Legal center

Data Processing

Last updated June 22, 2026 · 6 min read

The Edmissa platform is operated by Byte Forge Technologies L.L.C ("Byte Forge", "we", "us"), a company registered in Dubai, United Arab Emirates. This page describes how we process data on behalf of our customers (education agencies) who use the platform, including sensitive student data such as identity documents and financial information. It summarises the data-processing terms that apply to our service and complements our Privacy Policy.

Scope

This page applies where Byte Forge processes personal data on behalf of a customer in connection with the platform. Where a separate data processing agreement is signed between you and Byte Forge, that agreement governs and prevails over this page to the extent of any conflict.

Definitions

  • Controller — the party that determines the purposes and means of processing personal data (the customer).
  • Processor — the party that processes personal data on behalf of the controller (Byte Forge).
  • Personal data — information relating to an identified or identifiable individual.
  • Data subject — the individual the personal data relates to (for example, a student or applicant).

Roles and responsibilities

Customers are the controllers for the student and applicant data they store in the platform. Byte Forge acts as a processor, handling that data only to provide the service and on the customer's documented instructions, including as set out in these terms. For data Byte Forge collects as a controller — such as website and account data — see our Privacy Policy.

Nature and purpose of processing

We process customer data to provide and support the platform:

  • Subject matter: provision of the Edmissa platform.
  • Duration: for the term of the customer's use of the service.
  • Nature and purpose: storing, organising, and managing lead and application records.
  • Types of data: contact details, academic records, identity documents, and financial information.
  • Categories of data subjects: students and applicants, and the customer's own staff and contacts.

Customer obligations

As controller, the customer is responsible for ensuring it has a lawful basis and any required consents to collect the data and to have Byte Forge process it, for the accuracy of the data, and for giving lawful instructions. The customer must not instruct Byte Forge to process data in breach of applicable data protection law.

Our obligations

As processor, Byte Forge will:

  • process customer data only on the customer's documented instructions, unless required otherwise by law;
  • ensure that personnel authorised to process customer data are bound by confidentiality;
  • implement appropriate technical and organisational security measures (see below);
  • assist the customer, taking into account the nature of processing, in responding to data subject requests and in meeting its security, breach-notification, and related obligations; and
  • engage sub-processors only as described below.

Security measures

  • Field-level AES-256 encryption for sensitive data.
  • Data isolation between customer accounts.
  • Granular, role-based permissions and access controls.
  • Encryption in transit.

We review and update our security measures over time to maintain an appropriate level of protection.

Sub-processors

We use a limited set of infrastructure sub-processors to deliver the service. We currently use Cloudflare, Inc. for hosting, data storage, content delivery, bot mitigation, and access control. We require sub-processors to provide an appropriate level of data protection, and we will give customers reasonable notice of any new sub-processor so they can object on reasonable data-protection grounds.

International transfers

The platform runs on globally distributed infrastructure, and customer data may be processed in data centres located in different countries. Where data is transferred across borders, we take steps to ensure it remains protected in line with applicable data protection law.

Data subject requests

If a data subject contacts Byte Forge directly with a request relating to customer data, we will refer them to the relevant customer. Taking into account the nature of the processing, we will assist the customer in responding to data subject requests it receives. Data subjects and customers can reach us through our contact page.

Breach notification

If Byte Forge becomes aware of a personal data breach affecting customer data, we will notify the affected customer without undue delay and provide the information reasonably available to us to help the customer meet its own notification obligations.

Audits

On reasonable request, we will make available the information necessary to demonstrate compliance with these processing terms, subject to appropriate confidentiality protections.

Retention, return, and deletion

We retain customer data for the duration of the customer's agreement. On termination, and on the customer's request, we will delete or return customer data, subject to any legal retention requirements. Customers can also request deletion of specific data during the term through our contact page.

Contact

For data-processing or data-protection questions, contact us.

Questions about this document?

Reach our team and we'll point you to the right person.

Contact us