memorAIze Privacy Policy

Last Updated: June 2025

1. Introduction

memorAIze is a Quran School Management Platform designed to support teachers, parents, and students. This policy explains how we collect, use, and protect personal information through the memorAIze mobile app and website.

2. Who Manages the Data

All student-related data is entered and managed by authorized teachers or guardians. memorAIze does not collect student data directly. We act as a processor of data on behalf of the institutions and families who use our platform.

3. What Information We Collect

memorAIze does not collect any data directly from students or their guardians. All information processed through the platform is provided and managed by authorized teachers, educational institutions, or parents/guardians.

The types of information that may be entered into the platform include:

  • Student names or nicknames, date of birth
  • Assignment progress and assessment scores
  • Attendance records
  • Parent or teacher contact details (e.g., email or phone)
  • Quran memorization progress and recitation assessments

We do not collect location data, device identifiers, behavioral tracking data, or any personal data beyond what is entered voluntarily by authorized users.

memorAIze functions solely as a data processor, providing a secure platform for institutions and families to manage their educational activities. The responsibility for determining what data is collected and ensuring compliance with applicable laws rests with the users and organizations who use the platform.

4. How We Use the Information

We use the data to:

  • Facilitate lesson planning and student progress tracking
  • Allow parents to monitor and engage with their child's Quran learning
  • Provide AI-powered insights to help educators identify patterns and support students
  • Improve user experience and offer insights to educators

We do not use this data for advertising or profiling.

4.1 Legal Basis for Processing

We process personal data based on:

  • Legitimate interests in improving educational outcomes and supporting Islamic education
  • Consent provided by parents/guardians for student data processing
  • Contractual necessity for providing services to educational institutions

5. Children's Privacy (COPPA & GDPR-Kids)

memorAIze is designed for use in educational settings. Student accounts are created and managed by parents or educators. We comply with COPPA and GDPR by:

  • Not collecting data directly from children
  • Requiring all student data to be entered and controlled by adults
  • Hosting all data in secure EU-based servers
  • Obtaining parental consent through the institution before processing any child data

6. Data Storage & Security

User data is securely stored on AWS servers located in the European Union. Our multi-tenant architecture ensures:

  • Complete data isolation between institutions
  • Each center's data is cryptographically separated
  • Staff can only access data from their own institution
  • No cross-institution data sharing or access
  • Encryption both at rest and in transit (AES-256)
  • Daily automated backups with 90-day retention
  • 24/7 security monitoring and intrusion detection
  • Regular security audits and penetration testing

7. Data Subject Rights (GDPR)

Under GDPR, you have the following rights:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing of your data
  • Data portability to transfer your data
  • Object to certain processing activities

To exercise these rights, contact us at team@memoraize.io. Requests will be processed within 7 business days. Only verified centre administrators or parents may request student data changes.

8. How AI Processes Your Data

memorAIze uses artificial intelligence to analyze patterns and provide educational insights:

  • AI processes data only within your institution's isolated environment
  • No student data is used to train AI models across institutions
  • AI insights are generated from aggregated, anonymized patterns within your center
  • Individual student data is never shared with other centers or third parties
  • All AI processing occurs within EU-based servers
  • AI models analyze trends such as attendance patterns, progress velocity, and performance indicators

9. Data Retention

We retain data according to the following schedule:

  • Active student data: Retained while enrolled at the institution
  • Inactive students: Data automatically deleted after 2 years of inactivity
  • Graduated students: Parents can download data; deleted after 1 year
  • Backup data: Retained for 90 days for disaster recovery
  • Audit logs: Retained for 1 year for security purposes
  • Institutions can request immediate deletion of all their data at any time

10. Third-Party Services

We use limited third-party services to operate memorAIze:

  • Amazon Web Services (AWS): Data hosting in EU-West region only
  • SMS Gateway Provider: For parent notifications (no data retention by provider)
  • Email Service: For system notifications (no marketing use)

We never sell, rent, or share personal data with third parties for marketing or advertising purposes.

11. International Data Transfers

All data processing occurs within the European Union. We do not transfer personal data outside the EU. If this changes in the future, we will:

  • Notify all users in advance
  • Ensure appropriate safeguards are in place
  • Update this privacy policy accordingly

12. Cookies and Tracking

memorAIze uses only essential cookies required for:

  • User authentication and session management
  • Security and fraud prevention
  • Basic platform functionality

We do not use tracking cookies, advertising cookies, or any form of behavioral tracking.

13. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will:

  • Notify all institution administrators via email
  • Display a prominent notice in the platform
  • Allow 30 days before significant changes take effect
  • Maintain a version history of all policy changes

14. Data Breach Procedures

In the unlikely event of a data breach:

  • We will notify affected institutions within 72 hours
  • Provide details of what data was affected
  • Outline steps taken to address the breach
  • Offer support and guidance to affected users
  • Report to relevant supervisory authorities as required by GDPR

15. Contact Information

For privacy-related questions, concerns, or to exercise your rights:

Email: team@memoraize.io
Data Protection Officer: privacy@memoraize.io

Mailing Address:
memorAIze
7 Beaufort Drive
B36 8AW
Birmingham
United Kingdom

Response Time: We aim to respond to all privacy inquiries within 48 hours and resolve requests within 7 business days.

16. Complaints

If you're not satisfied with our handling of your privacy concerns, you have the right to lodge a complaint with:

  • The UK Information Commissioner's Office (ICO)
  • Your local data protection authority (for EU residents)
By using memorAIze, educational institutions acknowledge that they are responsible for obtaining appropriate consent from parents/guardians and ensuring compliance with local regulations regarding student data.