Privacy Policy

This Privacy Policy applies to Aquafusion CC, a Close Corporation registered in South Africa, trading as SiyumCentral and operating the website at www.siyumcentral.com (the "Platform").

We are committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) of South Africa, and, where applicable, the UK GDPR, the EU GDPR, and applicable data protection laws of other jurisdictions in which we operate.

Questions: legal@siyumcentral.com

Information you provide directly

• Name and email address when registering or donating
• City and country (optional, for the global participant map)
• Dedication and sponsorship details you choose to add to learning claims
• Donation amounts and associated charity selections
• Tax certificate country preference
• Charity application details (organization name, EIN/registration numbers, admin email)

Information collected automatically

• Authentication tokens via NextAuth.js (Google OAuth or email)
• Session data stored in our database
• Learning streak and completion data tied to your account
• Standard server logs (IP address, browser type, pages visited) — not stored permanently

Information we do NOT collect

• Payment card numbers or banking details (no payment processor is currently integrated)
• Biometric data
• Data from minors under 18 — the Platform is not intended for minors

• To create and manage your account
• To display your name and location on the live participation map (only if you provide them)
• To record and display learning claims, completions, and streaks
• To process and record donations and sponsorship pledges
• To generate tax certificates upon request
• To send transactional emails related to your account or campaigns (when email notifications are active)
• To allow campaign organizers to track participation for campaigns you join
• To maintain platform security and prevent fraud

We do not use your data for advertising profiling or sell it to third parties.

• Contract performance — processing necessary to provide the Platform services you have signed up for
• Legitimate interests — operating the Platform, preventing fraud, improving our services
• Consent — where you have explicitly opted in (e.g. dedication plaques displayed publicly)
• Legal obligation — where required by applicable law (e.g. tax records)

We share personal data only in the following limited circumstances:

• Charities you donate to — your name and email may be shared with the recipient charity for their records and tax receipt purposes, with your knowledge
• Infrastructure providers — Vercel (hosting), StackCP (database hosting). Both process data under their own privacy policies and standard contractual clauses
• Authentication — if you sign in with Google, your name and email are passed from Google to our platform under Google's OAuth consent
• Legal requirement — if required by a court order or applicable law

We do not sell, rent, or trade your personal information.

• Account data: retained while your account is active; deleted within 30 days of a verified deletion request
• Donation records: retained for 7 years for legal and tax compliance purposes
• Learning claims and completions: retained indefinitely as campaign participation records
• Session tokens: expire automatically per NextAuth.js configuration

Depending on your jurisdiction you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data ("right to be forgotten"), subject to legal retention obligations
• Object to or restrict certain processing
• Data portability (receive your data in a structured format)
• Lodge a complaint with your local supervisory authority (South Africa: the Information Regulator; UK: ICO; EU: your national DPA)

To exercise any of these rights, email legal@siyumcentral.com. We will respond within 30 days.

The Platform uses only essential session cookies set by NextAuth.js to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party analytics by default.

Data is stored on password-protected cloud infrastructure. Database connections are encrypted in transit (TLS). We follow reasonable industry-standard practices for securing personal information. No system is 100% secure — if you discover a vulnerability, please report it responsibly to legal@siyumcentral.com.

The Platform is not directed at children under 18. We do not knowingly collect personal information from minors. If you believe a minor has submitted data, contact us and we will delete it promptly.

Your data may be processed in countries other than your own (including the United States via Vercel). Where required, we rely on standard contractual clauses or adequacy decisions to ensure lawful transfer.

We may update this policy from time to time. Material changes will be notified by updating the "Last updated" date above. Continued use of the Platform after changes constitutes acceptance.

Aquafusion CC t/a SiyumCentral
South Africa
Email: legal@siyumcentral.com
Website: www.siyumcentral.com