Privacy Policy

Berean Bible Academy ("BBA", "we", "us") is a theological education institution registered in Lagos, Nigeria. This policy covers the website bba.org.ng, the student portal ses.bba.org.ng, the lecturer portal lts.bba.org.ng, the administrator portal admin.bba.org.ng, and the BBA Portal Android application (package ng.org.bba.portal). The Android app is a Trusted Web Activity (TWA) wrapper that displays the exact same content as the student portal website.

We collect the following categories of personal information:

• Account information — name, email address, phone number, WhatsApp number, password (stored as a bcrypt hash, never in plaintext), date of birth, gender, address.
• Academic information — program of study, semester, courses enrolled, academic session, student ID, grades, test and exam attempts, assignment submissions.
• Application documents — uploaded identity documents, certificates, recommendation letters, and other supporting files submitted as part of the admission application.
• Payment information — payment receipts, bank transfer references, amounts, and dates. We use Paystack for online payments; your card details are handled exclusively by Paystack and never stored on our servers.
• Technical information — IP address, browser or app user-agent, approximate geographic location derived from IP, and minimal analytics for abuse prevention and capacity planning.

We use your information to:

• Process admission applications and enroll accepted students in courses.
• Deliver course content, assessments, and grades.
• Track fee payments, scholarships, and outstanding balances.
• Communicate with you about your application, registration, fees, and academic progress via email and WhatsApp.
• Issue certificates and transcripts.
• Keep the platform secure, prevent fraud, and comply with legal obligations.

We process your data on the basis of your consent (when you create an account), the performance of a contract (delivering the education you enrolled for), our legitimate interests (securing the platform, preventing fraud), and legal obligations (record-keeping and tax).

We do not sell your personal data. We share information only with:

• Paystack — to process online card and bank payments, subject to their privacy policy at paystack.com/privacy/merchant.
• Your lecturers and assigned academic staff — to review your assignments, grade your work, and support your learning.
• Cloudflare — acts as a CDN and DDoS-protection reverse proxy for our domains. Cloudflare may see request metadata (IP, URL, headers) but does not see the content of our database.
• Law enforcement — only when required by a valid legal process.

Your data is stored on a dedicated server in Germany, operated by Hetzner Online GmbH. Passwords are bcrypt-hashed with a 12-round cost factor. Connections to all portals are encrypted with TLS 1.2 and above. File uploads are stored in private buckets and served only over HTTPS with access controls. Database backups are encrypted and retained for 30 days.

We keep your academic records for as long as the law requires us to retain student records (currently a minimum of 10 years after graduation or withdrawal). You can request that we delete personal data not subject to this retention requirement by emailing [email protected].

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate information from your profile page.
• Request deletion of data we are not legally obligated to keep.
• Withdraw your consent (which will typically end your access to the portal).
• Receive a copy of your data in a machine-readable format.
• Complain to the Nigeria Data Protection Commission (NDPC).

Contact [email protected] to exercise any of these rights.

The BBA portal and Android app are intended for users 18 years of age or older. We do not knowingly collect personal data from children under 13. If you believe we have, please contact us immediately and we will remove the data.

We use strictly necessary cookies and browser local storage to keep you signed in, remember your preferences (such as dark mode), and track your progress through course content. We do not use advertising cookies or third-party analytics trackers on the student portal.

We may update this policy from time to time. Material changes will be announced on the homepage and communicated to students via their registered email. The latest version is always available at bba.org.ng/privacy.

For any question about this policy or how we handle your data, contact: [email protected]  |  +234 902 767 7276