Legal & Privacy

Privacy Policy

Effective: May 20, 2026 · Last updated: May 20, 2026

This policy describes how Dirac Innovations PLC ("Dirac", "we", "our", or "us"), the developer of the Timiro educational platform, collects, uses, and protects information across our mobile application and website.

At a Glance — What We Do and Do Not Collect

What We Collect (Website only)

Sales agent & partner registration details
Payment records and licence purchase history
Business documents for compliance purposes
Payout and banking information for commissions

What We Do NOT Collect

Any data from the mobile application
Student learning progress or quiz results
Flashcard history or study patterns
Device identifiers or location data

1. Scope of This Policy

This Privacy Policy applies to all services offered by Dirac Innovations PLC under the Timiro brand, including the Timiro mobile application (available on Android) and the Timiro web portal at diracinnovations.com and associated subdomains.

The mobile application and the web portal operate under fundamentally different data architectures. This policy addresses each separately to ensure complete clarity.

2. The Timiro Mobile Application — Local-Only Architecture

The Timiro mobile application is designed with a privacy-first, local-only data architecture. All user data created within the application — including profile information, study progress, quiz scores, flashcard history, and learning analytics — is stored exclusively on the user's own device.

We do not transmit, collect, or store any of the following from the mobile app on our servers:

Student names or profile details entered in the app

Quiz and exam scores or results

Flashcard performance and spaced-repetition data

Subject competency maps or learning plans

Study session duration or frequency

Target exam dates or performance targets

Device identifiers or advertising IDs

Location data of any kind

The sole network interaction the mobile application performs is a one-way content delivery process: when a user activates a premium licence with a valid activation code, the application downloads updated educational content (curriculum questions, competency maps, and study materials) from our servers to the device. No user data is transmitted in this process. The activation code itself is validated server-side using only a cryptographic hash and is not linked to any personal identity on our servers.

Because no personal data leaves the device, users retain complete ownership and control of their educational records. Uninstalling the application permanently deletes all stored data.

3. The Timiro Web Portal — Information We Collect

Our web portal serves two distinct purposes: licence distribution and sales network management. The information we collect is strictly limited to what is necessary for these functions.

3a. Payment and Licence Records

When a licence is purchased — whether directly by a student or through an authorised sales agent — we record the following information to process the transaction, verify payment, generate a licence key, and provide receipts:

Purchaser name and contact details (phone number and/or email, as provided)
Payment method (Telebirr, bank transfer, or cheque)
Payment confirmation reference number or bank receipt
Transaction amount, date, and currency
The activation code(s) generated and issued as a result of payment
Withholding tax documentation where legally required

We do not process payment card data directly. All card payments (where applicable) are handled by licensed third-party payment processors, and we receive only a transaction confirmation.

3b. Sales Network Registration Data

Individuals who apply to join our sales network (as Agents, Representatives, or Partners) submit detailed information through our web-based onboarding portal. This information is required for legal compliance, commission processing, and contractual record-keeping. It includes:

Full legal name and date of birth

Residential address

Phone number

National ID document (uploaded)

Taxpayer Identification Number (TIN)

Trade/business registration certificate

Business name and legal entity type

Professional licence (if applicable)

Preferred payout method and bank account details

Profile photograph

Signed independent contractor agreement

This data is used solely for identity verification, commission calculation and disbursement, statutory tax reporting, and maintaining the contractual relationship with each network participant.

4. Legal Basis for Processing

We process personal data collected through the web portal on the following legal grounds:

Contractual Necessity

Processing sales network registration data and payment records is necessary to perform our contractual obligations to agents, partners, and customers.

Legal Obligation

Tax identification, withholding tax reporting, and document retention are required under Ethiopian tax and commercial law.

Legitimate Interest

Maintaining records of licence issuance and sales network activity is necessary for the integrity and audibility of our business operations.

Consent

Where we send communications beyond transactional messages (such as product updates), we rely on the explicit consent provided during registration.

5. How We Use Your Information

Information collected through our web portal is used exclusively for the following purposes:

Verifying purchaser identity and processing licence activations
Generating, issuing, and tracking activation codes
Calculating, recording, and disbursing sales commissions and overrides
Preparing payroll tax documentation and withholding tax certificates
Maintaining auditable records of the independent contractor relationship
Responding to support requests and account queries
Complying with Ethiopian commercial, tax, and financial regulations

We do not use any collected data for advertising profiling, behavioural tracking, or sale to third parties.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. Disclosure to third parties is strictly limited to the following circumstances:

Service Providers

We engage a small number of trusted vendors (e.g., our server hosting provider and database services) who process data solely on our instruction under contractual data processing agreements.

Financial Institutions

Bank account details may be shared with our banking partners solely for the purpose of disbursing commission payments.

Tax Authorities

We are required by law to report certain tax-relevant information (TIN numbers, withholding tax) to the Ethiopian Revenues and Customs Authority (ERCA).

Legal Proceedings

We may disclose information where required by a court order, legal process, or applicable law.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy, or as required by law:

Data Category	Retention Period
Payment and licence records	10 years (statutory tax requirement)
Sales network contractor agreements	Duration of contract + 7 years
Identity documents (ID, TIN)	Duration of contract + 7 years
Commission ledger records	10 years (statutory tax requirement)
Contact details (name, phone)	Duration of account + 2 years
Bank account details	Duration of contract + 3 years

8. Data Security

We implement administrative, technical, and physical security measures appropriate to the nature of the data we hold. These include:

Encrypted HTTPS connections for all web portal traffic (TLS 1.2+)
Database access restricted to application-layer credentials; no direct public exposure
Role-based access controls ensuring staff access only data relevant to their function
Uploaded identity documents stored in access-controlled server directories
Regular security patches applied to server infrastructure

No data transmission over the internet can be guaranteed 100% secure. While we use commercially reasonable means to protect your information, we cannot warrant absolute security.

9. Your Rights

Subject to applicable law, you have the right to:

Access

Request a copy of the personal data we hold about you.

Correction

Ask us to correct inaccurate or incomplete information.

Erasure

Request deletion of your data where it is no longer required for the stated purpose and no legal retention obligation applies.

Objection

Object to our processing of your data on grounds of legitimate interest.

Portability

Receive your data in a structured, machine-readable format.

Withdrawal of Consent

Withdraw consent for communications at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at the address below. We will respond within 30 days. Note that certain retention obligations (e.g., statutory tax records) may limit erasure requests.

10. Children's Privacy

The Timiro mobile application is designed for use by Ethiopian secondary school students. Because the application operates entirely offline and collects no data to our servers, there is no collection of children's data by Dirac Innovations PLC through the app.

The Timiro web portal — where personal data is collected — is accessible only by adults (18+) applying to participate in our sales network or making licence purchases. We do not knowingly collect personal information from individuals under the age of 18 through our web portal.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where feasible, notify active web portal users via email.

Continued use of our services after the effective date of an updated policy constitutes acceptance of the revised terms.

12. Contact Us

If you have questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact our Data Protection point of contact:

privacy@diracinnovations.com

Dirac Innovations PLC

Addis Ababa, Ethiopia

Registration No.: MT/AA/2/0063665/2018

We aim to respond to all privacy-related enquiries within 30 calendar days.