1. Who we are and what this policy covers
Minela («من إلى») is a school management platform operated through the website minela.net and two mobile applications: Minela for parents (package ID net.minela.app) and Minela Staff («من إلى الكادر») for school staff (package ID net.minela.staff). This policy applies to both apps and to this website. By using any of them you acknowledge that you have read this policy.
2. The school is the data controller
Our services are provided to subscribed schools, and there is no public signup in the apps: the school administration creates the accounts for its staff and for parents, enters the data, and decides who may access what. The school therefore acts as the data controller for the data of its students, staff, and parents, while Minela acts as a data processor on the school’s behalf and under its instructions, pursuant to the subscription agreement concluded with the school.
3. Data we process
- Account data: name, phone number, email address, and role (supervisor, teacher, driver, parent). These accounts are created and populated by the school — we do not collect this data from you directly.
- Students’ educational records: grades and assessment results, attendance records, behavior notes, and report cards. This data is entered by authorized school staff, and a parent is shown the data of their own children only.
- Precise school-bus location: location coordinates are collected only from the driver’s device, and only during an active trip that the driver starts in the app while it runs in the foreground. Parents see the location of the bus on the map — never the location of any person. We collect no location from parents’ or students’ devices, and location sharing stops automatically when the driver ends the trip.
- Photos: activity and event photos in the school gallery, uploaded by school staff and displayed within the school’s scope according to its permissions.
- Push notification tokens: a technical device token issued by Google’s Firebase Cloud Messaging service, used to deliver school notifications to your device.
- Crash diagnostics: when a technical error occurs, crash reports are sent via Sentry containing technical information about the device and the error, with no personally identifiable information.
- Phone number for verification: when signing in with a phone number we send a one-time verification code (OTP) by SMS through the messaging provider RaselSMS.
4. What we do not do
- There are no advertisements in our apps.
- We do not sell your data, trade in it, or share it for marketing purposes.
- We do not track you across other companies’ apps or websites, and we use no advertising trackers.
- We do not use student data for any purpose other than providing the service to the school.
5. Children’s data (students)
Login accounts in our apps are intended for adults: school staff and parents. Student data — and most students are minors — is entered by school staff and processed under the school’s responsibility as the data controller, within its educational and contractual relationship with parents. Permissions are designed so that a student’s data is accessible only to the authorized staff of their school and to their own parent; no parent can see another family’s children. If you have a concern about your child’s data, contact the school first, or email us at privacy@minela.net.
6. Where data is stored
Platform data is stored on servers hosted with DigitalOcean. Data travels between your apps and our servers encrypted with TLS, and access within the platform is restricted by role-based permissions (supervisor, teacher, driver, parent).
7. Service providers (sub-processors)
We rely on a small number of technical service providers, each processing data only to the extent its function requires:
| Provider | Purpose | Data involved |
|---|---|---|
| Google Firebase Cloud Messaging | Delivering push notifications to devices | Push notification tokens |
| Sentry | Crash diagnostics | Technical crash reports with no personal identifiers |
| DigitalOcean | Hosting servers, databases, and files | The platform data described in section 3 |
| RaselSMS | Sending SMS verification codes | Phone number and the code message text |
8. Data retention
We retain data for as long as the school’s subscription to the platform is active, as it forms part of the school’s operational record. When the subscription ends, or upon the school’s request, the school’s data is deleted from our operational systems within a reasonable period. You may also request deletion of your own account at any time through your school or via the account deletion page.
9. Data security
We apply appropriate technical and organizational measures to protect data, including: TLS encryption in transit, fine-grained role-based access permissions, separation of each school’s data, periodic backups, and restricting the operations team’s access to the minimum necessary.
10. Your rights
- Access and correction: because the school is the source and manager of the data, the fastest way to correct any information is through your school’s administration.
- Deletion: through your school, or via the account deletion page.
- Inquiries and complaints: email privacy@minela.net and we will respond as soon as possible.
11. Changes to this policy
We may update this policy from time to time. We will publish the updated version on this page with a new effective date, and we will inform subscribed schools of any material change before it takes effect.
12. Contact
Privacy questions: privacy@minela.net
General inquiries: info@minela.net