KSA Schools

Privacy Policy

Last updated: May 8, 2026

This policy explains how KSA Schools (operated by Aspire Tech Establishment) collects, uses, shares, and protects your personal data when you use ksaschools.com.

Who we are

ksaschools.com is a product of Aspire Tech Establishment, a sole proprietorship registered in the Kingdom of Saudi Arabia. Aspire Tech Establishment is the data controller for the personal information processed through this site.

Information we collect

1. When you create an account

  • Your name, email address, and a hashed password (bcrypt).
  • If you sign in with Google or Facebook: the provider-supplied user ID, name, email address, and profile picture (if available). We request only the basic identity scopes needed to authenticate you.
  • Your preferred language for outbound emails (English or Arabic).

2. When you submit a review

  • Rating, written comment, and any optional fields you supply (grade level, years attended, reviewer type).
  • The account ID you submitted under, so we can manage your reviews on request.

3. Automatically when you visit

  • IP address — used for abuse prevention and rate limiting. Stored transiently in our rate-limiter (up to 30 days) and not joined with your account profile.
  • Session cookies (NextAuth JWT) to keep you signed in. We do not use advertising or cross-site tracking cookies.
  • Aggregate usage metrics via Plausible Analytics — cookieless and without cross-site tracking.

How we use your data

  • Operate your account (sign-in, password recovery, displaying your reviews).
  • Send transactional emails (verification, password reset, admin approval notices). We do not send marketing email.
  • Detect and prevent fraud or abuse (e.g., fake reviews, repeated failed logins).
  • Improve the platform from aggregate, non-identifying usage analytics.

We do not sell your data and we do not use it for third-party marketing.

Third-party services we use

  • Google Cloud Run (me-central2 Dammam region) — application hosting.
  • Neon (PostgreSQL) — primary database for accounts and reviews.
  • SendGrid — transactional email delivery.
  • Upstash Redis — short-lived rate-limiter counters.
  • Algolia — index of school data only; no user-personal information is sent to Algolia.
  • Plausible Analytics — cookieless, aggregate usage metrics.
  • Google Sign-In and Facebook Login — only when you choose to sign in via one of these providers. The provider's own privacy policy governs the data they retain about you on their platform.

Data retention

  • Account information: kept while your account is active.
  • Published reviews: remain visible until you delete them or close your account.
  • On account deletion: personal data is removed within 30 days. We may retain de-identified aggregate records (e.g., review counts for a school) after we strip your account linkage.
  • Security logs (rate-limit IP buckets): up to 30 days.

Your rights

Under Saudi Arabia's Personal Data Protection Law (PDPL), you have the right to:

  • Access the personal data we hold about you.
  • Correct any inaccurate data (you can update your name from /account).
  • Delete your account and associated personal data — see our data deletion page.
  • Withdraw consent to data processing at any time.
  • Lodge a complaint with the Saudi Data & AI Authority (SDAIA).

Data security

All traffic uses HTTPS. Passwords are hashed with bcrypt at cost factor 12. We apply strict security headers (CSP, HSTS, X-Frame- Options), and rate-limit sensitive endpoints (login, registration, password reset) to mitigate brute-force and abuse.

Children

The site is intended for parents and adults. We do not knowingly collect personal data from children under 13. If you believe a child has submitted personal data, please contact us so we can remove it.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email or by an in-product notice. The "last updated" date at the top of this page reflects the most recent revision.

Contact us

For privacy questions or to exercise any of your rights: support@ksaschools.com