Legal

Privacy Policy

Last updated: 30 May 2026

SPARK, operated by NGINX IT Solutions ("SPARK," "we," "us"), respects your privacy and protects the personal data of every learner, parent, teacher, and staff member entrusted to our platform. This policy explains what we collect, why, and how we keep it safe — in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations.

In short: Your school's data belongs to your school. We use it only to operate SPARK on your behalf. We never sell it. You can export or delete it at any time.

1. Who this policy applies to

This Privacy Policy applies to anyone who:

Visits sparkpaaralan.com or any SPARK marketing page;
Submits a contact form, demo request, or waitlist signup;
Uses the SPARK School Management System (web) as a school administrator, teacher, parent, or learner;
Uses the SPARK Student app on iOS or Android.

2. What we collect

From website visitors

Information you submit voluntarily through forms (name, role, school, email, message). We store your inquiry in our database for the sole purpose of replying to you and following up on your demo or onboarding request;
Standard server logs (IP address, browser type, pages visited, timestamps);
Cookies for analytics (see Section 7).

From the SPARK Student app (iOS & Android)

Sign-in credentials: the email address and password you enter on the login screen are sent — over HTTPS only — to your school's SPARK server to authenticate you. The password is never stored on your device or by SPARK.
Session token: after successful login, your school's server issues a short-lived session token. The app stores this token in the device's secure system keychain (Apple Keychain on iOS, Android Keystore on Android). The token expires automatically and is deleted when you sign out.
Your school identifier: the slug of the school you selected on the login screen, so the app knows which school's server to talk to.
Read-only access to your school records: while you are signed in, the app fetches information already held by your school and displays it to you. This includes:
- your student profile — name, Learner Reference Number (LRN), student number, birth date, gender, address, and guardian contact details;
- academic records — grades, attendance, and guidance counselling notes;
- financial records — fees, invoices, balances, and payment history;
- health and clinic records — vital signs (such as height, weight, and BMI), blood type, allergies, immunisation history, and school health-examination findings;
- library records and school announcements.
This information is displayed in the app only; it is not copied off your device, is not stored by SPARK beyond the records your school already maintains, and is not sent to any third party.

Some of the information above — in particular your health and clinic records, birth date, and gender — is sensitive personal information as defined under the Data Privacy Act. SPARK displays it solely so that you and your guardians can view records your school already holds. We do not use health or any other sensitive data for advertising, profiling, or tracking of any kind, and we never share it with third parties for their own purposes.

The SPARK Student app does not request or use the camera, microphone, photo library, contacts, calendar, location, biometrics (for sign-in), or any tracking identifier. It contains no advertising SDKs, no analytics SDKs, and no third-party data collection. The only network calls it makes are to your school's SPARK server.

From schools using SPARK

Learner records: name, LRN, birth date, address, parent contact, enrollment history, grades, attendance, conduct.
Staff records: name, employee number, role, contact, payroll information (where applicable).
Financial records: tuition assessments, payments, scholarships, official receipt details.
Communications: messages, announcements, and notifications sent through SPARK.

SPARK acts as a Personal Information Processor for school data. The school remains the Personal Information Controller.

3. Why we collect it

To provide and operate the SPARK platform;
To generate DepEd-required forms (SF1–SF10, Form 137, Form 138);
To process payments and produce official receipts;
To respond to demo requests and customer support inquiries;
To improve the product through aggregated, de-identified usage analytics;
To comply with legal obligations under Philippine law.

4. Who we share it with

We share personal data only when necessary, and only with:

Service providers who help us operate SPARK (cloud hosting, payment processors, SMS gateways, email providers) — bound by data processing agreements;
Government agencies (e.g. DepEd, BIR, NPC) when required by law or upon valid legal process;
Your school's authorized administrators for the records pertaining to that school.

We do not sell, rent, or trade personal data.

5. How long we keep it

Marketing inquiries — kept for 24 months from your last interaction, then deleted.
School records — kept for the duration of your subscription, plus 90 days after termination to allow re-activation. After that, securely deleted unless your school requests an export.
Financial records — kept for at least 10 years as required by BIR.

6. Security

SPARK is hosted on enterprise cloud infrastructure with data residency in the Philippines. We implement:

TLS encryption for all data in transit;
AES-256 encryption for data at rest;
Role-based access controls and audit logs;
Regular security reviews and dependency updates.

No system is perfectly secure. If a breach affecting your data occurs, we will notify the National Privacy Commission and affected individuals within 72 hours, as required by law.

7. Cookies & analytics

On the website and web app, we use a small set of cookies to:

Keep you signed in to the SPARK web app;
Measure aggregated, de-identified site traffic (e.g. number of visitors, popular pages).

You can disable non-essential cookies in your browser settings without losing access to the site.

The SPARK Student mobile app uses no cookies, no analytics SDKs, and no advertising identifiers (IDFA / GAID / Android Advertising ID). The app makes network calls only to your school's SPARK server.

8. Your rights under the Data Privacy Act

You have the right to:

Be informed of how your data is used;
Access a copy of your personal data we hold;
Object to certain processing activities;
Correct inaccurate or outdated information;
Erase or block your data, subject to legal retention requirements;
Data portability — receive a structured export of your data;
Lodge a complaint with the National Privacy Commission (privacy.gov.ph);
Damages, where applicable.

9. Account deletion (SPARK Student app)

Student accounts in SPARK are issued and owned by your school — not by NGINX IT Solutions and not created in-app by the student. To deactivate an account or have personal data erased:

Step 1 — Sign out from the SPARK Student app (Profile → Sign out). This deletes the session token from your device's secure storage.
Step 2 — Contact your school's registrar or admissions office to request deactivation of your SPARK account and erasure of personal data held by the school. Your school is the controller of these records and will action the request in line with its retention policy and Philippine Data Privacy Act obligations.
Step 3 (optional) — Escalate to SPARK if the school does not respond within a reasonable time: email admin@sparkpaaralan.com and we will work with your school to resolve the request within 15 business days.

Uninstalling the app from your device also removes the locally stored session token and any cached data, but does not by itself delete your account on the school's server — only your school can do that.

10. Children's data

SPARK is designed for use by schools, including with respect to learners under 18. We process learner data only on the documented instructions of the school, which is responsible for obtaining the appropriate parental consent under Philippine law. The SPARK Student app is not directed at children for the purpose of advertising and contains no advertising or behavioural-tracking SDKs. Where a learner is below the age of digital consent under Philippine law, the school obtains parental authorisation before issuing the account.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced on this page and, where appropriate, by email to school administrators at least 30 days before they take effect.

12. Contact our Data Protection Officer

For privacy-related questions, requests, or complaints:

Email: admin@sparkpaaralan.com
Postal: NGINX IT Solutions, Davao City, Philippines

We aim to respond to all privacy requests within 15 business days.