← Back to Karo

Privacy Policy

Version 1.0. Last updated: 9 July 2026.

Who this covers

This policy describes how Karo handles information about schools, staff members, students, and guardians whose records the school enters into the platform.

Roles

The School is the data controller for records it enters. Karo is the data processor and acts only on the School's instructions.

What we collect

  • Account information: full name, phone number, and email for staff logins.
  • School records: student and guardian information the School enters.
  • Financial records: invoices, receipts, and payment references processed through the platform.
  • Operational metadata: login timestamps and audit-log entries so owners can review activity.

How we use it

Solely to operate the platform for the School. We do not sell, share, or use it for advertising.

Payment processing

Card and mobile-money details entered by guardians are handled by our regulated payment processor and are never stored on Karo. We store only the reference and outcome of each transaction.

Retention

Immutable financial records are retained for the period required by applicable law. Other records are deleted on account closure on request.

Security

Access is scoped per school through role-based rules. Owners can require passkeys and enforce short auto-lock windows for their team.

Your rights and contact

Contact info@classicto.com to access, correct, or delete personal information held about you.

See also the Terms of Service.