This policy explains what personal information ElifLammeem collects when you visit our marketing website, contact us, create an admin account, or use the ElifLammeem platform as a school administrator.
If you are a parent or teacher using a school's portal powered by ElifLammeem, a different policy applies — published at /privacy on your school's subdomain. Under that policy, your school is the data controller and ElifLammeem is the data processor acting on the school's behalf.
1. Who we are
ElifLammeem is operated by Sharjeel Zubair as a sole proprietor, pending incorporation of a company in Pakistan and the Kingdom of Saudi Arabia. Upon incorporation, this policy and all commitments made under it will transfer automatically to the incorporated entity.
Privacy contact: szubair01@gmail.com
2. What we collect
a) Marketing leads & contact enquiries
When you fill in the contact form, book a demo, or email us directly, we collect your name, email, phone number (if provided), school name, and the content of your message.
b) Admin / staff accounts
When a school creates a staff account on the platform, we store name, email, phone, role (admin / branch manager / staff), assigned branch(es) and categories, a hashed password, and timestamps of logins and activity. We never see plaintext passwords.
c) Tenant (school) administrative data
For each school tenant we hold a school name, address, contact details, uploaded logo, brand colour, plan details, billing status, and a list of authorised domains.
d) Technical data
When you use our website or the admin panel, we collect: IP address, browser type and version, pages visited, time of visit, referrer URL, and error-tracking data. We use a minimal set of cookies — one session cookie and one CSRF-protection cookie. We do not use advertising or third-party tracking cookies on the marketing site.
e) Payment information
If you subscribe to a paid plan, billing information (card or bank details) is handled entirely by our payment processor — we never store your full card number. We store only the last four digits, the card brand, and the subscription status.
3. Why we use your information
- To respond to your enquiry or demo request.
- To provide and maintain your admin account, authenticate you, and secure the platform.
- To send service emails — password resets, security alerts, plan changes, scheduled maintenance.
- To send occasional product updates — with an unsubscribe link in every message.
- To bill you for a paid subscription.
- To detect and prevent abuse, fraud, and security incidents.
- To comply with legal obligations (tax, law-enforcement requests where legally required).
4. Lawful basis
- Performance of contract — for everything needed to deliver the service you signed up for.
- Legitimate interests — for security logging, fraud prevention, and occasional product updates, where our interests are not overridden by your rights.
- Consent — for optional marketing beyond service announcements (you can withdraw at any time).
- Legal obligation — for tax records, law-enforcement requests, and regulatory reporting.
5. How long we keep it
- Marketing leads — 2 years from the last meaningful interaction. Unsubscribed contacts are retained only as a suppression record.
- Admin accounts — for the life of the school's subscription, plus 2 years after cancellation for audit and re-activation.
- Billing records — 7 years (tax-law requirement).
- Server logs / technical data — 90 days, then deleted or anonymised.
- Support tickets & emails — 2 years from resolution.
6. Who we share with
We share your information only with the service providers we need to run the platform. Each is contractually bound to use the data only for our purposes.
| Provider | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Hosting & storage | United States (planned: Bahrain for KSA) |
| Mailtrap | Transactional email delivery | EU |
| Twilio | SMS and WhatsApp delivery | US / regional carriers |
| Messagat | SMS delivery in KSA | Kingdom of Saudi Arabia |
| OpenAI | AI analysis (issue text only; no personal identifiers sent) | United States |
| Anthropic | AI analysis (alternative provider) | United States |
We will not sell your personal information. We do not share marketing data with third parties for their own advertising.
Cross-border transfers: Primary hosting is in the United States. For customers in the Kingdom of Saudi Arabia, Pakistan, or the EU, we rely on contractual safeguards (Standard Contractual Clauses where applicable) with each sub-processor. Data from schools in KSA is scheduled for migration to the AWS Middle East (Bahrain) region.
7. How we protect your data
- All network traffic is encrypted in transit using TLS.
- Databases and file storage are encrypted at rest.
- Admin passwords are hashed using industry-standard algorithms (never stored in plaintext).
- Two-factor authentication is available on admin accounts.
- Each school's data is isolated from every other school's.
- Access to production data by ElifLammeem personnel is logged and limited to investigation of reported incidents.
8. Your rights
Depending on where you are located, you have the following rights over your personal information:
- Access — request a copy of the data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your data (subject to legal record-keeping obligations).
- Restriction — ask us to pause processing while you contest accuracy.
- Portability — receive your data in a machine-readable format.
- Object — object to processing based on legitimate interests.
- Withdraw consent — for processing based on consent, at any time.
- Lodge a complaint — with your national data-protection authority (e.g. SDAIA in Saudi Arabia, Pakistan's National Commission for Personal Data Protection once constituted).
To exercise any of these rights, email szubair01@gmail.com. We respond within 30 days.
9. Children
ElifLammeem is a business-to-business product aimed at school administrators. The marketing site and admin panel are not directed at children, and we do not knowingly collect data from children through them. Parent/teacher data on tenant portals is governed by the tenant school's privacy policy.
10. Changes to this policy
We may update this policy as the service, sub-processors, or applicable law change. Material changes will be announced on this page and, where you have an admin account, by email, at least 30 days before taking effect. The date at the top of this page is the current version.
11. Contact
Questions, requests, or complaints: szubair01@gmail.com