Privacy Policy
Last updated: March 16, 2026
This policy describes how Mujtahid Ufuq Educational Establishment collects, uses, stores, and protects personal data when you use the Mujtahid platform and its applications. We comply with the Saudi Personal Data Protection Law (PDPL) issued by Royal Decree No. (M/19) dated 9/2/1443 AH and its implementing regulations.
Policy Summary
- We do not sell your personal data or share it for marketing purposes without your consent
- We collect only the data necessary to provide our services and process it on clear legal bases
- We implement technical and organizational security measures to protect your data
- You have the right to access, correct, and delete your data in accordance with applicable law
- We comply with the Saudi Personal Data Protection Law (PDPL)
1. Who We Are
The Mujtahid platform is operated by Mujtahid Ufuq Educational Establishment ("the Establishment", "we", or "us"), a registered establishment in the Kingdom of Saudi Arabia headquartered in Riyadh. The Establishment acts as the data controller responsible for your personal data in accordance with the Personal Data Protection Law.
Contact Information:
- Email: support@mogtehad.com
- Phone: +966 53 377 2490
- Address: Riyadh, Kingdom of Saudi Arabia
2. Information We Collect
We collect personal data from three main sources, limited to what is necessary to provide and improve our services:
📝 Information You Provide
- Full name and mobile number
- Email address and login credentials
- Profile information such as specialization, qualifications, and experience
- Content you upload to the platform including documents, images, and files
- Messages and conversations with service providers
- Ratings and reviews you submit
- Inquiries and support requests
⚙️ Automatically Collected Information
- Internet Protocol (IP) address and approximate geographic location
- Device type, operating system, and browser used
- Pages visited, browsing duration, and usage patterns
- Search queries performed on the platform
- Cookies and similar technologies
- Session data and login records
🔗 Information from Third Parties
- Transaction data from our payment service provider (Moyasar)
- Authentication data when signing in via Google
- Identity verification data through the national Nafath service
Note on Advanced Services:
When you use services such as live sessions, assignment submissions, or the AI assistant, we may process additional data specific to that service, such as video streams during live sessions or files attached to assignments. This data is processed solely within the scope of the relevant service and is not used for other purposes.
3. Purposes of Data Processing
We process your personal data based on specific legal grounds and for legitimate purposes, including:
1 Service Delivery and Account Management
Creating and managing your account, verifying your identity, and enabling you to access the platform's various services such as courses, consultations, and task requests.
2 Personalization and Matching
Suggesting suitable tutors and courses based on your needs, and customizing displayed content according to your interests and preferences.
3 Payment and Financial Transactions
Processing payments and refunds through our authorized payment service provider, managing your wallet and subscriptions, and fulfilling our accounting and tax obligations.
4 Technical Support and Customer Service
Responding to your inquiries, handling complaints, resolving disputes, and monitoring the quality of services provided.
5 Security and Fraud Prevention
Protecting the platform and its users from suspicious and fraudulent activities, detecting unauthorized access attempts, and enforcing our usage policies.
6 Development and Service Improvement
Analyzing aggregated usage patterns to develop new features and improve platform performance. Anonymized data is used for analytical reporting.
7 Communications and Notifications
Sending service-related notifications such as order confirmations, account updates, and policy changes. Marketing messages are sent only with your prior consent, and you may withdraw that consent at any time.
5. Sharing Data with Third Parties
Important: The Establishment does not sell or trade your personal data under any circumstances.
We may share your data with third parties only in the following cases:
6. International Data Transfers
Your data is primarily stored and processed within the Kingdom of Saudi Arabia. In some cases, operating the platform may require transferring certain data to servers outside the Kingdom through our approved technical service providers.
When transferring data outside the Kingdom, we implement the following safeguards in accordance with the requirements of the Personal Data Protection Law:
- Ensuring an adequate level of protection exists in the receiving country or with the receiving entity
- Entering into contractual agreements that obligate the receiving party to protect the data
- Encrypting data during transfer and storage
- Restricting access to transferred data to the minimum necessary
7. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, or to meet our legal and contractual obligations. When retention is no longer required, we delete the data or convert it into anonymized data that cannot be linked to you.
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Active account data | Duration of account activity | Contract performance and service delivery |
| Financial transaction records | 7 years from transaction date | Tax and accounting obligations |
| Support records | 3 years | Dispute resolution and service improvement |
| Security and access logs | 1 year | Security and fraud prevention |
| Marketing data | Until consent is withdrawn | Consent |
You may request deletion of your personal data at any time by contacting us at support@mogtehad.com. We may retain certain data after a deletion request where required by law, such as financial transaction records.
8. Your Rights Under the Law
The Saudi Personal Data Protection Law grants you several rights regarding your personal data, and we are committed to enabling you to exercise them:
🔍 Right of Access
You have the right to request information about the personal data we hold about you and to obtain a copy of it.
✏️ Right to Rectification
You have the right to request correction of inaccurate data or completion of incomplete data.
🗑️ Right to Erasure
You have the right to request deletion of your personal data when the purpose of retention no longer exists, subject to legal exceptions.
⛔ Right to Restrict Processing
You have the right to request suspension or restriction of the processing of your data in specific cases provided by law.
🚫 Right to Object
You have the right to object to the processing of your data for direct marketing purposes at any time and without giving reasons.
📦 Right to Data Portability
You have the right to request your data in a structured, commonly used electronic format.
🔕 Right to Withdraw Consent
You have the right to withdraw your consent to the processing of your data at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
📢 Right to Lodge a Complaint
You have the right to file a complaint with the competent data protection authority if you believe your data has been processed in violation of the law.
To exercise any of these rights, please contact us at support@mogtehad.com. We will verify your identity before processing your request to protect your data, and we are committed to responding within the legally prescribed timeframe.
9. Security Measures
We implement a range of technical and organizational measures to protect your personal data from unauthorized access, loss, damage, or disclosure:
🔐 Encryption
All communications between your device and the platform are encrypted using TLS protocol. Sensitive data stored in databases is also encrypted.
🚪 Access Controls
We apply strict access controls that limit data access to authorized personnel only, to the extent necessary for performing their duties.
📝 Logging and Monitoring
We maintain logs of operations performed on personal data and monitor unusual activities.
💾 Backups
We perform regular encrypted backups of data to ensure recoverability in emergency situations.
👨💼 Staff Obligations
All personnel who handle personal data are bound by confidentiality agreements and undergo training on data protection practices.
🛡️ Security Testing
We conduct periodic security reviews of our systems and address discovered vulnerabilities promptly.
Notice: Despite our commitment to applying best security practices, no system can guarantee absolute security. In the event of a security breach affecting your data, we will notify you and the relevant authorities in accordance with legal requirements.
10. Children's Privacy
The platform's services are primarily intended for users aged 18 and above. We do not knowingly collect personal data from individuals under 18 years of age unless we have obtained consent from their parent or legal guardian.
Where a minor uses the platform with parental consent, the parent or guardian is responsible for supervising the minor's use of the service and monitoring the data they provide.
If we discover that we have collected personal data from a minor without valid parental consent:
- We will delete that data as soon as possible
- We will deactivate the associated account
- We will contact the parent or guardian where possible
If you are a parent and believe your child has created an account without your permission, please contact us immediately at support@mogtehad.com.
11. External Services and Integrations
The platform relies on a number of external service providers to operate specific parts of the service. Each provider has its own privacy policy governing its handling of data:
- Moyasar: For processing electronic payments
- Nafath: For national identity verification
- Google: For Google account sign-in
- Microsoft Azure: For cloud storage (Azure Blob Storage)
- Hostinger: For email services (SMTP)
The platform may contain links to external websites or services that we do not control. We recommend reviewing the privacy policies of any external service before providing your data to it, as we are not responsible for the privacy practices of third parties.
12. Policy Amendments
We reserve the right to amend this policy as needed to keep pace with changes in applicable laws and regulations, or developments in our services and technical practices. When material amendments are made, we will notify you through the following methods:
- Sending a notification to the email address registered in your account
- Displaying an alert within the platform or application
- Updating the "Last updated" date at the top of this page
Your continued use of the platform after the publication of amendments constitutes your acceptance of the amended policy. If you do not agree with the amendments, you may discontinue using the platform and request closure of your account and deletion of your data.
13. Contact Us
For any inquiries regarding this policy or our data protection practices, or to exercise your rights set out in this policy, you may contact us through:
📍 Address
Mujtahid Ufuq Educational Establishment
Riyadh, Kingdom of Saudi Arabia
We are committed to responding to all inquiries and requests related to personal data within the legally prescribed timeframe under the Personal Data Protection Law.
