Jadwalkan Demo
Jadwalkan Demo
Jadwalkan Demo
Privacy Policy Aplikasi Sekolah Terbaik

Kebijakan Privasi dari Aplikasi Sekolah Terbaik

Privacy Policy

Pena School is an Aplikasi Sekolah Indonesia trusted by educational institutions to manage their students, staff, and families — and we know that the data behind those operations is among the most sensitive a school can hold. As an Aplikasi Sekolah Indonesia, protecting that information is not an afterthought; it is built into how our platform works. This Privacy Policy is our straightforward explanation of what data we collect, why we collect it, how we keep it safe, and the rights you have over it. We’ve written it in plain language so that administrators, teachers, and parents alike can understand exactly how their information is handled.

Last updated: 7 June 2026

Privacy Policy Aplikasi Sekolah Terbaik
1. Introduction

This Privacy Policy explains how Sevima ("we", "us", or "our") collects, uses, stores, shares, and protects personal data when you use Pena School (also referred to as Sevima Pena), including our School Information System (SIS) web application, the Parent Connect mobile application, our website at penaschool.com, and any related services (collectively, the "Services").

We are committed to protecting your privacy and processing personal data lawfully, fairly, and transparently in accordance with Law of the Republic of Indonesia No. 27 of 2022 on Personal Data Protection (UU PDP) and other applicable regulations.

By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please discontinue use of the Services.

2. Who We Are

Pena School is a Kindergarten-to-Grade-12 (K12) education platform provided by Sevima. It consists of two main components:

  • School Information System (SIS): a web application used by schools and education foundations to manage student, staff, academic, and administrative data.
  • Parent Connect: a mobile application that gives parents and guardians access to information about their children's school activities.

In most cases, the school or education foundation that subscribes to Pena School acts as the data controller for student and parent data, and Sevima acts as the data processor, handling personal data on the school's behalf and according to its instructions. For data we collect directly (such as website visitors and account administrators), Sevima acts as the data controller.

3. Personal Data We Collect

The categories of personal data we may collect depend on how you interact with the Services.

3.1 Account and Identity Data
  • Full name, username, and password
  • Email address and phone number
  • Role within the institution (e.g., administrator, teacher, staff, parent)
  • Profile photo (where provided)
3.2 Student Data (entered by the school)
  • Student name, date of birth, gender, and student identification number
  • Class, grade level, and enrollment status
  • Attendance records (including data from RFID, dynamic QR, geolocation, or facial recognition features where the school enables them)
  • Academic records, grades, and assessment data
  • Health or special-needs information, where the school chooses to record it
  • Parent/guardian contact details
3.3 Staff and HR Data (for institutions using HR features)
  • Employment details, position, and payroll information
  • Tax (PPh21) and social-security (BPJS) identifiers, where applicable
3.4 Financial and Transaction Data
  • Billing and subscription information for the institution
  • Cafeteria/POS balances and transaction records, where those features are enabled
3.5 Technical and Usage Data
  • Device information, IP address, browser type, and operating system
  • Log data, access times, and pages or features used
  • Approximate or precise location data, only where a feature requires it and you have granted permission (e.g., geolocation-based attendance)
  • Cookies and similar technologies on our website (see Section 9)
4. How We Collect Data

We collect personal data:

  • Directly from you, when you register, log in, complete forms, or contact us.
  • From your institution, when a school or foundation enters or uploads data about students, parents, and staff.
  • Automatically, through your use of the Services, including cookies, log files, and device sensors that you have permitted.
5. How We Use Personal Data

We process personal data to:

  • Provide, operate, and maintain the Services;
  • Create and manage user accounts and authenticate users;
  • Enable core features such as attendance, academic records, communication between schools and parents, and cafeteria transactions;
  • Process subscription billing and payments;
  • Respond to support requests and communicate important service notices;
  • Improve, secure, and develop the Services, including troubleshooting and analytics;
  • Comply with legal obligations and enforce our terms.
6. Legal Basis for Processing

In accordance with UU PDP, we process personal data based on one or more of the following:

  • Consent of the data subject (or, for a child, the consent of a parent or guardian);
  • Performance of a contract with you or your institution;
  • Compliance with a legal obligation;
  • Legitimate interests in operating and improving the Services, provided these do not override your rights.
7. Children's and Students' Data

Pena School is designed for use by K12 educational institutions, which means we process personal data relating to children (minors under 18 years of age). We treat this data with particular care.

  • Student data is entered and controlled by the school or foundation, which is responsible for obtaining the appropriate consent from parents or legal guardians before providing student data to the platform.
  • We process student data only to deliver the Services to the institution and do not use student data for advertising or for any purpose unrelated to the school's educational functions.
  • Sensitive features that involve children (such as facial recognition or geolocation attendance) are enabled at the discretion of the institution and should be used only with appropriate parental consent and in line with applicable law.
  • Parents and guardians may exercise the rights described in Section 11 with respect to their child's data, generally by contacting the school as data controller.
8. How We Share Personal Data

We do not sell personal data. We may share personal data only as follows:

  • Within your institution: authorized administrators, teachers, staff, parents, and students may access data according to their assigned roles and permissions.
  • Service providers: trusted third parties who help us host, operate, secure, and support the Services (e.g., cloud hosting, payment processing, communication delivery), bound by confidentiality and data-protection obligations.
  • Legal requirements: where required to comply with law, regulation, legal process, or a lawful government request.
  • Business transfers: in connection with a merger, acquisition, or reorganization, subject to this Privacy Policy.
9. Cookies and Similar Technologies

Our website and web application use cookies and similar technologies to keep you signed in, remember preferences, maintain security, and understand how the Services are used. You can manage or disable cookies through your browser settings, though some features may not function properly without them.

10. Data Retention

We retain personal data for as long as necessary to provide the Services, for as long as the institution maintains an active subscription, and as required to comply with legal, accounting, or reporting obligations. When data is no longer needed, we will delete or anonymize it. Upon termination of a subscription, institutional data will be handled according to the agreement with the institution.

11. Your Rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate or incomplete data;
  • Request deletion of your data, where applicable;
  • Withdraw consent previously given;
  • Object to or request restriction of certain processing;
  • Request a copy of your data in a usable format;
  • Lodge a complaint with the competent supervisory authority.

To exercise these rights, please contact us using the details in Section 14. If your data is controlled by a school or foundation, we may direct your request to that institution.

12. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration. These include access controls, role-based permissions, encryption in transit, and regular security practices. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. Data Transfers

Personal data is primarily processed and stored on servers located in Indonesia. If any data is transferred or processed outside Indonesia, we will ensure an adequate level of protection consistent with UU PDP and applicable regulations.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

  • Sevima — Pena School
  • Email: hello@penaschool.com
  • Website: penaschool.com
  • Address: Medokan Asri Tengah MA-2 Blok Q No.12, Medokan Ayu, Kecamatan Rungkut, Surabaya, Jawa Timur 60295.
15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you through the Services. We encourage you to review this page periodically.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by