Skip to main content

Legal & Compliance

Privacy Policy

Iranian Student Association-Alliance (ISA-Alliance) is committed to responsible data stewardship, confidentiality, and retention controls appropriate for a high-trust public institution.

Privacy Policy Details

Effective date: March 16, 2026

1) Scope

This policy applies to public website usage, communication channels, chapter coordination contacts, and document-download interactions operated by Iranian Student Association-Alliance (ISA-Alliance).

2) Data We Collect

  • Contact data: name, email, affiliation, and inquiry content provided through public channels.
  • Authentication data: account email addresses for secure portal registration and access management.
  • Operational data: minimal technical logs required for service reliability and security monitoring.
  • Content records: editorial metadata, publication approvals, and version history for institutional transparency.

3) Authentication and Account Security

  • Iranian Student Association-Alliance (ISA-Alliance) securely stores account emails required for portal authentication and administrative review workflows.
  • Passwords are never stored in plain text. Passwords are hashed using bcrypt before storage.
  • Session authentication relies on strict secure cookies configured with HttpOnly, Secure, and SameSite=Strict controls.

4) Confidentiality and Sensitive Information

Iranian Student Association-Alliance (ISA-Alliance) treats student-related concerns with confidentiality discipline. The MVP secure pages are visual prototypes only and must not be used for sensitive submissions.

Production confidential-case intake requires backend-enforced authentication, authorization, secure storage, and auditable access controls.

Public visa-delay intake is currently paused while Iranian Student Association-Alliance (ISA-Alliance) finalizes the secure review workflow and related controls. Do not submit new visa-delay cases through the website until a reactivation notice is posted.

If you need help with an existing matter or have a time-sensitive question, contact info@isa-alliance.org or board@isa-alliance.org.

5) Purpose of Processing

  • Responding to public, media, and chapter inquiries.
  • Publishing accurate, governance-reviewed institutional content.
  • Maintaining platform security, integrity, and operational continuity.

6) Data Retention Rules

  • General inquiries: retained up to 24 months unless legal obligations require longer retention.
  • Media/public correspondence: retained up to 36 months for accountability and records continuity.
  • Governance/publication records: retained according to institutional archival policy and version history requirements.

Retention and deletion operations are governed by Iranian Student Association-Alliance (ISA-Alliance) internal data retention policy and legal/compliance review standards.

7) Data Sharing

Iranian Student Association-Alliance (ISA-Alliance) does not sell personal data. Limited data sharing may occur with authorized service providers for hosting, platform operations, and security functions under contractual confidentiality controls.

8) Security Controls

  • Access restrictions based on role and operational need.
  • Password hashing with bcrypt for credential protection.
  • Strict secure session-cookie controls (HttpOnly, Secure, SameSite=Strict) for authentication sessions.
  • Infrastructure-level protections and monitoring.
  • Incident response escalation for suspected privacy or security events.

9) Your Rights and Requests

For privacy-related requests (access, correction, deletion where applicable), contact official@isa-alliance.org. Iranian Student Association-Alliance (ISA-Alliance) responds according to legal obligations and institutional governance procedures.

10) Policy Updates

Iranian Student Association-Alliance (ISA-Alliance) may update this policy as operations, legal obligations, or security standards evolve. Material changes are published with updated effective dates.