1. Introduction
SchoolPay ("we," "us," or "our") offers an AI-powered biometric payment system integrated with blockchain technology to facilitate cashless transactions in schools. The system utilizes Non-Fungible Tokens (NFTs) minted on the Polygon blockchain. By participating in the SchoolPay ecosystem, purchasing, utilizing, or accepting NFTs, you ("User," "Parent," "Merchant") agree to be bound by these Terms and Conditions.
2. Definitions
- NFT: A unique digital asset minted on the Polygon blockchain, representing payment value within the SchoolPay ecosystem.
- Blockchain: The decentralized, distributed ledger technology underlying the Polygon blockchain.
- Parent: An individual registered on the SchoolPay platform who purchases NFTs for their child's school-related expenditures.
- Child: A minor or student associated with the Parent's account, authorized to use the Parent-purchased NFTs.
- Merchant: Any school or authorized vendor within the SchoolPay ecosystem that accepts NFTs for goods or services.
- Fiat Currency: Legal tender such as MYR or USD used for transactions between SchoolPay and Merchants.
- Reload: The process by which Parents fund their SchoolPay app account using fiat currency or linked bank accounts.
- Buyback: The process where SchoolPay purchases NFTs from Merchants at the end of the day for fiat currency.
- Smart Contract: A self-executing contract with terms directly written into code that governs NFT transactions on the blockchain.
3. Scope of Services
- Minting of NFTs: NFTs are generated and deployed on the Polygon blockchain, encoded with metadata and usage policies.
- Parent Purchases: Parents fund their SchoolPay app wallets through reloads to acquire NFTs, which are then used for school-related transactions.
- Child Spending: Children utilize NFTs as vouchers to purchase goods or services within schools or from participating Merchants.
3. Tawarruq: Concept and Mechanism for SchoolPay
3.1 Introduction to Tawarruq
Tawarruq is an Islamic financing structure widely used for liquidity management and consumer financing, especially in jurisdictions observing Shariah law. It provides a Shariah-compliant alternative to interest-based lending, ensuring compliance with Islamic principles.
3.2 Mechanism of Tawarruq
- Step 1: SchoolPay purchases commodities in bulk from reputable suppliers on recognized exchanges (e.g., Bursa Suq Al-Sila').
- Step 2: The commodities are sold to guardians on a deferred payment basis, including a markup.
- Step 3: Guardians sell the commodities to a third party for cash, using the proceeds to fund their SchoolPay accounts.
3.3 Key Features
- Transparency
- Automation through smart contracts
- Shariah compliance reviewed by advisors
- Accessibility without interest-based loans
4. Privacy and Data Protection
SchoolPay prioritizes the confidentiality and integrity of user data. All data, including biometric, financial, and personal information, is securely stored and processed in compliance with GDPR, PDPA, and local privacy laws.
5. Account Registration and Responsibilities
Users must provide accurate personal and financial information and ensure the security of their credentials. Verification processes (e.g., KYC) may apply.
6. NFT Transaction Policies
- All transactions occur on the Polygon blockchain.
- Transaction fees (gas fees) will be transparently displayed before confirmation.
- Blockchain transactions are irreversible.
7. Refunds and Disputes
Refunds for unused NFTs must be requested within 30 days through the SchoolPay app. Disputes will be mediated by SchoolPay and escalated to arbitration if unresolved.
8. Merchant Obligations
Merchants must comply with SchoolPay's terms, provide approved goods/services, and submit daily redemption reports.
9. Use of Funds
Parents can reload accounts via bank transfers, and Merchants receive fiat currency equivalent for redeemed NFTs.
10. Termination and Suspension
Accounts may be suspended or terminated for fraudulent activities, misuse, or non-compliance.
11. Intellectual Property Rights
All intellectual property, including trademarks and platform content, remains the property of SchoolPay.
12. Liability and Indemnification
Users agree to indemnify SchoolPay against claims arising from misuse of the platform.
13. Amendments to Terms
Updates to these terms will be communicated via email or notifications. Continued use of the platform signifies acceptance.
14. Personal Data Protection Act (PDPA) Compliance
SchoolPay ensures responsible handling, retention, and protection of user data under the PDPA framework. Users retain rights to access, correct, or delete their data.
SchoolPay's Expanded PDPA Compliance Framework
10. Extended Case Studies and Scenarios
Scenario 1: Handling a Parental Request for Data Deletion Upon Graduation
A parent requests the deletion of their child’s personal data from the SchoolPay system after the child has graduated. This scenario outlines the steps and policies for fulfilling such a request in compliance with the PDPA.
- Verification: Confirm the identity of the parent making the request.
- Eligibility Check: Verify that the student has graduated and meets conditions for data deletion.
- Notification: Inform the parent about the scope of the deletion and legal obligations.
- Data Deletion: Use secure methods to delete all personal data.
- Confirmation: Provide the parent with a confirmation letter or email.
Scenario 2: Responding to a Suspected Data Breach and Notifying Affected Users
Steps taken to manage a suspected data breach and notify users promptly.
- Detection and Containment: Identify and isolate compromised systems.
- Assessment: Conduct forensic analysis to determine scope.
- Reporting: Notify regulatory authorities within the required timeframe.
- User Notification: Inform affected users and provide actionable steps.
- Resolution: Address vulnerabilities and conduct preventive reviews.
Scenario 3: Conducting a Data Portability Request During School Transitions
A parent requests the transfer of their child’s personal data to a new school’s payment system.
- Verification: Confirm the parent’s identity and request legitimacy.
- Data Preparation: Extract relevant data securely.
- Data Transfer: Share securely with the new school.
- Record Keeping: Maintain compliance logs for auditing purposes.