🔒 Privacy Policy
Your privacy is important to us. This policy explains how MadrasahSync handles your data.
1. Introduction
MadrasahSync (“we,” “our,” or “us”) is a school management platform designed for Islamic educational institutions (Madrasahs). We are committed to protecting the privacy of all users, especially the children whose educational data we help manage.
2. Information We Collect
2.1 Information You Provide
| Data Type | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address, password | Account creation and authentication |
| School Information | School name, address, contact details | School profile and identification |
| Student Information | Name, date of birth, class enrollment, academic progress | Educational record management |
| Parent/Guardian Information | Name, email, phone number, relationship to student | Communication and account management |
| Teacher Information | Name, email, assigned classes | Staff management and class assignments |
| Payment Information | Billing address (payment card details are processed by Stripe) | Subscription billing |
2.2 Information Collected Automatically
- Usage Data: Features used, pages visited, actions taken within the app
- Device Information: Device type, operating system, browser type
- Log Data: IP address, access times, error logs
3. Children's Privacy (COPPA Compliance)
Our approach to children's data:
- Student accounts are created and managed by school administrators or teachers, not by children directly
- Parents/guardians have full visibility into their child's data through parent portal access
- We collect only the minimum student information necessary for educational purposes
- Student data is never sold to third parties
- Student data is never used for advertising or marketing purposes
- Parents can request deletion of their child's data at any time
Parental Rights
Parents and guardians have the right to:
- Review their child's personal information
- Request correction of inaccurate information
- Request deletion of their child's information
- Refuse further collection of their child's information
4. Educational Records (FERPA Compliance)
For schools in the United States, we act as a “school official” under FERPA with a legitimate educational interest in accessing student data. We:
- Use student education records only for the purposes specified by the school
- Do not disclose education records to third parties without consent
- Maintain appropriate security measures to protect education records
- Return or delete education records upon termination of services
5. How We Use Your Information
We use collected information to:
- Provide Services: Operate and maintain the MadrasahSync platform
- Educational Management: Track student progress, attendance, and academic records
- Communication: Send important notifications to parents, teachers, and administrators
- Billing: Process subscription payments and manage accounts
- Support: Respond to inquiries and provide customer support
- Improvement: Analyze usage patterns to improve our services
- Security: Detect and prevent fraud, abuse, and security incidents
6. Data Sharing and Disclosure
6.1 We DO Share Data With:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Supabase | Database and authentication hosting | All platform data (encrypted) |
| Stripe | Payment processing | Billing information only |
| Vercel | Web application hosting | Web traffic data |
| Firebase (Google LLC) | Push notification delivery and crash reporting | Device tokens, notification payloads, crash logs, and device metadata |
| Resend, Inc. | Transactional email delivery and notification processing | User email addresses and transactional notification content |
6.2 We DO NOT:
- ❌ Sell personal information to third parties
- ❌ Use student data for advertising or marketing
- ❌ Share data with data brokers
- ❌ Use personal information for AI training purposes
6.3 Legal Disclosure
We may disclose information if required by law, court order, or to protect our rights, property, or safety.
7. Data Security
We implement industry-standard security measures:
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Control: Role-based access ensures users only see data they're authorized to view
- Row-Level Security: Database-level policies prevent unauthorized data access
- Regular Audits: We conduct regular security reviews and vulnerability assessments
- Secure Authentication: Multi-factor authentication available for all accounts
8. Data Retention
- Active Accounts: Data is retained while your account is active
- After Termination: Upon account deletion or service termination:
- User data is deleted within 30 days
- Backup copies are purged within 90 days
- Aggregated, anonymized data may be retained for analytics
- Legal Requirements: Some data may be retained longer if required by law
9. Your Rights
Depending on your location, you may have the right to:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data (“right to be forgotten”)
- Portability: Request your data in a portable format
- Objection: Object to certain processing of your data
- Restriction: Request restriction of processing
To exercise these rights, contact us via our Feedback & Support form.
10. International Data Transfers
Our servers are located in the United States. If you are accessing our services from outside the US, please be aware that your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses and other legal mechanisms to ensure adequate protection of transferred data.
11. Cookies and Tracking
We use essential cookies for:
- Authentication and session management
- Security and fraud prevention
- Remembering your preferences
We do not use third-party advertising or tracking cookies.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the “Last Updated” date
- Sending an email notification for significant changes
13. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
For privacy-related complaints, you also have the right to lodge a complaint with your local data protection authority.
© 2026 MadrasahSync. All rights reserved.