Mobile Applications Development

EdTech App Development in South Africa: Designing for Two Users on One Account

Most EdTech apps in South Africa are built as if the parent and the child are the same user. They are not, and the account architecture you choose decides whether the product is safe, usable and POPIA-compliant.

By Arnaud Brunel — Founder, Brunel Studios9 July 2026 Last updated: 9 July 2026
Mobile Applications Development

EdTech app development in South Africa means designing one product for two different people: the parent who pays and needs oversight, and the child who needs a fast, distraction-free experience. Most builds collapse the two into a single login, and that decision is usually what breaks the product and puts the business on the wrong side of POPIA.

Why an EdTech App Needs a Different Architecture Than a Normal Consumer App

A standard app is built, sold to, and used by the same person. An EdTech app, a family fitness app, a gym membership app, almost anything aimed at a household, is not. One person holds the card and the account. Someone else, often a minor, does the actual using. Treat that as a UI detail and you end up with either a child staring at a subscription-management screen, or a parent who cannot see anything without borrowing their kid's device and password.

The fix is not "add a second login." It is deciding, at the database level, what a child's profile is allowed to touch and what it is never allowed to see. Billing, payment methods and the parent's own account settings should be structurally absent from a child's session, not just hidden behind a menu a curious ten-year-old could still tap into. That decision shapes the data model before a single screen gets designed.

South African EdTech development companies working in this space typically quote R150,000 to R300,000 for a basic app and R300,000 to R800,000-plus once you add AI-driven content or multi-user account structures, and the account-separation work is exactly what pushes a build from the low end to the middle of that range.

The Trade-Off Most Builds Get Wrong: Access Is Not the Same as Oversight

Giving a parent a login is not the same as giving them oversight, and giving a child their own device is not the same as giving them independence from billing risk. A recent Stellenbosch University study, surveying 2,195 adolescents and 2,264 parents across five South African high schools, found that 99.2% of the teenagers owned a smartphone, yet only 7% of their parents said screen time was always restricted, according to reporting in the Mail & Guardian. Access is nearly universal. Oversight is not. An app that assumes parents are watching closely is building on a false premise.

We hit this exact problem on an EdTech platform we rebuilt for a primary-education client, engineered as an embedded CTO partnership similar to the equity-for-build model we've used on other South African software engagements. Parents needed a single dashboard showing every child's subscription and performance data. Students needed their own device, often a hand-me-down tablet, without ever touching the parent's card details or login. We solved it with QR-code profile linking: a student scans a code generated inside the parent's dashboard, which creates a scoped session on the second device tied to that child's profile only. No password is shared, no billing screen is reachable from that session, and the parent never has to hand over their own credentials to make a second device work. It is a small piece of engineering that does the actual job POPIA asks for: functional separation of a child's data from an adult's account, by architecture rather than by policy on paper.

That last part matters more than most founders realise. Under POPIA, processing a child's personal information requires consent from a parent or "competent person" in advance, and non-compliance carries fines of up to R10 million, according to the Information Regulator's own POPIA guidance. A consent checkbox at signup satisfies the letter of that requirement. An architecture that makes it structurally impossible for a child's session to reach payment or account-management data satisfies the intent of it, and is the difference regulators, and more practically, worried parents actually notice. It is the same shift we have argued for in how South African businesses capture and prove consent for the leads and data they hold: the record has to be structural, not a checkbox someone can claim was ticked.

What to Ask Before You Build a Family or EdTech App

If you are scoping this kind of build, ask your developer three things directly, and treat the answers as a filter the same way you would when vetting who actually builds your mobile app in South Africa. First, where does account separation happen: is it enforced at the database and API layer, or only hidden in the interface? Second, how does a second user get access to their own profile without ever seeing the parent's login? A QR-link or invite-code pattern is normal; sharing a single password across devices is not. Third, who signs off on the consent flow, and can you produce a record of it if the Information Regulator ever asks?

This is not only an EdTech question. Gyms with family memberships, healthcare apps with a patient and a caregiver, and financial products for households all hit the identical architecture decision. If your product has one payer and multiple users, plan the account model before you plan the interface, and treat it as a legal question as much as a technical one. This is precisely the kind of multi-user, compliance-aware build we scope inside our custom software development work for South African founders.

Founders building for South African families should expect the account-separation decision to add real scoping time up front. It is worth it. Get it wrong and you either lock parents out of visibility they are legally and practically entitled to, or you hand a child a session that can reach money it should never see. Get it right once, in the data model, and every feature built on top of it inherits the protection for free.

Questions About EdTech App Development in South Africa

How much does it cost to build an EdTech app in South Africa?

Basic EdTech apps typically cost R150,000 to R300,000 in South Africa. Mid-complexity builds with multi-user accounts or AI-driven content run R300,000 to R800,000, and enterprise-grade platforms with custom AI assessment engines can exceed R800,000. Multi-user account separation, like parent and child profiles, pushes cost toward the middle of that range.

Does POPIA apply to apps that are used by children?

Yes. POPIA treats anyone under 18 as a child and requires consent from a parent or legal guardian before their personal information can be processed, with limited exceptions. Fines for non-compliance can reach R10 million, so consent capture and data separation need to be designed in from the start, not added later.

Can a child use an EdTech app without logging in with a parent's credentials?

Yes, if the architecture supports it. On a platform we engineered for a primary-education client, students access their own profile on a second device through a QR code generated inside the parent's dashboard, creating a scoped session that never touches the parent's login or billing details.

How long does it take to build an EdTech app in South Africa?

A well-scoped MVP typically takes 8 to 10 weeks. Feature-rich platforms with multi-user architecture, AI-driven content and full POPIA-aligned consent flows generally take 4 to 6 months, depending on how much of the account-separation and compliance work is designed up front.

What is the difference between an EdTech app and a school management system?

An EdTech app is usually built around a learning experience for the end user, a student, delivered directly to a device. A school management system is administrative software for the institution: attendance, timetabling and staff records. Some platforms combine both, which is exactly where account-separation architecture becomes critical.

Do parents need to give separate consent for their child's data under POPIA?

Yes. POPIA requires that a parent or competent person consent to the processing of a child's personal information before an app collects it, separate from any consent the parent gives for their own account. Recent 2025 amendments strengthened these consent requirements further, so this is not a box to tick once and forget.

Arnaud Brunel

Founder, Brunel Studios

Arnaud Brunel is the founder of Brunel Studios, a software product studio based in Cape Town. He has spent the last 8 years building digital products for founders and SMEs across South Africa and Africa, working across mobile, web and AI-native platforms.

LinkedIn ↗