Dary STEM

Privacy Policy

How we collect, use, share, and protect personal data — and the rights you have over it. We process personal data in line with Ghana's Data Protection Act, 2012 (Act 843) and, for learners in the European Union and United Kingdom, the General Data Protection Regulation.

Effective 13 June 2026. We will post any material changes on this page and update the date above.

1. Who we are

Dary STEM (“Dary STEM”, “we”, “us”) is a hands-on STEM learning platform built and operated from Ghana. For the purposes of the Data Protection Act, 2012 (Act 843) and the GDPR, Dary STEM is the data controller for the personal data described in this policy.

For privacy questions, to exercise your rights, or to reach our data protection contact, email privacy@darystem.com. Our registered company details and registration with Ghana’s Data Protection Commission are available on request.

2. Who this policy covers

This policy applies to everyone who uses Dary STEM:

  • Students, including children and young people;
  • Teachers who author courses and run classrooms;
  • Parents and guardians who follow a child’s progress; and
  • visitors to our public website.

3. The data we collect

We collect only what we need to run the platform:

  • Account data — name, email address, password (stored only as a salted hash, never in plain text), role (student, teacher, parent), and language preference.
  • Profile data — an optional avatar image and display details you choose to add.
  • Learning data — your course progress, lesson and step completion, quiz answers, code and circuit submissions, grades, experience points, badges, and certificates.
  • Classroom data — the classrooms you belong to, assignments, teacher feedback, and, where applicable, the link between a parent and their child’s account.
  • Communications — messages sent through the platform, notifications, and any support correspondence.
  • Marketplace data — where you use the marketplace, the items requested and parental approvals. Card or mobile-money details are handled by our payment provider, not stored by us.
  • Technical data — IP address, device and browser type, and server logs needed for security, debugging, and abuse prevention. We store authentication tokens and preferences in your browser (see Cookies, below).

We do not sell personal data, and we do not run third-party advertising or behavioural ad-profiling on the platform.

4. Children and young people

Dary STEM is designed to be used by students, including those under 18. Protecting children’s data is a priority, and we handle it in line with Act 843 and the Children’s Act, 1998 (Act 560), and with Article 8 of the GDPR for learners in the EU/UK.

  • We collect the minimum data needed to deliver lessons and track learning, and we do not profile children for advertising.
  • Where a school or teacher enrols students, the school acts as the intermediary and is responsible for obtaining the consents required under its own policies and applicable law.
  • Where a child registers independently, we ask for verifiable parental or guardian consent before the account is fully activated, in line with applicable law.
  • A parent, guardian, or school may ask us to access, correct, or delete a child’s data at any time using the contact details above.

5. How and why we use data, and our lawful basis

Act 843 requires that we process data lawfully and fairly, for a specific purpose, and no more than is necessary. Under the GDPR we also rely on a lawful basis for each use:

  • To provide the service — create your account, deliver lessons, grade submissions, run classrooms, and issue certificates. Basis: performance of a contract.
  • To keep the platform safe and working — security, abuse prevention, debugging, and service improvement. Basis: our legitimate interests, balanced against your rights.
  • To communicate with you — account, progress, and service notifications, and replies to your requests. Basis: contract and legitimate interests.
  • Optional features and messages where we ask for it. Basis: your consent, which you may withdraw at any time.
  • To meet legal obligations — for example, responding to lawful requests. Basis: legal obligation.

6. Cookies and local storage

We use a small number of strictly necessary cookies and browser storage items to keep you signed in, remember your language and display preferences, and protect against abuse. We do not use advertising or cross-site tracking cookies. You can clear this storage in your browser settings, though signing in will not work without the essential items.

7. Who we share data with

We share personal data only as needed to run the service:

  • Teachers and schools see the learning data of students in their classrooms.
  • Parents and guardians see the progress of their own linked child.
  • Service providers who host and operate the platform on our behalf — cloud hosting, database and storage, email delivery, and payment processing — under contracts that require them to protect your data and use it only on our instructions.
  • Authorities where we are required by law, or where it is necessary to protect the safety of a user or the public.

8. International transfers

Some of our service providers operate servers outside Ghana. Where personal data is transferred across borders, we take steps required by Act 843 and, for EU/UK data, Chapter V of the GDPR — relying on adequacy decisions or appropriate safeguards such as standard contractual clauses, so that your data continues to be protected to the standard described in this policy.

9. How long we keep data

We keep personal data for as long as your account is active and as needed to provide the service. When an account is closed, we delete or anonymise the associated personal data within a reasonable period, except where we must keep certain records to meet a legal obligation or to resolve disputes. Routine housekeeping removes old operational data on a scheduled basis.

10. How we protect data

We use technical and organisational measures appropriate to the risk, including encryption of data in transit, hashing of passwords, access controls, and monitoring, consistent with Act 843 and Ghana’s Cybersecurity Act, 2020 (Act 1038). No system is perfectly secure, but we work to protect your data and to respond quickly if something goes wrong.

11. Your rights

Under Act 843 and the GDPR you have the right to access your personal data; to have inaccurate data corrected; to ask us to delete data or restrict how we use it; to object to certain processing; to data portability; and to withdraw consent where we rely on it. Exercising these rights will not make the service worse for you.

To make a request, email privacy@darystem.com. We will respond within the time required by law. If you believe we have not handled your data properly, you may complain to Ghana’s Data Protection Commission (dataprotection.org.gh), and, if you are in the EU or UK, to your local supervisory authority.

12. Changes to this policy

We may update this policy as the platform evolves or the law changes. We will post the updated version here and revise the effective date; significant changes will be communicated to account holders.

13. Contact

For any privacy matter, email privacy@darystem.com. See also our Terms of Service and About page.

Privacy Policy · Dary STEM