← Back to Home

Privacy Policy

Last updated: December 22, 2025

1. Introduction

Hafizna ("we", "our", or "us") operates the online Quran learning platform at hafizna.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We are committed to protecting the privacy of all users, especially minors. If you are under 18 years old, your parent or legal representative must provide consent and will receive important notifications about your account.

2. Information We Collect

2.1 Personal Information

When you register for an account, we collect:

  • Students: Full name, email address, phone number, date of birth, password
  • Minors (under 18): Additionally, parent/legal representative email and phone number
  • Teachers: Full name, email address, phone number, password, bank account details (IBAN, account holder name) for payouts

2.2 Usage Data

We automatically collect:

  • Session attendance records
  • Learning progress and completion data
  • Platform usage analytics (pages visited, time spent)
  • Device and browser information
  • IP address and location data

2.3 Payment Information

Payment processing is handled by Stripe. We do not store complete credit card numbers. We retain transaction records and payment status for accounting purposes.

3. How We Use Your Information

We use collected information to:

  • Provide and maintain our learning platform
  • Process registrations and verify accounts
  • Schedule and facilitate online classes
  • Process payments and payouts
  • Send service notifications and updates
  • Monitor and improve platform performance
  • Ensure safety and prevent fraud
  • Comply with legal obligations

3.1 Parental Contact for Minors

For students under 18, we send account verification emails and important notifications (session reminders, policy updates, safety alerts) to the parent/legal representative email provided during registration. This ensures parental oversight and consent for minors' use of the platform.

Legal basis: Legitimate interest in protecting minors and compliance with child protection laws (COPPA, GDPR Article 8).

4. Information Sharing and Disclosure

We do not sell your personal information. We may share information with:

  • Service Providers: Stripe (payments), Resend (emails), Vercel (hosting), Neon (database), Sentry (error monitoring)
  • Teachers and Students: Limited information necessary for conducting classes (name, progress)
  • Parents/Legal Representatives: Learning progress and attendance for their minor children
  • Legal Authorities: When required by law or to protect rights and safety

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services.

  • Active accounts: Data retained indefinitely while account is active
  • Deleted accounts: Personal data deleted within 90 days of account deletion request
  • Transaction records: Retained for 7 years for legal and accounting compliance
  • Session recordings (if any): Deleted after 30 days unless flagged for safety review

6. Your Rights

Depending on your location (especially EU/EEA), you have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update incorrect or incomplete information
  • Deletion: Request deletion of your account and personal data ("right to be forgotten")
  • Restriction: Limit how we use your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw consent for data processing at any time

To exercise these rights, contact us at privacy@hafizna.com.

7. Data Security

We implement industry-standard security measures:

  • Passwords hashed using bcrypt (cost factor 12)
  • Verification and reset tokens hashed with SHA-256
  • HTTPS encryption for all data transmission
  • Access controls and role-based permissions
  • Regular security audits and monitoring
  • Database hosted in secure EU region (Neon/AWS Frankfurt)

8. Cookies and Tracking

We use essential cookies for:

  • Session authentication (NextAuth)
  • User preferences
  • Security and fraud prevention

We do not use third-party advertising cookies. Analytics are privacy-focused and anonymized. You can manage cookies through your browser settings, but disabling essential cookies may affect platform functionality.

9. International Data Transfers

Our primary servers are located in the EU (Frankfurt). If you access Hafizna from outside the EU, your data may be transferred to and processed in the EU. We ensure adequate safeguards through:

  • EU Standard Contractual Clauses (SCCs) with service providers
  • GDPR-compliant data processing agreements
  • Regular compliance reviews

10. Children's Privacy (COPPA/GDPR)

We comply with COPPA (Children's Online Privacy Protection Act) and GDPR Article 8. Students under 18 must provide a parent/legal representative's email and phone number. We do not knowingly collect data from children under 13 without verifiable parental consent.

If you believe we have inadvertently collected data from a child without proper consent, contact us immediately at privacy@hafizna.com.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending email notification to all users (and parents/legal representatives for minors)

Continued use of Hafizna after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or to exercise your rights:

EU users may also lodge a complaint with their local data protection authority.