Your privacy, in plain English
We keep this short and honest. If anything is unclear, email us and a person will explain it.
Last updated July 2026 · hello@ismsuk.com
Who we are
ISMS UK ("we", "us") provides software for mosques and madrasahs. This policy explains what personal information we handle, why, and the choices you have. For anything in it, contact us at hello@ismsuk.com.
Two roles: controller and processor
For our own website and for the accounts of the institutions that buy ISMS, we are the data controller.
For the records an institution enters into ISMS about its pupils, guardians and staff, the institution is the controller and we are the processor. We only act on that institution's instructions and do not use their records for our own purposes.
Information we collect
Account information: the name, email and role of the people who sign in on behalf of an institution.
Institution records: on behalf of an institution, the pupil, guardian and staff details, attendance, progress, fees and related notes they choose to store.
Usage information: basic technical data such as pages visited and device type, used to keep the service secure and working.
How we use it
To provide, secure and support the service.
To communicate with account holders about their subscription and important changes.
To meet our legal and tax obligations.
We do not sell personal information, and we do not use pupil or family records for advertising.
Lawful bases
We rely on contract (to provide the service you have signed up for), legitimate interests (to keep the service secure and to improve it), consent (for optional analytics cookies), and legal obligation (for example accounting records).
Sharing
We share information only with trusted providers that help us run the service, such as hosting, email delivery and payment processing, under contracts that require them to protect it. We may disclose information where the law requires it.
Cookies
We use essential cookies to make the site work and to keep sign-in secure. With your consent we use a small number of analytics cookies to understand how the site is used. You can accept or decline these when you first visit, and change your mind at any time by clearing the choice in your browser.
Keeping information
We keep account information for as long as an institution uses ISMS, and for a reasonable period afterwards to meet legal and accounting duties. Institution records are kept according to that institution's own instructions, and can be exported or deleted on request.
Security
Each institution's data is kept isolated at the database level, so one institution can never see another's records. Access is controlled, sign-in supports two-factor security, and we keep audit logs of sensitive actions.
International transfers
Where information is processed outside the UK, we make sure appropriate safeguards recognised under UK data protection law are in place.
Your rights
You have the right to access, correct, delete and object to the use of your personal information, and to complain to the Information Commissioner's Office (ICO). If your data was entered by an institution, please contact that institution first, and we will support them in responding.
Changes
We may update this policy from time to time. The date below shows when it was last changed.