Privacy policy

Your privacy, in plain English

We keep this short and honest. If anything is unclear, email us and a person will explain it.

Last updated July 2026 · hello@ismsuk.com

01

Who we are

ISMS UK ("we", "us") provides software for mosques and madrasahs. This policy explains what personal information we handle, why, and the choices you have. For anything in it, contact us at hello@ismsuk.com.

02

Two roles: controller and processor

For our own website and for the accounts of the institutions that buy ISMS, we are the data controller.

For the records an institution enters into ISMS about its pupils, guardians and staff, the institution is the controller and we are the processor. We only act on that institution's instructions and do not use their records for our own purposes.

03

Information we collect

Account information: the name, email and role of the people who sign in on behalf of an institution.

Institution records: on behalf of an institution, the pupil, guardian and staff details, attendance, progress, fees and related notes they choose to store.

Usage information: basic technical data such as pages visited and device type, used to keep the service secure and working.

04

How we use it

To provide, secure and support the service.

To communicate with account holders about their subscription and important changes.

To meet our legal and tax obligations.

We do not sell personal information, and we do not use pupil or family records for advertising.

05

Lawful bases

We rely on contract (to provide the service you have signed up for), legitimate interests (to keep the service secure and to improve it), consent (for optional analytics cookies), and legal obligation (for example accounting records).

06

Sharing

We share information only with trusted providers that help us run the service, such as hosting, email delivery and payment processing, under contracts that require them to protect it. We may disclose information where the law requires it.

07

Cookies

We use essential cookies to make the site work and to keep sign-in secure. With your consent we use a small number of analytics cookies to understand how the site is used. You can accept or decline these when you first visit, and change your mind at any time by clearing the choice in your browser.

08

Keeping information

We keep account information for as long as an institution uses ISMS, and for a reasonable period afterwards to meet legal and accounting duties. Institution records are kept according to that institution's own instructions, and can be exported or deleted on request.

09

Security

Each institution's data is kept isolated at the database level, so one institution can never see another's records. Access is controlled, sign-in supports two-factor security, and we keep audit logs of sensitive actions.

10

International transfers

Where information is processed outside the UK, we make sure appropriate safeguards recognised under UK data protection law are in place.

11

Your rights

You have the right to access, correct, delete and object to the use of your personal information, and to complain to the Information Commissioner's Office (ICO). If your data was entered by an institution, please contact that institution first, and we will support them in responding.

12

Changes

We may update this policy from time to time. The date below shows when it was last changed.