1. Introduction & Scope

This Policy applies to personal data we process when:

• you register for an Edurealm ID account and verify your email address;
• you sign in, or use Edurealm ID to sign in to an Edurealm service;
• you manage your account, communication preferences, or security settings; or
• you contact us in connection with Edurealm ID.

This Policy does not cover the personal data that an individual Edurealm service processes once you have signed in to it; each such service provides its own privacy notice. It also does not cover other Edurealm products that do not use Edurealm ID.

2. Who We Are

Edurealm is the legal entity behind Edurealm ID. We are organized under the laws of the Arab Republic of Egypt and have our registered office at 71 Mostafa ElNahas, Nasr City, Cairo, Egypt.

For questions about this Policy, to exercise your rights, or to submit any privacy-related request, please contact us through our website contact form: https://edurealm.net/contact/. We do not publish direct inboxes on this page to limit automated abuse; the contact form routes your message to our privacy team.

3. Definitions

• Personal Data, any information relating to an identified or identifiable natural person, as defined under the PDPL and the GDPR.
• Processing, any operation performed on personal data, including collection, recording, storage, use, disclosure, transmission, restriction, erasure, or destruction.
• Controller, the natural or legal person who determines the purposes and means of processing personal data.
• Processor, the natural or legal person who processes personal data on behalf of a Controller.
• Data Subject, the identified or identifiable natural person to whom the personal data relates.
• Sub-Processor, any third party we engage to process personal data on our behalf as part of providing Edurealm ID.
• Edurealm Service, the Company's own application, product, or service that accepts Edurealm ID as a means of sign-in.
• User / you, the natural person who registers for or uses an Edurealm ID account.

4. Our Role: Controller

Because you register for Edurealm ID directly with us, Edurealm is the Controller of the personal data processed to create and operate your Edurealm ID account, to verify your email, to authenticate you, to keep the Service secure, and to communicate with you. We determine the purposes and means of that processing, and this Policy explains them.

When you use Edurealm ID to sign in to an Edurealm service, that service processes your personal data for its own purposes under its own privacy notice. Where that service is provided to you through an organization (for example, a school), the organization may act as Controller for the data processed within that service. This Policy concerns only the Edurealm ID account and sign-on service.

5. Personal Data We Process

We process the limited set of personal data needed to run an identity service:

• Registration and identity data: the email address you register, your email-verification status, and any basic profile information you choose to provide (such as a display name or preferred language).
• Account and authentication data: your unique account identifier, a securely hashed password, one-time codes and multi-factor authentication tokens, password-reset and verification tokens, sign-in timestamps, and session identifiers.
• Security and device data: IP address, browser and device information (user agent), approximate location derived from IP, and security and anti-abuse signals used to detect fraudulent or automated registrations and sign-ins.
• Communication preferences: your opt-in and opt-out choices for optional and marketing communications, and a record of consents (including parental or guardian consent for a minor).
• Sign-on records: a record of which Edurealm services you have signed in to using Edurealm ID, and the identity attributes released to them (Section 11).
• Support data: information you provide when you contact us about Edurealm ID.
• Technical and usage data: server logs, error reports, and diagnostic information generated when you use the Service.

We do not require, and you should not provide, sensitive personal data (such as health, religious, or biometric data) to create an Edurealm ID account.

6. Sources of Personal Data

We obtain personal data:

• Directly from you, when you register, verify your email, set or reset your password, configure your account, or contact us;
• Automatically from your device, when you access the Service (technical logs, IP address, device information, security signals); and
• From a Parent or Guardian, school, or educator, where they register or consent on behalf of a minor.

7. How We Use Personal Data

We process personal data for the following purposes:

• Creating and operating your account, including verifying your email address and maintaining your account over its lifetime.
• Authentication and single sign-on, to identify you and let you sign in to Edurealm services through OpenID Connect.
• Security, anti-abuse, and integrity, including detecting and preventing fraudulent or automated registrations, unauthorized access, and other misuse, and automatically deleting Unverified Accounts (Section 9).
• Service communications, including email-verification, security, sign-in, account, and policy-update messages.
• Optional and marketing communications, where permitted, to send you news and updates about Edurealm and its services, subject to your choices (Section 12).
• Service improvement, using aggregated and de-identified data that does not identify any individual, to evaluate and improve Edurealm ID.
• Compliance with legal obligations, including responding to lawful requests from competent authorities and meeting our obligations under the PDPL and the GDPR.

We do not sell your personal data, we do not share it with other companies for their own marketing, and we do not use it to build advertising profiles.

8. Legal Bases (PDPL & GDPR)

We process personal data only where we have a valid legal basis to do so.

8.1 Performance of a contract. We process your registration, account, authentication, and sign-on data because it is necessary to provide the Edurealm ID service you have requested under the Terms of Service.

8.2 Consent. We rely on consent for optional and marketing communications, and, in the case of a minor, on the consent of a Parent or Guardian (or a school or educator with lawful authority). You may withdraw consent at any time, without affecting processing carried out before withdrawal.

8.3 Legitimate interests. We rely on our legitimate interests in keeping the Service secure, preventing abuse and fraud, and operating and improving the Service, where those interests are not overridden by your rights and freedoms. Under the GDPR these correspond to Art. 6(1)(b) (contract), Art. 6(1)(a) (consent), Art. 6(1)(c) (legal obligation), and Art. 6(1)(f) (legitimate interests); under the PDPL we rely on the corresponding bases of consent, contract, legal obligation, and legitimate interests.

9. Email Verification & Account Deletion

Why we verify email. We verify the email address you register to confirm that you control it, to secure your account, and to reduce abuse and fraudulent registrations.

Automatic deletion of Unverified Accounts. As described in the Terms of Service, if you do not verify your email within seven (7) days of registration, your account and the personal data associated with it may be automatically and permanently deleted. This is a data-minimization measure: it ensures we do not retain personal data for accounts that were never confirmed.

Deletion on request and on closure. You may ask us to delete your account at any time. When an account is deleted (by you, by us, or automatically), we delete or de-identify the associated personal data within a reasonable period, subject to the retention rules and legal holds described in Section 16.

10. Children & Minors

Edurealm ID may be used by minors aged 13 and over, including in school settings. This section explains how we handle minors' personal data.

10.1 Minimum age. Edurealm ID is not intended for children under 13. If we learn that we have collected personal data from a child under 13 without appropriate authority, we will delete it and may delete the associated account.

10.2 Parental, guardian, or school consent. Where a User is a minor (13 to 17), registration and use require the consent of a Parent or Guardian, or of a school or educator with lawful authority, who accepts the Terms on the minor's behalf and consents to the processing described in this Policy. We keep a record of the consent relied upon.

10.3 No marketing to minors. We do not direct marketing communications to Users we know to be under 18. Minors receive only the service messages necessary to operate the account.

10.4 Minimal data. We process only the limited data needed to operate an identity account for a minor, and we do not build profiles of minors or use their data for our own commercial purposes beyond providing and securing the Service.

10.5 Age of digital consent. Where applicable local law sets a minimum age at which a child may provide their own digital consent, we honor that threshold and rely on parental or guardian consent below it.

10.6 Parental and guardian requests. A Parent or Guardian may contact us to access, correct, or delete the personal data of a minor in their care, as described in Section 20.

11. Single Sign-On & Edurealm Services

When you use Edurealm ID to sign in to an Edurealm service, we release a limited set of identity attributes ("claims") to that service so that it can authenticate and identify you. These typically include your unique account identifier, your email address, your email-verification status, and, where you have provided them, basic profile attributes such as your display name.

Edurealm ID is currently used only to sign in to Edurealm's own services. We do not release your identity attributes to third-party or external applications operated by anyone other than Edurealm, and we do not sell or share them with other companies. The Edurealm service you sign in to processes the attributes it receives under its own privacy notice.

12. Marketing & Your Choices

We may use the email address associated with your account to send you optional communications about Edurealm and its services, such as news, updates, and tips. These are separate from the service messages described in Section 7.

Your choices. You can opt out of optional and marketing communications at any time by using the unsubscribe link in the message or through your account settings, where available. We honor opt-outs promptly. Withdrawing consent does not affect service messages, which are necessary to operate your account.

No selling or sharing. We do not sell your email address or other personal data, and we do not share it with other companies for their own marketing. Marketing related to Edurealm ID comes only from Edurealm.

13. Sharing & Disclosure

We do not sell personal data and we do not share it for cross-context behavioral advertising. We share personal data only as follows:

• With Edurealm services you sign in to: the identity attributes described in Section 11, at your direction when you choose to sign in.
• With our Sub-Processors: as described in Section 14.
• With professional advisors: our auditors, lawyers, accountants, and insurers, under confidentiality obligations, where necessary for our legitimate business operations.
• To comply with law: where we are required to disclose personal data by a court order, regulator, or other competent authority with valid jurisdiction. We assess each request, push back where it is overly broad or invalid, and inform you where we are legally permitted to do so.
• In a corporate transaction: in connection with a merger, acquisition, financing, reorganization, or sale of all or substantially all of our assets, in which case continuing protections will be required of any successor.
• With your consent: where you have otherwise directed or consented to a specific disclosure.

14. Sub-Processors

We engage a limited number of third-party service providers to help us operate Edurealm ID. These Sub-Processors act only on our instructions, under written contracts that impose data-protection obligations consistent with this Policy.

14.1 Categories. The categories of Sub-Processors we may use include:

• Cloud hosting and infrastructure providers, for the compute, storage, and database services that host Edurealm ID;
• Email and transactional-message providers, for sending verification, security, account, and (where applicable) optional communications;
• SMS and multi-factor authentication providers, where you use these security features;
• Security and anti-abuse providers, such as bot-detection, intrusion-detection, and fraud-prevention services;
• Error-monitoring and observability providers, for diagnosing crashes and performance issues.

14.2 Up-to-date list. You may request the current list of categories or named Sub-Processors at any time through the contact form.

15. International Data Transfers

15.1 Hosting. Where it is necessary to transfer personal data outside Egypt or outside the European Economic Area (EEA), we do so only with appropriate safeguards in place.

15.2 Safeguards. For transfers from the EEA to a country without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses or another lawful transfer mechanism recognized under the GDPR, together with supplementary measures where appropriate. For transfers of the personal data of Egyptian data subjects abroad, we rely on the conditions set out in the PDPL and the decisions of the Egyptian Personal Data Protection Center.

15.3 Information. A summary of the safeguards we rely on for international transfers is available on request through the contact form.

16. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy.

16.1 Unverified Accounts. Accounts whose email is not verified within seven (7) days are deleted as described in Section 9.

16.2 Active accounts. We retain your account data for as long as your account remains active.

16.3 After deletion or closure. When your account is deleted or closed, we delete or de-identify the associated personal data within a reasonable period, except where we are required or permitted to retain certain data (for example, security logs or records needed to comply with a legal obligation or to defend legal claims).

16.4 Logs and backups. Technical and security logs are retained for the period necessary to investigate incidents and meet legal obligations, then deleted or anonymized. Routine backups are retained for a limited period and then overwritten.

17. Security

We maintain technical and organizational measures designed to protect personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. As an identity service, security is central to what we do. These measures include, as appropriate:

• encryption of data in transit (TLS) and at rest where technically appropriate;
• storing passwords only in a securely hashed and salted form;
• support for multi-factor authentication;
• strong authentication and least-privilege access for Edurealm personnel;
• monitoring, intrusion detection, and anti-abuse controls;
• secure software-development practices and periodic security reviews;
• incident-response procedures and a personal-data-breach process (Section 21).

No system can be guaranteed to be entirely secure. You are responsible for keeping your Credentials confidential and for using available security features.

18. Cookies & Similar Technologies

Edurealm ID uses only essential cookies and similar technologies required to operate the Service securely, including:

• Authentication and session cookies, to keep you signed in and to enable single sign-on to Edurealm services;
• Security cookies, to detect and prevent unauthorized access and abuse;
• Preference cookies, to remember basic settings such as language.

We do not use advertising cookies, cross-site tracking, or third-party marketing pixels in Edurealm ID. If we add any non-essential cookies in the future, we will update this Policy and, where required, obtain consent before they are set.

19. Your Rights

Subject to applicable law and to any conditions or exceptions set out in the PDPL, the GDPR, or other applicable regulations, you have the following rights in relation to your personal data:

• Right to be informed about how your personal data is processed (this Policy is the primary notice).
• Right of access: to obtain confirmation of whether we process your personal data and to receive a copy.
• Right to rectification: to have inaccurate or incomplete personal data corrected or completed.
• Right to erasure: to request deletion of your personal data in specific circumstances, including deletion of your account.
• Right to restriction: to restrict our processing of your personal data in specific circumstances.
• Right to object: to processing based on legitimate interests, and to direct marketing at any time.
• Right to data portability: to receive your personal data in a structured, commonly used, machine-readable format, where the processing is based on consent or contract and is carried out by automated means.
• Right to withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
• Right to lodge a complaint with a competent supervisory authority (Section 23).

20. How to Exercise Your Rights

20.1 Self-service. You can exercise many of your rights directly through your account, including reviewing and correcting your information, changing your communication preferences, and requesting deletion of your account, where these tools are available.

20.2 Contact us. Because Edurealm is the Controller of your Edurealm ID account data, you may also submit a request directly to us through the website contact form: https://edurealm.net/contact/.

20.3 Verification. To protect you and others, we may need to verify your identity before responding. We will only ask for information that is necessary to verify the request.

20.4 Timing and fees. We will respond within the timeframe required by applicable law (typically thirty (30) days, extendable where the request is complex). We do not charge a fee for handling a valid request, except where applicable law permits us to charge for manifestly unfounded, excessive, or repetitive requests, in which case we will inform you of the fee in advance.

20.5 Limitations. Some rights are subject to legal limitations; for example, we may be unable to delete data we are required to retain by law or that we need to defend legal claims.

21. Personal Data Breaches

We maintain processes to detect, investigate, and respond to personal data breaches. As Controller of your Edurealm ID account data, where a breach is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and, where required by applicable law, the affected Users, without undue delay after becoming aware of it.

22. Changes to this Policy

We may update this Policy from time to time to reflect changes in the Service, in our practices, or in applicable law. When we make material changes, we will update the "Effective date" and "Last updated" lines above and, where appropriate, notify you by email or by an in-product or on-site notice. Continued use of Edurealm ID after the updated Policy takes effect constitutes acceptance of the updated Policy to the extent permitted by applicable law.

23. Complaints & Authorities

If you believe your personal data has been processed in a way that does not comply with applicable law, we encourage you to contact us first through the contact form so we can address your concerns.

You also have the right to lodge a complaint with a competent supervisory authority:

• In Egypt: the Egyptian Personal Data Protection Center established under the PDPL.
• In the EEA: the data protection authority of your country of residence, place of work, or place of the alleged infringement.
• Elsewhere: the supervisory authority designated by applicable local law, where one exists.

24. Contact

For any questions, requests, or notices relating to this Policy, please use our contact form:

Edurealm
Registered office: 71 Mostafa ElNahas, Nasr City, Cairo, Egypt
Contact: https://edurealm.net/contact/

We do not publish direct inboxes on this page to limit automated abuse. The contact form routes your message to the appropriate team (privacy, legal, or support).