Deen Team Tarbya program

Privacy Notice

Version 1.0 · effective 12 May 2026.

Who we are

This app is run by the Deen Team, a small group of Leaders (parents and volunteers) delivering the weekly Tarbya programme for Muslim youth in the UK. The Deen Team is the "data controller" under UK GDPR.

Contact for any privacy question or request: deen.team.09.2020@gmail.com.

What we collect

  • Your child's display name and an auto-generated username
  • One or two parent email addresses — login codes go here
  • Which groups he joins
  • Chat messages he writes (auto-deleted after 10 days)
  • Homework, questions, weekly Tarbya passport reflections he submits
  • An audit trail of when consent was given, the parent email addresses the confirmation link was sent to, and the IP address at the moment the link was clicked

Why we collect it

  • To run the weekly Tarbya programme
  • To send him login codes safely via your email
  • So the mentors can supervise the boys' interactions (safeguarding)
  • To prove we have your consent (required by UK GDPR)

Lawful basis (UK GDPR Article 6)

  • Parental consent — recorded when you click the confirmation link in the email we send when your son is added. We use this for the bulk of processing.
  • Legitimate interest (safeguarding) — mentors reading the chat to protect the boys.

How long we keep it

  • Chat messages: 10 days, then automatically deleted
  • All other member data: while your son is part of the programme; deleted within 30 days of him leaving or on your request
  • Login codes: 10 minutes (then expired and hashed in the DB)
  • Consent + IP audit trail: 2 years after consent is withdrawn
  • Unconfirmed registrations: deleted automatically after 48 hours if no parent confirms

Who sees it

  • The mentors and leaders running the Tarbya programme — they read the boys' chat messages, homework submissions, and questions to the Ustad to keep the boys safe and to support their learning.
  • Render Inc. hosts the data on servers in Frankfurt, Germany (EU/EEA — no third-country transfer).
  • Google (Gmail) sends our emails — Google is certified under the EU-US Data Privacy Framework.
  • Nobody else. We do not sell, share, or use the data for advertising.

Your rights as a parent

You can ask us, free of charge, to:

  • See all data we hold about your son
  • Correct anything wrong
  • Delete his account and all his data ("right to be forgotten")
  • Restrict our processing
  • Withdraw consent at any time — we'll delete his account within 30 days
  • Receive a copy of his data in a machine-readable format (right to portability)

Send any request to deen.team.09.2020@gmail.com. We will respond within 30 days as UK GDPR requires.

You also have the right to complain to the UK Information Commissioner's Office at ico.org.uk.

How we keep the data safe

  • All traffic between your browser and our servers is encrypted.
  • Login codes are stored only in hashed form — never in plain text.
  • Each person on the team only sees what they need to see.
  • Chat messages are automatically deleted after 10 days, so no long-term message history exists.
  • We apply standard, industry-recognised security practices to protect your child's data.

Cookies we use

We use only strictly necessary cookies — small temporary files needed to keep your child signed in after he enters his login code and to protect forms from cross-site attacks. These cookies are essential for the app to work and cannot be switched off.

We do not use marketing cookies, tracking pixels, or third-party analytics. Nothing about your child's activity is shared with advertisers.

Changes to this notice

If we make any meaningful change to this notice, we'll bump the version number above and email all parents at the address on file before the change takes effect.

Quick links: Terms of Use · Request my child's data / withdrawal