1. Introduction

Zakaria Islamic Academy (ZIA) (“ZIA”, “we”, “our”, or “us”) operates the school management platform accessible at https://ziacademy.replit.app (the “Platform”). This Privacy Policy explains how we collect, use, and protect information about students, parents, teachers, and administrators who use the Platform.

By using the Platform, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use and contact us at contact@ziacademy.org.

2. Information We Collect

Account Information

  • Name (first and last)
  • Email address
  • Username and password (passwords are stored as secure one-way hashes)
  • Mobile phone number
  • Gender
  • Role (parent, teacher, administrator)

Student Records

  • Student name, date of birth, and gender
  • Class and section enrollment records
  • Academic progress (Quran memorization, Qaidah, Islamic Studies)
  • Attendance records
  • Assignment grades and report cards

Payment Information

  • Tuition payment records and amounts
  • Payment method used (Stripe or PayPal — card details are never stored on our servers)

Usage Data

  • Login timestamps and session information
  • Pages visited within the Platform

3. How We Use Your Information

We use the information we collect exclusively to operate and improve the Platform:

  • Authenticate users and manage access to the Platform
  • Track student enrollment, attendance, and academic progress
  • Process and record tuition payments
  • Send automated notifications: absence alerts, payment reminders, assignment updates, and email verifications
  • Enable communication between parents, teachers, and administrators
  • Generate attendance and academic reports
  • Maintain school records and administrative functions

We do not use your information for advertising, sell it to third parties, or use it for any purpose outside of operating this school management system.

4. Google Sign-In

The Platform offers the option to sign in using your Google account via Google OAuth 2.0. When you choose to sign in with Google, we receive the following information from Google:

  • Your full name
  • Your Google account email address
  • A unique Google account identifier

We do not receive your Google password or access to any other Google services (such as Gmail, Drive, or Calendar). The information received from Google is used solely to create or link your account on the Platform. We do not share your Google account information with any third parties.

You can revoke the Platform’s access to your Google account at any time by visiting your Google Account permissions.

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties.

We use the following trusted third-party services to operate the Platform. Each service only receives the minimum data necessary to perform its function:

  • Stripe — for processing online tuition payments (governed by Stripe’s Privacy Policy)
  • PayPal — for processing online tuition payments (governed by PayPal’s Privacy Policy)
  • Google — for optional Google Sign-In authentication (governed by Google’s Privacy Policy)
  • Neon (PostgreSQL) — for secure database hosting of school records
  • Replit — for hosting and infrastructure of the Platform

We may disclose information if required to do so by law or in response to a valid legal request from a governmental authority.

6. Data Retention

We retain student and family records for as long as the student is enrolled at the school and for a reasonable period thereafter for administrative and legal record-keeping purposes. Account data is retained until a deletion request is submitted and processed.

Payment records are retained as required by applicable financial and tax regulations.

7. Data Security

We take reasonable technical and organizational measures to protect your information, including:

  • Passwords are stored using bcrypt hashing and are never stored in plain text
  • All data is transmitted over HTTPS (TLS encryption)
  • Sessions are protected with secure, HTTP-only cookies and expire after 7 hours
  • Database access is restricted to application servers only
  • Payment processing is handled by PCI-compliant third parties — card details never touch our servers

8. Children’s Privacy

The Platform is designed for use by parents, teachers, and school administrators in relation to minor students. Minor students themselves do not directly register for or access the Platform. Parents or guardians manage their children’s records through their own accounts.

We do not knowingly collect personal information directly from children under 13. If you believe a child has provided us with personal information without parental consent, please contact us immediately at contact@ziacademy.org.

9. Your Rights

You have the right to:

  • Access — request a copy of the personal information we hold about you
  • Correction — ask us to correct inaccurate information
  • Deletion — request deletion of your account and personal data
  • Revoke Google access — disconnect your Google account from the Platform at any time

To exercise any of these rights, please contact us at contact@ziacademy.org. We will respond within a reasonable timeframe.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Continued use of the Platform after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us:

Zakaria Islamic Academy (ZIA)
Email: contact@ziacademy.org
Website: www.ziacademy.org

Copyright © 2026 by Zakaria Islamic Academy. All rights reserved.