Skip to main content
Legal

Privacy Policy

Your privacy matters to us. This policy explains how IQRA LMS collects, uses, and protects your personal information.

Last updated: April 5, 2026

1. Introduction

Welcome to IQRA LMS ("IQRA," "we," "us," or "our"). IQRA LMS is an AI-powered learning management system for STEM education. This Privacy Policy describes how we collect, use, disclose, and protect information that applies to our platform, accessible at iqralms.com, including any associated services, applications, and tools (collectively, the "Service").

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, username, password, and profile photo when you create an account.
Profile Information: Bio, phone number, professional title, expertise areas, education, LinkedIn URL, and learning preferences.
Instructor Information: Teaching experience, qualifications, sample course topics, and application details when applying to become an instructor.
Course Content: Any content you create, upload, or submit as an instructor, including course materials, videos, quizzes, and code exercises.
Communication Data: Messages, forum posts, discussion comments, and feedback you provide through the platform.
Payment Information: Billing details processed securely through Stripe. We do not store your full credit card numbers on our servers.

2.2 Information We Collect Automatically

Usage Data: Pages visited, courses viewed, lessons completed, time spent on platform, search queries, and feature interactions.
Learning Progress: Course enrollment data, quiz scores, assignment submissions, completion rates, streaks, and gamification points.
Code Execution Data: Code you submit for execution in our STEM labs and code runner. Code is processed temporarily and not permanently stored.
Device Information: Browser type, operating system, device type, screen resolution, and language preferences.
Log Data: IP address, access times, referring URLs, and server logs for security and debugging purposes.

2.3 Information from Third Parties

We may receive information about you from third-party services if you choose to link your account. This includes authentication data from Google or GitHub OAuth, and payment confirmations from Stripe.

3. How We Use Your Information

We use the information we collect for the following purposes:

Provide the Service

Deliver courses, track progress, execute code, generate certificates, and enable communication between students and instructors.

AI Personalization

Power our AI tutor (Gemini), generate personalized quizzes, provide adaptive learning recommendations, and grade assessments.

Account Management

Create and manage your account, process instructor applications, and handle role changes.

Communication

Send enrollment confirmations, course updates, certificate notifications, and respond to support requests.

Analytics & Improvement

Analyze usage patterns to improve the platform, fix bugs, develop new features, and optimize user experience.

Security

Detect, prevent, and address fraud, abuse, security risks, and technical issues. Maintain audit logs for accountability.

Payment Processing

Process course purchases, instructor payouts, refunds, and subscription management through Stripe.

Legal Compliance

Comply with applicable laws, regulations, and legal processes.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

With Other Users

Your public profile information (name, avatar, bio) is visible to other users. If you are an instructor, your professional profile, expertise areas, and course information are publicly visible. Forum posts, discussion comments, and reviews are visible to enrolled students.

With Service Providers

We share data with trusted third-party service providers who assist us in operating the platform:

Google (Gemini AI): Course content and student interactions are processed by Google's Gemini API for AI tutoring, quiz generation, and exam grading. Data is processed per Google's AI terms.
Stripe: Payment processing. Stripe handles all financial transactions securely under their own privacy policy.
Hosting Provider: Our servers are hosted on secure infrastructure. Server logs and database data reside on our hosting provider's systems.
Email Service: We use email services to send transactional emails (verification, password reset, enrollment confirmations).

For Legal Reasons

We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience:

Required

Essential Cookies

Required for authentication, session management, and security. These cannot be disabled.

Optional

Preference Cookies

Remember your language preference, theme (dark/light mode), and learning settings.

Optional

Analytics Cookies

Help us understand how users interact with the platform, which features are popular, and where improvements are needed.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

Account data: Retained until you delete your account.
Course progress & certificates: Retained indefinitely so you can always access your achievements.
Code execution data: Processed temporarily and deleted after execution. Not permanently stored.
Audit logs: Retained for 12 months for security purposes.
Payment records: Retained as required by financial regulations (typically 7 years).

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

7. Security

We take the security of your data seriously and implement industry-standard measures to protect it:

Passwords are hashed using bcrypt
All data transmitted via HTTPS/TLS encryption
JWT-based authentication with token expiration
Rate limiting to prevent brute-force attacks
Database access restricted with role-based permissions
Regular security audits and vulnerability assessments
Code execution sandboxed with resource limits
Audit logging for sensitive operations

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal data:

AccessRequest a copy of the personal data we hold about you.
CorrectionUpdate or correct inaccurate information in your profile settings.
DeletionRequest deletion of your account and associated personal data.
ExportDownload your data in a portable format (course progress, certificates, profile).
RestrictionRequest that we limit the processing of your data in certain circumstances.
ObjectionObject to the processing of your personal data for certain purposes.
Withdraw ConsentWithdraw consent at any time where we rely on consent for processing.

To exercise any of these rights, please contact us at privacy@iqralms.com. We will respond to your request within 30 days.

9. Children's Privacy

IQRA LMS is designed for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@iqralms.com, and we will take steps to delete such information.

For users between 13 and 18, we recommend parental guidance when using the platform, particularly for features involving communication with other users.

10. International Data Transfers

IQRA LMS operates globally and your information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

By using the Service, you consent to the transfer of your information to these countries. We take appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last Updated" date at the top of this policy
Notify you via email if the changes are significant
Display a prominent notice on the platform

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection

dpo@iqralms.com

General Support

support@iqralms.com

We will respond to all privacy-related inquiries within 30 days.