Kurdish Students

Legal

Privacy Policy

Last updated: April 2, 2026

1. Who we are

Kurdish Students & Friends Network (“we,” “us,” “the network”) operates kurdish-students.org and its regional subdomains. We are an independent, volunteer-run community project — not a registered corporation. This policy explains how we handle your information.

2. Information we collect

  • Account data — email address, hashed password, account type, country, state, and optional chapter.
  • Profile data — name, nickname, organization, research area, bio, links, mentoring preferences, and privacy settings you choose.
  • Content — posts, messages, civic items (petitions, polls, statements), and reports you submit.
  • Usage data — pages visited, timestamps, and basic request metadata collected by our hosting provider (Vercel).

3. How we use your information

  • Provide and operate the platform: authentication, profiles, messaging, feeds, and chapter directories.
  • Enforce moderation standards and respond to abuse reports.
  • Send account-related communications (approval status, security alerts).
  • Improve the platform based on aggregated, non-identifying usage patterns.

We do not sell your data. We do not serve ads. We do not share your information with third parties for marketing purposes.

4. Data storage and security

Data is stored in Supabase (PostgreSQL) and served through Vercel. Passwords are hashed with scrypt and a unique random salt. Session tokens use HMAC-signed JWTs stored in HttpOnly cookies. We use timing-safe comparisons to prevent timing attacks.

5. Your privacy controls

  • Show or hide your real name (use a nickname instead).
  • Show or hide your email address from other members.
  • Control who can message you: everyone, followers only, or no one.
  • Choose whether your profile appears in your chapter directory.

6. Cookies

We use a small number of cookies: one for your session token and one for your language preference. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

7. Data retention

Your account and content remain stored while your account is active. If you request account deletion by contacting us, we will remove your account and associated data within 30 days. Aggregated, non-identifying statistics may be retained.

8. Your rights

You may request access to, correction of, or deletion of your personal data at any time by emailing us. If you are in the EU/EEA, you have additional rights under GDPR including data portability and the right to lodge a complaint with a supervisory authority.

9. Children

This platform is intended for individuals aged 16 and older. We do not knowingly collect data from anyone under 16.

10. Changes to this policy

We may update this policy as the platform evolves. Material changes will be noted at the top of this page with an updated date. Continued use of the platform after changes constitutes acceptance.

11. Contact

Questions about this policy? Email [email protected]

Terms of Use