Privacy Policy

01About Us

Farid Academy, referred to in this policy as "Farid" or "we", is an educational and training platform specialising in developing children's and youth personality, and supporting their life, social, and emotional skills through live one-on-one online sessions and educational programs aimed at children aged 3 to 18, as well as parents, schools, and institutions. This policy explains how we collect, use, store, share, and protect the personal data of parents and children — whether through the website, the platform, sessions, communications with our team, or subscription to any of our services.

02Scope of This Policy

• Parents or legal representatives who create accounts or subscribe to Farid's services.
• Children and youth who benefit from sessions, programs, or assessments.
• Users of the website, digital platform, applications, or tools associated with Farid.
• Schools, institutions, and partners receiving Farid's services on behalf of students or beneficiaries.
• Any person contacting us via phone, email, WhatsApp, registration forms, or marketing campaigns.

03General Data-Processing Principles

• Lawfulness and transparency: we do not collect or process data except for clear, lawful, and stated purposes.
• Purpose limitation: we use data for the purposes set out in this policy or those the parent consents to.
• Data minimisation: we collect only what is needed to deliver the service, improve it, measure its impact, or comply with the law.
• Accuracy: we strive to keep data accurate and up to date to the extent possible.
• Storage limitation: we do not keep data longer than necessary, except where there is a legitimate legal or operational justification.
• Security and confidentiality: we apply appropriate technical and organisational measures to protect data from unauthorised access, loss, or misuse.
• Accountability: we maintain internal records and controls sufficient to demonstrate compliance with this policy and applicable laws.

04Data We Collect

We may collect the following categories of data depending on your use of the service:

• Parent or adult-user data: full name, phone and/or WhatsApp number, email, country and city, account data and language/communication preferences, customer-service correspondence, complaints and requests.
• Child or beneficiary data: child's name or in-platform handle, age or date of birth, gender where needed for experience personalisation, country/city, age or educational stage, child's interests, challenges or goals as set by the parent, assessment results and skill-measurement tool outputs, session reports and trainer notes, attendance, engagement, progress and achievements.
• Assessment and impact-measurement data: pre- and post-assessment responses, indicators of social, emotional, and behavioural skills, parent and trainer observations, attendance and engagement levels, indicators of improvement in specific skills or behaviours, satisfaction surveys.
• Session and recording data: date and time of session, trainer name, attendance/absence/rescheduling status, session report and outputs, audio-video recording of the session when recording is enabled or consented to, or when the session is part of a program whose nature requires recording for quality, safety, and documentation.
• Booking and payment data: package or service type, subscription value and payment date, payment method, transaction reference number, last four digits of the payment card where available from the payment provider. We do not retain full card numbers or CVVs; payments are processed through licensed or certified providers.
• Technical and usage data: IP address, device, browser and OS type, pages visited and usage duration, login/logout and error logs, cookies and similar technologies, approximate location data (country/city) for security and analytics.

05Purposes for Which We Use Data

• Service delivery and contractual obligations: account creation and management, session booking and scheduling, delivery of individual or group sessions or programs, operational reminders, reports and notifications, parent communication, invoicing and payment processing.
• Personalising the child's experience: suggesting paths or workshops suited to the child's age and needs, adapting activities and exercises to the child's level, tracking progress and recommending next steps, improving learning and engagement.
• Quality, review, and internal training: reviewing trainer performance, training trainers and improving their performance, verifying adherence to Farid's methodology and policies, handling complaints or disputes, protecting the child, trainer, and team from abuse or false allegations, improving safety standards.
• Impact measurement and methodological research: measuring the impact of programs on children's skills and behaviours, preparing internal reports on quality and effectiveness, developing content and methodology, improving assessment and recommendation tools, building aggregated performance indicators, preparing studies, presentations, or impact reports that do not identify the child or parent except with explicit consent.
• Analytics and product development: improving the site and platform, developing features and services, measuring performance of campaigns not directed at children, understanding the needs of families and schools, improving user experience and reducing technical errors.
• Security and legal compliance: preventing fraud or unlawful use, protecting platform and account security, complying with legal, tax, and accounting requirements, responding to lawful requests from competent authorities, protecting the rights of Farid, users, children, or partners.
• Marketing and non-operational communications: we do not use children's data for advertising, retargeting, or direct marketing. We may use parent data for marketing communications about Farid's services or content with appropriate consent or legal basis, and provide an easy way to unsubscribe at any time.

06Legal Basis for Processing

We process data on one or more of the following legal bases, depending on the case:

• Contract performance: where processing is necessary to deliver the service you subscribed to or requested.
• Explicit consent: especially for sensitive child data, session recordings, and certain types of marketing or specified sharing.
• Legitimate interest: such as service improvement, quality assurance, security, fraud prevention, performance measurement, and product development — provided this interest does not override the rights and freedoms of the child or parent.
• Legal obligation: such as retaining invoices and accounting/tax records or responding to competent authorities.
• Vital interests: in exceptional cases related to a child's safety or a serious risk.
• In all cases, processing of children's data depends on the parent's or legal representative's consent, and on the additional safeguards established for sensitive data and children's data.

07Children's Privacy

We give children's data special care and treat it as sensitive data warranting a higher level of protection.

• A child cannot create an independent account without a parent or legal representative.
• Account creation, subscription management, and consent to processing are handled by the parent or legally authorised party.
• We do not sell or rent children's data and do not use it in targeted advertising or retargeting.
• We do not share children's data with commercial or research partners in identifiable form except with explicit specific consent from the parent or based on a legal obligation.
• We use children's data internally to deliver the service, improve quality, measure impact, and develop methodology, subject to protection, minimisation, and restriction controls.
• The parent may exercise legally-prescribed rights on behalf of the child, including access, rectification, deletion, and objection, within the legal and operational limits set out in this policy.

08Session Recording and Review

Some sessions may be recorded with audio and video or audio only, depending on the nature of the service, account settings, or parental consent, for the following purposes:

• Allowing the parent to review the session when needed.
• Ensuring service quality and reviewing trainer performance.
• Training trainers and improving the methodology.
• Verifying complaints or disputes.
• Protecting the safety of the child, trainer, and team.
• Documenting session outputs when operationally needed.
• Recordings are subject to limited access controls; only authorised persons within Farid or service providers necessary for operations may view them, and only to the extent required.
• A parent may request to stop a recording or delete a specific recording, and we will examine and act on the request unless retention is legally required, needed to protect safety, to investigate a complaint or dispute, or to fulfil existing contractual obligations.

09Use of Data for Quality and Impact Measurement

The parent acknowledges that the nature of Farid's services depends on follow-up, evaluation, and measurement of improvement over time, and that the use of data related to assessments, sessions, reports, and observations is an essential part of delivering and improving the service. Accordingly, Farid may use this data internally to:

• Analyse the quality of programs and sessions.
• Measure the impact of workshops and educational/behavioural paths.
• Compare results before and after subscription.
• Develop more accurate evaluation models.
• Improve trainer training.
• Prepare internal dashboards or aggregated performance reports.
• Develop new services and products aligned with Farid's mission.
• When data is used in external reports, presentations, studies, or marketing/corporate materials, Farid commits not to disclose the identity of the child or parent except with explicit, written or verifiable electronic consent.

10Aggregated, Anonymised, and Pseudonymised Data

Farid may convert some data into aggregated, anonymised, or pseudonymised form for analytics, impact measurement, development, and internal research.

• Aggregated data: data presented at group or segment level that does not identify a specific individual.
• Anonymised data: data processed so that it cannot reasonably be linked to a specific person.
• Pseudonymised data: data with direct identifiers removed, but possibly still linkable when keys or additional information exist — therefore treated as personal data and subject to appropriate protection.
• Farid reserves the right to use aggregated or anonymised data in internal and external reports, corporate presentations, impact studies, and service improvement, provided that third parties cannot identify the child or parent.

11Sharing Data with Other Parties

Farid does not sell or rent personal data to any third party. We may share specific data with other parties in the following cases:

• Operational service providers: we may share data, only to the extent necessary, with service providers who help us operate the platform — such as cloud hosting and databases, video and virtual-meeting services, email and messaging delivery services, payment providers, technical analytics tools, and technical-support and security services. Providers are required to process data on Farid's instructions and under appropriate contractual arrangements for data protection and confidentiality where required.
• Contracted schools and institutions: if the service is provided through a school or institution, we may share reports, performance indicators, attendance data, or progress data with the contracting entity, within the educational, operational, or contractual purpose, and without prejudice to the rights of the child and parent.
• Legal requirements and rights protection: we may share data with competent authorities, advisors, courts, or regulators where there is a legal obligation, or to protect Farid's rights, the child's safety, prevent fraud, or enforce the Terms of Service.
• Restructuring or investment: in the event of a merger, acquisition, restructuring, investor entry, or transfer of certain assets or services, some data may be reviewed or transferred as part of due-diligence or business-transfer procedures, subject to appropriate confidentiality and data-protection measures, and with user notification where appropriate.

12Cross-Border Data Transfers

Given the nature of digital services, some data may be hosted or processed on servers or systems outside the Arab Republic of Egypt — within the European Union, the United States, or other countries where our service providers operate. When data is transferred or made available outside Egypt, Farid seeks to apply appropriate legal and technical safeguards, which may include:

• Data processing agreements.
• Confidentiality and security commitments.
• Appropriate contractual clauses for data transfer.
• Assessment of the service provider's protection level.
• Obtaining the necessary approvals or permits where legally required.

13Data Protection and Information Security

We apply appropriate technical and organisational measures to protect data, which may include:

• Encryption of data in transit and at rest where appropriate.
• Restriction of data access on a need-to-know basis.
• Strong passwords and multi-factor authentication for sensitive systems.
• Access logs and review of important activities.
• Backups and recovery procedures when needed.
• Periodic security reviews proportionate to capabilities and risk.
• Training staff on confidentiality and protection of children's data.
• Although we take appropriate measures to protect data, no digital system can be guaranteed 100% secure, and the user acknowledges that internet use entails ordinary security risks.

14Data Retention Periods

We retain data for the period necessary to achieve the purposes for which it was collected, or to meet our legal, contractual, and operational obligations.

• Account and contact data: for the duration of the account and an appropriate period after the last interaction for support, records, and potential disputes.
• Assessment and report data: for the duration of service delivery and a period necessary to measure progress and impact, unless the parent requests deletion and deletion is legally and operationally possible.
• Session recordings: for a specific duration set by service configuration or operational purpose, which may be extended in the event of a complaint, dispute, legal requirement, or need to protect safety.
• Payment and invoice data: for the period required by applicable tax and accounting laws.
• Technical analytics data: for an appropriate period for security, improvement, and performance-measurement purposes.
• Aggregated or anonymised data: may be retained and used for longer periods as long as it does not identify a specific individual.
• At the end of the retention period, we delete, anonymise, or securely archive the data, depending on its nature and legal obligations.

15Rights of Parent and User

Under applicable laws and to the extent legally prescribed, the parent or user has the right to:

• Request access to personal data about themselves or their child.
• Request rectification of inaccurate or incomplete data.
• Request deletion of data, unless retention is legally or contractually required or needed to protect rights, safety, or transaction records.
• Request restriction of processing in certain cases.
• Object to certain types of processing based on legitimate interest.
• Withdraw consent where processing depends on consent, without affecting the lawfulness of prior processing.
• Request a portable copy of certain data where technically and legally possible.
• We may need to verify the requester's identity before fulfilling any data-related request, to protect the privacy of the user and child.

16How to Exercise Your Rights

Privacy requests can be sent to [email protected]. Please use the email registered with us, clearly state the type of request, and provide any information that helps us verify identity and process the request. We strive to respond within a reasonable time and in line with applicable legal periods. We may need additional time if the request is complex or requires further verification, and we will notify you when needed. We may refuse or restrict execution of unreasonable, repetitively excessive requests, or those conflicting with legal obligations or others' rights, with appropriate reasoning for the refusal or restriction.

17Cookies and Tracking Technologies

We use cookies and similar technologies for purposes such as:

• Operating the site and platform and login.
• Saving language preferences and settings.
• Improving performance and user experience.
• Statistical analytics and usage measurement.
• Security and prevention of abuse.
• We do not use cookies to direct ads at children or to build marketing profiles about them.
• Users can control cookies through browser settings, noting that disabling some essential cookies may affect the operation of the site or platform.

18Operational and Marketing Communications

We may send the parent necessary operational messages such as booking confirmations, session reminders, progress reports, account updates, or important service-related notices. We may also send marketing messages or content about Farid's services or offers, in accordance with appropriate consents or legal bases, with a way to unsubscribe from marketing messages. Unsubscribing from marketing messages does not stop operational messages necessary to deliver the service.

19Parent Responsibilities

The parent undertakes the following:

• Provide accurate and up-to-date data.
• Hold the legal capacity to subscribe on the child's behalf.
• Inform Farid of any material change in contact data or the child's status relevant to the service.
• Appropriately oversee the child's use of the service.
• Not share login credentials with unauthorised persons.
• Notify us immediately if any unauthorised use of the account is suspected.

20Use of Images, Stories, or Testimonials

Farid does not use a child's image, full name, personal story, testimonial, or any identifying content in marketing, media, or public-facing materials except after obtaining the parent's explicit and specific consent. Farid may use results, indicators, or impact stories in anonymised or aggregated form that does not identify the child or parent.

21Updates to This Privacy Policy

We may update this policy from time to time to reflect legal, technical, or operational changes, or the evolution of Farid's services. For substantive changes, we will make an appropriate effort to notify users via email, the platform, or another suitable means before or at the time the update takes effect, depending on the nature of the change and legal requirements. Continued use of the service after an update means review and acceptance of the updated version, unless applicable laws require separate consent for a specific type of processing.