers affiliated with one center cannot access student data from another center where the same student studies. The Unified Student ID allows the student to manage their own cross-workspace view from their personal dashboard — but this aggregated view is accessible only to the student and their linked parent/guardian. Workspace Owners can only access data within their own workspace. No cross-workspace data queries are permitted at the application layer. This isolation is enforced at the system architecture level — it is not a policy preference but a technical control.

Hessity does not sell, rent, trade, or license personal data to any third-party advertiser, data broker, or marketing agency. Ever.

We share limited data with trusted third-party providers who process it solely to enable the Services: Paymob — payment gateway for digital wallet top-ups. Paymob processes payment data under its own privacy policy and PCI-DSS compliance framework. SMS/OTP Gateway Providers — for delivering authentication codes and transactional notifications. Cloud Infrastructure Provider — for secure hosting and data storage. Data is processed under a Data Processing Agreement. All third-party service providers are contractually bound to process data only as instructed by Hessity and to maintain appropriate security standards.

We may disclose personal data to competent Egyptian authorities, courts, or regulatory bodies when required by law, court order, or to protect Hessity's rights. We will notify affected users of such disclosures to the extent permitted by law.

In the event of a merger, acquisition, or sale of Hessity's assets, personal data may be transferred to the successor entity. Users will be notified in advance and may request data deletion before the transfer is completed.

Hessity uses the following types of cookies and similar technologies: Essential Cookies: Required for platform functionality — session management, authentication tokens, and security. Cannot be disabled. Performance Cookies: Collect anonymized data about how users interact with the Platform to improve performance. You may opt out. Preference Cookies: Remember your language, display settings, and workspace selections. You can configure your browser or device to reject non-essential cookies. Note that disabling cookies may affect certain Platform features. Hessity does not use cross-site tracking or third-party advertising cookies.

Hessity is designed to serve students of all ages, including children under 13 and minors under 18. We take children's privacy seriously and apply the following protections: Student accounts for minors must be created and managed by a parent, legal guardian, or an authorized Workspace Owner (teacher or center). Students do not self-register. Data collected for minor students is limited strictly to what is necessary for educational management: attendance, schedules, grades, and parental notifications. Minors' personal data is never used for marketing, advertising profiling, or any purpose beyond delivering the educational management service. Public profile features are disabled by default for minor students and can only be enabled with explicit parental or guardian consent. Parents and guardians may request access to, correction of, or deletion of their child's data at any time by contacting privacy@hessity.app. If you believe Hessity has inadvertently collected personal data from a minor without proper parental consent, please contact privacy@hessity.app immediately. We will investigate and delete such data promptly.

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, or as required by Egyptian law: Active Account Data: Retained for the duration of the account's existence. Post-Termination: Core account data is retained for 3 years following account closure, in line with Egyptian commercial record-keeping requirements. Financial & Transaction Records: Retained for a minimum of 5 years as required by Egyptian tax and accounting law. Audit Logs: Retained for 3 years to support dispute resolution and compliance. Academic Records: Retained for 3 years after the student's last active enrollment in any workspace, unless a Workspace Owner requests earlier deletion within their permitted scope. Deleted Accounts: Self-service deletion through the mobile app follows Section 14. After the 14-day grace period, personal data is anonymized. Some information may still be retained where required by law, as described above.

Hessity implements appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction: Encryption: Data is encrypted in transit (TLS 1.2+) and at rest using industry-standard encryption. Access Controls: Role-based access controls ensure that staff and systems can only access the data they need to perform their functions. Audit Trails: Immutable logs track all data access and modifications to detect and investigate unauthorized activity. Penetration Testing: Regular security assessments are conducted on the Platform infrastructure. Incident Response: In the event of a personal data breach, Hessity will notify affected users and, where required, the Egyptian Personal Data Protection Centre (PDPC) within the legally mandated timeframe. No system is 100% secure. If you suspect a security incident involving your data, contact security@hessity.app immediately.

Under Egypt's Personal Data Protection Law No. 151 of 2020, you have the following rights regarding your personal data: Right of Access: Request a copy of the personal data we hold about you. Right to Rectification: Request correction of inaccurate or incomplete data. Right to Erasure: Request deletion of your personal data, subject to legal retention obligations. Right to Restriction: Request that we limit how we process your data in certain circumstances. Right to Data Portability: Receive your personal data in a structured, machine-readable format. Right to Object: Object to processing based on legitimate interests or for direct marketing purposes. Right to Withdraw Consent: Withdraw any previously given consent at any time, without affecting the lawfulness of prior processing. To exercise any of these rights, submit a written request to privacy@hessity.app. We will respond within 30 days. We may need to verify your identity before processing the request. If you are unsatisfied with our response, you have the right to lodge a complaint with Egypt's Personal Data Protection Centre (PDPC). For self-service account deletion in the mobile app, see Section 14.

You may request deletion of your Hessity account through the mobile application.

Start account deletion from your account settings in the Hessity mobile app. This self-service flow is separate from other data-rights requests sent by email.

You cannot request account deletion while your smart wallet has a non-zero balance. Please withdraw or use your balance before starting deletion.

After you confirm deletion in the app, your account enters a pending deletion state for 14 calendar days. During this period the deletion is scheduled but not yet final.

If you sign in to the app at any time during the 14-day period, the deletion request is automatically cancelled and your account continues as before.

If you do not sign in during the grace period, your account will be deleted and your personal data will be anonymized (your account becomes an anonymous user record). Some information may still be retained where required by law, as described in Section 11 (Data Retention).

Hessity's primary data processing takes place within Egypt. If any personal data is transferred to or processed in a country outside Egypt (for example, by a cloud infrastructure provider), Hessity ensures that appropriate safeguards are in place, including contractual data transfer agreements that provide protections equivalent to those required by Egyptian law.

Hessity may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. When we make material changes, we will notify you via email (to your registered address) and/or a prominent in-Platform notification at least 14 days before the changes take effect. The "Last Updated" date at the top of this Policy reflects the most recent revision. Continued use of the Services after the effective date constitutes acceptance of the revised Policy.

For all privacy-related inquiries, requests, or complaints: Email: privacy@hessity.appGeneral Support: support@hessity.appSecurity Issues: security@hessity.appHessity — Arab Republic of Egypt