PratikYedek for education institutions

A real scenario

A private kindergarten in Bursa (anonymised reference: Institution-F, 95 students) was hit by a trojan in November 2024. Student registration forms, health reports, lunch/snack plans and photos were lost. Once parents were informed, 6 families filed lawsuits — sensitive health data (allergies, chronic conditions) could not be protected.

Root cause: No backup was being taken; "everything stays in the office" turned out to be wrong.

How PratikYedek solves it

1. Desktop app on the admin PC — Students/, Exams/, Health-Reports/, Parent-Contact/, Photos/.
2. Extra sensitivity for child photos — Consent-cleared photos in a separate folder; if consent is withdrawn, selective deletion runs.
3. Health-report category — KVKK § 6 sensitive data; the extra encryption layer is AES-256-GCM and access requires mandatory 2FA.
4. End-of-term automatic snapshots — Full snapshot at the end of each term (January/June), 10-year retention (Ministry of Education diploma/transcript requirements).
5. Restore drills — Monthly test using 5 random student records from a previous term.

KVKK child-data alignment

Child data

For data on under-18s, explicit consent is collected from the parent (KVKK § 5). The child's health data is sensitive (§ 6). Extra care for education institutions:

• Parent's explicit consent must be in writing (signed privacy notice)
• Photo/video explicit consent is a separate item (general consent does not cover it)
• Access to health reports must be logged
• When consent is withdrawn, selective deletion from every snapshot

• KVKK § 6 (Turkey's GDPR-equivalent): Health reports get AES-256-GCM + mandatory 2FA.
• MoNE Private Education Regulation art. 45: Student registry must be kept 10 years; PratikYedek max retention is 10 years.
• Convention on the Rights of the Child art. 16: Respect for the child's privacy — end-to-end encryption already meets this.

Recommended plan

• Individual private tutor: Starter (50 GB is enough, student count is low)
• Tutoring centre / kindergarten (10-50 students): Professional (100 GB + 2FA)
• Private school (50+ students): Enterprise (recommended for sensitive data): 500 GB + 10-year audit + team + SAML

Because of child data, the Starter plan is not recommended for institutions with 50+ students (2FA is optional there).

FAQ

How long should data be kept after a student graduates? MoNE requires 10 years of student records and 5 years of exam papers. PratikYedek retention meets this.

A parent says "please delete the photo." What happens? KVKK § 11/e selective deletion: the photo is removed from every snapshot; the audit log keeps deletion evidence for 10 years.

Can my tax advisor see student registration data? No — the institution owns its own PratikYedek account. The tax advisor only sees financial data (in a separate account). Health/education data is not shared with the tax advisor via BYOS (KVKK § 6 + tax-advisor BYOS restriction).

Is there a parent portal? Not currently. PratikYedek is institution-side backup only — a parent portal is the responsibility of your own LMS/student portal.

Should breakfast/lunch allergy health data be backed up separately? Recommended. PratikYedek supports category-based snapshots — health data in a separate folder → separate snapshot → separate retention policy.