Riyaaz Academy

Riyaaz Academy Privacy Policy

Last Updated: October 27, 2025

Riyaaz Academy (“Riyaaz Academy,” “we,” “us,” or “our”) provides online learning services focused on music education, including qawwali and related courses, via riyaazacademy.org and our subdomains, mobile experiences, and other services we operate (collectively, the “Services”).

We respect your privacy and are committed to protecting it. This Privacy Policy explains what information we collect, how we use and share it, and the choices you have. By using the Services, you agree to the practices described here.

1) Who we are & how to contact us

Data Controller (GDPR): Riyaaz Academy, 3400 Main St #14, Houston, TX 77002, USA
Email: [email protected]
Postal: Riyaaz Academy, 3400 Main St #14, Houston, TX 77002, USA

2) Scope

This Policy applies to personal information we collect about:

• Visitors to our websites and apps
• Learners and account holders (including course purchasers)
• Instructors, artists, and collaborators
• People who contact us (e.g., support, media, careers)

It does not cover websites, apps, or services we do not control. Please review their policies before sharing information.

3) Key terms

• Personal Data / Personal Information: Information that identifies or can reasonably identify a person (e.g., name, email, IP address).
• Usage Data: Technical data about how you use the Services (e.g., pages visited, device/browser type).
• Processing: Any operation performed on personal data (collecting, storing, using, sharing, etc.).
• Cookies/Trackers: Small files or technologies (including pixels, tags, SDKs) used for functionality, analytics, and advertising.

4) What we collect

A. Information you provide

• Account & Profile: Name, email, password, phone (optional), location, preferred instrument/genre, bio, profile photo.
• Purchases: Course enrollments and transaction details (note: payment card data is handled by our payment processors; we do not store full card numbers).
• Learning Activity: Course progress, lesson completion, assignments, quiz results, practice logs, scheduling preferences.
• User-Generated Content: Audio/video submissions (e.g., practice recordings, performances), comments, forum posts, messages to instructors.
• Support & Communications: Inquiries, feedback, survey responses, consent preferences.
• Careers/Partnerships/Press: Resumes/CVs and related materials if you apply or collaborate.

B. Information collected automatically

• Usage & Device Data: IP address, device identifiers, browser type, OS, language, referring/exit pages, timestamps, session duration, clickstream, approximate location (derived from IP), crash/diagnostic logs.
• Cookies & Similar Technologies: Session and persistent cookies, pixels, beacons, SDKs for functionality, analytics, A/B testing, and advertising (see Cookies below).

C. Information from third parties

• Single Sign-On (SSO)/Social: If you connect an account (e.g., Google, Facebook), we receive basic profile info subject to your settings with that service.
• Payments: From processors (e.g., Stripe, PayPal) about transaction status (success/failure, last 4 digits, type, and limited metadata).
• Marketing & Analytics: Metrics and audience insights (aggregated or pseudonymous) from providers (e.g., Google Analytics, ad platforms).
• Educational Platforms/Hosts: If we deliver via a course host (e.g., Thinkific or similar), we may receive enrollment and engagement data.

5) How we use your information

We process personal data for these purposes (and corresponding GDPR legal bases in parentheses):

• Provide & maintain the Services (contract/legitimate interests): create/manage accounts, deliver courses, track progress, enable community features, personalize content.
• Customer support & communications (contract/legitimate interests): respond to inquiries, send service messages (e.g., receipts, changes to terms, security alerts).
• Improve & develop (legitimate interests/consent where required): troubleshoot, research, A/B test, analyze usage to enhance lessons, curricula, accessibility, and performance.
• Safety, security & integrity (legal obligations/legitimate interests): detect/prevent fraud, abuse, or violations of our Terms; protect our community.
• Marketing (consent/legitimate interests): send newsletters, offers, event updates, and music education content. You can opt out anytime (see Your Choices).
• Personalized advertising (consent/legitimate interests where permitted): measure campaigns and show relevant ads on our properties and third-party sites/apps.
• Compliance & enforcement (legal obligations/legitimate interests): comply with law, respond to lawful requests, and enforce agreements.
• Aggregated/De-identified uses (legitimate interests): produce statistics and insights that do not identify you.

We do not use learner recordings for model training or automated decision-making that has legal or similarly significant effects without your consent or another valid legal basis.

6) Cookies, analytics & ads

We use:

• Necessary cookies for login, security, payment, and core functionality.
• Preference cookies to remember settings (e.g., language).
• Analytics & performance cookies to understand usage and improve the Services (e.g., Google Analytics).
• Advertising/retargeting cookies/SDKs to deliver and measure ads (e.g., Google Ads, Meta, TikTok).

Your controls

• Browser settings: block or delete cookies (some features may break).
• Mobile: limit ad tracking in iOS/Android device settings.
• Industry tools: NAI/DAA/EDAA opt-outs.
• Google Analytics: browser add-on opt-out.
• Our on-site cookie banners or settings (where offered) let you manage non-essential cookies.

We currently do not respond to Do Not Track (DNT) signals.

7) Payment processing

Transactions are processed by third parties (e.g., Stripe, PayPal). They receive the information necessary to process your payment and handle it per their privacy policies and PCI-DSS requirements. We do not store full payment card numbers.

8) How we share information

We do not sell your personal information. We may share as follows:

• Service Providers/Processors: Hosting, course delivery, video streaming, analytics, email/SMS, customer support, payments, advertising measurement, fraud prevention. They must use data only per our instructions.
• Instructors/Teaching Artists: Limited learner information as needed to support instruction, feedback, and cohort management.
• Community Features: Content you post in public areas (e.g., forums, class comments) may be visible to others.
• Business Transfers: In mergers, acquisitions, financing, or asset sales, personal data may be transferred under this Policy or a successor policy with notice to you where required.
• Legal & Safety: To comply with law, lawful requests, or protect rights, safety, and security.
• With Your Consent: When you ask us or authorize us to share.

We may share aggregated/de-identified information that cannot reasonably identify you.

9) International data transfers

We operate in the United States and may transfer data to countries that may have different protection standards. When required, we implement appropriate safeguards (e.g., Standard Contractual Clauses) and assess transfer risks. By using the Services, you understand your data may be processed in the U.S. and elsewhere.

10) Data retention

We retain personal data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and purpose. We may retain backups and logs for a limited period after account closure.

11) Security

We use administrative, technical, and physical safeguards appropriate to the nature of the data (e.g., encryption in transit, access controls, monitoring). No method is 100% secure; we cannot guarantee absolute security.

12) Your choices & rights

Marketing choices

You can unsubscribe from marketing emails using the link in any email or by contacting us at [email protected]. We may still send transactional or service messages.

Account & content

You can access and update certain account information in your profile. To request deletion of your account or content, contact us (note that some information may be retained as permitted by law).

GDPR (EEA/UK/Switzerland) rights

Where GDPR/UK GDPR applies, you may have the right to access, rectify, erase, restrict, object to processing (including for direct marketing), and data portability, and to withdraw consent where processing is based on consent. You can also lodge a complaint with your local supervisory authority.

Legal bases we rely on include: consent, contract performance, legal obligations, vital/public interests where applicable, and our legitimate interests (e.g., to provide, secure, and improve the Services, and to market similar offerings).

U.S. state privacy rights (incl. California CCPA/CPRA)

If you are a resident of a U.S. state with a comprehensive privacy law (e.g., CA, CO, CT, UT, VA), you may have rights to know/access, correct, delete, and opt out of certain data uses (e.g., targeted advertising, sales, or profiling).

• We do not sell personal information.
• We may engage in targeted advertising/“sharing” as defined by some laws; you can opt out via our cookie settings (where available) or by contacting us.
• Authorized agents may submit requests with proof of authority.
  We will verify requests and respond within the timeframes required by law.

Shine the Light (CA): We do not disclose personal information to third parties for their own direct marketing without your consent.

To exercise any rights, email [email protected] with the subject “Privacy Request” and tell us your residency and request type.

13) Learners under 18 & Children’s privacy

• The Services are intended for users 13 and older.
• Users under the age of majority (typically 18) should use the Services only with the consent and supervision of a parent or legal guardian and under that adult’s account.
• We do not knowingly collect personal data from children under 13. If you believe a child has provided personal data, contact us and we will take appropriate steps to remove the data and close the account.

14) Community conduct & recordings

Music learning often involves audio/video. If you submit recordings (e.g., practice clips, performances) or participate in live sessions, they may be processed to deliver feedback and improve instruction.

• Public areas: Do not share information you wouldn’t want others to see.
• Classrooms/cohorts: Recordings may be viewable by peers/instructors in your cohort; we’ll indicate when recording is active.

15) SMS/texts & notifications (optional)

If you opt in to SMS or push notifications, message frequency may vary. You can reply STOP to SMS to unsubscribe or adjust notification settings in your device/account. Message/data rates may apply. Carriers are not liable for delayed/undelivered messages.

16) Third-party links & integrations

Our Services may link to or integrate with third parties (e.g., payment processors, course hosts, social networks, video platforms, analytics, ad partners, email providers). Their handling of your data is governed by their privacy policies. Please review those policies before using their services.

17) Changes to this Policy

We may update this Policy from time to time. We’ll post the updated version with a new “Last Updated” date and, if changes are material, we’ll provide additional notice as required by law. Your continued use of the Services after changes take effect means you accept the updated Policy.

18) How to contact us

Email: [email protected]
Postal: Riyaaz Academy, 3400 Main St #14, Houston, TX 77002, USA

If you are in the EEA/UK/Switzerland and believe we have not resolved your concern, you may contact your local data protection authority. We are happy to clarify our legal bases for any specific processing upon request.