Data Sovereignty & Privacy Framework

GRIO

Data Sovereignty & Privacy Framework

Protecting Student Data. Empowering National Education.

March 2026

1. Executive Overview

Grio is committed to full data sovereignty and privacy protection. This document outlines how student data is collected, stored, protected, and governed. Grio is designed from the ground up to support government oversight and comply with national data protection requirements. No student data is shared with third parties.

2. Data Sovereignty Principles

• All student data stored on sovereign infrastructure

• Phase 1: Hetzner Cloud servers (Germany/Finland—EU data protection standards)

• Phase 2: Uganda-based edge servers for local caching and low-latency

• Phase 3: Fully in-country infrastructure, ministry-controlled if required

• No dependency on US-based cloud providers (no AWS, no Azure, no Google Cloud)

• Infrastructure designed for complete data portability—no vendor lock-in

3. What Data Grio Collects

Data Collected

• Student profiles: name, school, class, subjects

• Learning activity: sessions, topics covered, time spent, mode usage

• Performance data: assessment scores, practice results, topic completion

• AI interaction logs: questions asked, responses given (for quality and audit)

• Teacher data: class management actions, content uploads

• System data: device info, connectivity status, error logs

What Grio Does NOT Collect

• Biometric data

• Financial information (payment handled by third-party processor)

• Personal communications between students

• Location tracking beyond school assignment

4. Data Protection Measures

Encryption

• In transit: TLS 1.2+ on all connections

• At rest: database-level encryption, storage encryption

Access Control

• Role-Based Access Control (RBAC): Super Admin, School Admin, Teacher, Student

• Multi-tenancy with Row-Level Security—school data is isolated from other schools

• No cross-school data access without explicit authorization

Infrastructure Security

• Firewall protection (UFW/iptables)

• VPN-only administrative access

• Container-level isolation (Docker + K3s)

• Minimal attack surface by design

5. Audit & Transparency

• Comprehensive audit logs: who accessed what, when, from where

• All AI interactions logged with timestamp, session context, and user role

• Logs retained for configurable period (default: 1 year)

• Ministry can request audit reports at any time

• System designed for external security audits

6. Government Access & Oversight

• Ministry of Education can access national-level analytics dashboard

• Aggregated data available by: subject, school, region, district

• Individual student data accessible only by school staff and parents (with proper authorization)

• Grio can provide data exports in standard formats on ministry request

• Infrastructure can be transitioned to government-controlled servers

7. Student Privacy Rights

Students (and parents/guardians) have the right to:

• Know what data is collected

• Request access to their data

• Request deletion of their data (right to erasure)

• Opt out of non-essential data collection

• Data deletion requests processed within 30 days

• Student data never used for advertising or marketing

8. AI-Specific Privacy

• AI responses are grounded in curriculum content only (no external data)

• AI does not retain personal information between sessions beyond what is needed for continuity

• Topic-locking prevents AI from engaging in inappropriate topics

• AI outputs are age-appropriate and content-filtered

• No student data is used to train external AI models

9. Third-Party Data Handling

• LLM API calls (OpenAI, Phase 1) transmit only curriculum context and anonymized queries

• No personally identifiable student information sent to LLM provider

• Phase 2: self-hosted LLM eliminates all third-party AI data transmission

• Payment processing handled by certified third-party (e.g., Stripe)—Grio does not store payment details

10. Compliance & Certification Roadmap

• Current: HTTPS/TLS encryption, RBAC, audit logging, data isolation

• Planned: Uganda Data Protection & Privacy Act compliance review

• Future: SOC2-type certification, government security assessment, penetration testing

11. Commitment

Grio is built on the principle that student data belongs to students, schools, and the nation—not to technology providers. Our infrastructure, policies, and practices are designed to earn and maintain the trust of the Government of Uganda.