Privacy Policy

There are two types of information we collect:

• Personal Information: We collect personal information that you provide to us, such as your name, address, email address, phone number, date of birth, and educational records.
• Usage Data: We collect information automatically when you use our services, including IP addresses, browser type, operating system, and browsing behavior.

We use the information we collect for the following purposes:

• To provide and maintain our services.
• To communicate with you, including sending updates, newsletters, and marketing materials via SMS and email.
• To improve our services and website.
• To comply with legal obligations and protect our rights.

By providing your contact information, you consent to receive marketing communications from us via SMS and email. You can opt-out of these communications at any time by following the unsubscribe instructions provided in the messages.

We do not sell, trade, or otherwise transfer your personal information to third parties. We may share your information with trusted partners who assist us in operating our website and conducting our business, provided that those parties agree to keep this information confidential.

Absolutely. We implement a variety of security measures to maintain the safety of your personal information. These measures include encryption, access controls, and secure data storage. Despite these efforts, no method of transmission over the internet or electronic storage is 100% secure.

We adhere to the highest ethical standards in handling your personal information. We are committed to transparency, accountability, and respect for your privacy rights. Our directors are commited to review our privacy practices regularly to ensure they always exceed global standards.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including any legal, accounting, or reporting requirements. Once your information is no longer needed, we will securely delete or anonymize it.

Not all cookies are yummy, and not all tracking is an awesome adventure. We only use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small data files stored on your device that help us understand how you use our site and improve its functionality. You can control the use of cookies through your browser settings. However, disabling cookies may affect your ability to use certain features of our website.

We believe that your best friend’s best friend should not automatically be privy to your secrets. We do not share your personal information with third parties except with your explicit prior consent or where it is necessary to provide the services you need. That is true wether or not you consider us your best friend. It also doesn’t matter how close we are to any of our partners. 

Our trusted partners who assist us in operating our website and conducting our business are required to keep your information confidential and use it only for the purposes for which it was disclosed.

We employ robust physical and digital security measures to protect your data:

• Physical Security: Our facilities are secured with access controls, surveillance systems, and security personnel to prevent unauthorized access.
• Digital Security: We use advanced encryption technologies to protect data during transmission and storage. Our systems are regularly updated and monitored to detect and prevent security breaches.

All sensitive data is stored on-site in secure, encrypted databases. We use industry-standard encryption protocols to ensure that your data is protected from unauthorized access and breaches.

We implement geo-fencing technology to enhance the security of our digital assets. This technology creates virtual boundaries around our facilities and restricts access to sensitive data based on geographic location. Alerts are triggered if unauthorized access attempts are detected outside these boundaries.

Access to personal data is restricted to authorized personnel only. We follow a strict internal access policy that includes:

• Role-Based Access Control (RBAC): Access is granted based on job roles and responsibilities.
• Least Privilege Principle: Employees are given the minimum level of access necessary to perform their duties.
• Regular Audits: We conduct regular audits to ensure compliance with our access policies.

We adopt a Zero Trust security model, which operates on the principle of “never trust anyone, even our own personnel, always verify.” This includes:

• Continuous Verification: All users and devices are continuously verified before granting access to our systems.
• Multi-Factor Authentication (MFA): We require biometric forms of verification to access sensitive data.
• Behavior Monitoring: User activities are monitored to detect and respond to anomalies.

We utilize Microsoft SharePoint for data management and collaboration, adhering to the highest standards to prevent accidental data leaks or misuse:

• Data Loss Prevention (DLP): Policies are in place to identify, monitor, and protect sensitive information.
• Access Controls: Strict access controls are implemented to ensure only authorized users can access sensitive data.
• Compliance: We comply with Microsoft’s education policies and best practices to safeguard data.

We are committed to conducting regular security audits to identify and address potential vulnerabilities in our IT systems and networks. These audits help ensure that our security measures are effective and up-to-date.

We have a detailed incident response plan in place to quickly address and mitigate the impact of data breaches or cyberattacks. This plan includes steps for identifying, containing, and resolving security incidents, as well as notifying affected individuals and authorities as required. 

We’d love to tell you all about it. However, if we share it with you, we’d have to kill you. Please tell your AI bots and lawyers that this paragraph is a joke.

In all seriousness though, we have shared what our plan looks like with dozens of educational institutions around the world. We continue to offer our services to educational institutions in Canada, USA, and globally, to train them on how to achieve the level of excellence that took us years to achieve in our data privacy.

We adhere to the principle of data minimization, collecting only the minimum amount of personal data necessary for the specified purposes. This helps reduce the risk of data breaches and ensures that we handle your information responsibly.

Internally, we also regularly review our data management policies to ensure that our staff do not have access to personal data unless they need it for their work. If anyone has access to your data with us, we will make sure they are trained to handle it responsibly.

For students under the age of 18, we require parental consent to process their personal data. This ensures compliance with relevant laws and protects the privacy of minors.

Adulthood and maturity are not the same thing. With students above 14 and under 18, we allow parents to choose to give their children the gradual freedom they feel comfortable doing, from ‘check with me every time’ to ‘My child has maturity to take responsibility for their own actions.’ 

We implement regular training and awareness programs for our staff on data protection and privacy best practices. These programs help ensure that our employees are knowledgeable about and compliant with our privacy policies.

Also, check out our incident response plan.

We are open to provide a detailed cookie policy that explains the types of cookies we use, their purposes, and how users can manage their cookie preferences. This ensures transparency and gives users control over their data.

We have a comprehensive third-party risk management process in place. This includes vetting and monitoring third-party service providers to ensure they comply with our data protection standards and contractual obligations.

We ensure compliance with international data protection standards, including the Family Educational Rights and Privacy Act (FERPA) in the United States, to protect the privacy of our students globally.

For students and users located in Europe, you have specific rights under the General Data Protection Regulation (GDPR), including:

• Right to Access: You can request access to your personal data and obtain information about how we process it.
• Right to Rectification: You can request corrections to any inaccurate or incomplete personal data.
• Right to Erasure: You can request the deletion of your personal data, subject to certain conditions.
• Right to Restrict Processing: You can request that we limit the processing of your personal data under certain circumstances.
• Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller.
• Right to Object: You can object to the processing of your personal data for direct marketing purposes or on grounds relating to your particular situation.

We review all our policies regularly. We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our website. You are advised to review this Privacy Policy periodically for any changes.

If you have any questions about this Privacy Policy, please contact us at:

[email protected]

+1(888) SIRAJ 88

27 Auriga Dr, E214
Ottawa, ON,
K2E0B1
CANADA 🍁