Does AhmedAlshamsy.com sell my personal data?

No. AhmedAlshamsy.com does not sell, rent, or trade personal data to any third party for marketing or commercial purposes. Data shared with third-party services (such as Google Analytics, OneSignal, or PayPal) is strictly limited to what those services require to perform their designated function and is governed by their own privacy policies.

How do I request deletion of my personal data?

You can submit a data erasure request via the contact form at ahmedalshamsy.com/en/contact/. Alternatively, if you have a WordPress account, you can use the built-in Personal Data Erasure tool from your profile settings. Requests are fulfilled within 30 days. Financial transaction records are legally required to be retained for 7 years and cannot be erased on request, but all other personal identifiers will be removed or anonymized.

How do I opt out of Google Analytics tracking?

You can revoke analytics consent at any time by clicking the cookie preferences icon at the bottom of any page and withdrawing consent for analytics cookies. You may also install the Google Analytics Opt-Out Browser Add-on from tools.google.com/dlpage/gaoptout for a permanent browser-level opt-out. Analytics tracking requires your consent and is not activated on first visit unless you have previously consented.

How do I turn off push notifications?

Push notifications can be disabled in two ways: (1) Click the padlock icon in your browser's address bar, navigate to Notifications, and set it to Block for ahmedalshamsy.com. (2) Click 'Unsubscribe' in any notification or visit the notification preferences page. Blocking notifications in your browser permanently removes your subscription token from OneSignal.

What data does the AIM Framework behavioral tracking collect?

The AIM Framework behavioral measurement system collects four types of self-reported scores that you voluntarily submit via forms: IMTF (Islamic Motivation & Time Fidelity), IMVF (Islamic Values Fidelity), IMPF (Islamic Practice Fidelity), and AIBF (Applied Islamic Behavioral Fidelity). These scores are processed only with your explicit consent, used exclusively to generate your personal AIM mastery score visible in your member dashboard, and are never shared externally in identifiable form. You may withdraw consent and request erasure of this data at any time.

Is my payment information stored on this site?

No. All payment processing is handled exclusively by PayPal Express Checkout. AhmedAlshamsy.com never stores your credit card numbers, bank account details, or full billing addresses. We store only the PayPal transaction ID, payment amount, currency, date, and the email address associated with your PayPal account, which is necessary for membership record-keeping and financial accounting obligations.

What is the legal basis for processing my data under GDPR?

Different data categories have different legal bases under GDPR Article 6: (1) Contract (Art. 6.1.b) — account management, membership delivery, payment processing; (2) Legal obligation (Art. 6.1.c) — financial record retention for 7 years; (3) Legitimate interests (Art. 6.1.f) — spam protection via Akismet, security logging via Wordfence, comment management; (4) Consent (Art. 6.1.a) — analytics cookies (GA4), push notification subscriptions, AIM behavioral research form submissions. You may withdraw consent for any consent-based processing at any time without affecting the lawfulness of prior processing.

Privacy Policy

A transparent, complete account of what data we collect, why we collect it, how it is protected, and the full scope of rights you hold over your information under GDPR, CCPA, and international privacy standards.

Effective May 1, 2024

Last Updated April 25, 2026

Controller Ahmed Alshamsy

Jurisdiction Global

GDPR Compliant

CCPA Aligned

Cookie Consent Active

No Data Selling

Privacy at a Glance

Three Things You Should Know First

📋

What We Collect

Account details when you register
Membership & payment records
Comments, IP address, browser type
Behavioral research data via voluntary forms
Anonymized site analytics
Push notification opt-in token

⚙️

How We Use It

Deliver and personalize your membership
Process secure payments via PayPal
Protect against spam and attacks
Understand research engagement (GA4)
Send push notifications you opted into
Email you about your account or content

⚖️

Your Rights

Access all data we hold on you
Correct inaccurate information
Request erasure (“right to be forgotten”)
Opt out of analytics and push notifications
Download a portable copy of your data
Withdraw consent at any time

Our commitment: We do not sell, rent, or trade your personal data to any third party for marketing purposes. We do not run advertising networks. Data shared with third-party services is limited to what is strictly necessary for service delivery.

Data Controller Identity

Who We Are

This website is owned and operated by Ahmed Alshamsy, Principal Investigator of the Applied Islamic Methodology (AIM) Framework. Ahmed Alshamsy acts as the sole Data Controller for all personal data processed through this platform.

Controller Name: Ahmed Alshamsy — Senior Educator, Instructional Designer & Behavioral Researcher
Platform: AhmedAlshamsy.com — AIM Framework Research Repository
Contact Email: Contact form at ahmedalshamsy.com/en/contact/
Registered Research: Open Science Framework Pre-registration · DOI: 10.17605/OSF.IO/XM2TN
ORCID: orcid.org/0009-0005-4627-7077

Data Categories

What Information We Collect

We collect only what is necessary to deliver the services you use. The categories below describe the full scope of personal data this platform may process.

Category	Data Points	When Collected	Legal Basis (GDPR)
Identity & Account	Name, email address, username, display name, profile photo	Registration, membership signup	Contract (Art. 6.1.b)
Membership & Subscription	Membership level, start/end dates, renewal status, order history	Membership purchase or renewal	Contract (Art. 6.1.b)
Payment Records	Transaction ID, amount, currency, date — via PayPal (no card data stored here)	Membership payment	Legal obligation (Art. 6.1.c)
Research & Behavioral Data	AIM Framework measurement inputs (IMTF, IMVF, IMPF, AIBF scores) submitted via voluntary forms	Form submissions (explicit consent)	Consent (Art. 6.1.a)
Comments	Name, email, website URL, comment text, IP address, browser user agent	Submitting a comment	Legitimate interest (Art. 6.1.f)
Technical & Device	IP address, browser type/version, device type, operating system, referring URL, pages visited, session duration	Every visit (analytics)	Consent (Art. 6.1.a) for analytics cookies
Push Notification	Browser push token, notification preference, subscription date	OneSignal opt-in prompt	Consent (Art. 6.1.a)
Email Interaction	Email address, open/click events (via WP Mail SMTP delivery)	Transactional emails	Contract / Legitimate interest
Consent Records	Cookie consent choice, consent timestamp, consent ID	Cookie consent banner interaction	Legal obligation (Art. 7)

Children’s Privacy: This platform does not knowingly collect personal data from children under the age of 16 (or the applicable age of digital consent in your jurisdiction). If you believe we have inadvertently collected such data, please contact us immediately for erasure.

Purpose of Processing

How We Use Your Information

We process personal data only for specific, explicit purposes. We never use your data for purposes incompatible with those listed below.

Service Delivery & Membership: To create and manage your account, provide access to gated content, process membership renewals, and communicate about your subscription status, billing, and deliverables (CSV templates, research packs, archive access).
Payment Processing: Order records and transaction IDs are retained to fulfill legal accounting obligations. Full payment details are processed exclusively by PayPal and are never stored on our servers.
Research & Behavioral Analytics: Form-submitted AIM Framework data (IMTF, IMVF, IMPF, AIBF) is processed to generate your personal behavioral mastery score displayed in member dashboards. This data is processed only with your explicit consent and is never shared externally in identifiable form.
Spam & Security Protection: IP addresses, browser agents, and comment content are shared with Akismet for spam classification. Wordfence uses IP and request data to block malicious traffic. These represent our legitimate interest in platform integrity.
Site Analytics: Anonymized usage data (page views, session metrics, acquisition sources) is processed via Google Analytics 4 to understand how research content performs and to improve the platform’s academic mission. This requires your cookie consent.
Push Notifications: If you opt in, we use your OneSignal push token to notify you of new AIM research publications, behavioral tracking updates, or platform announcements. You can revoke consent at any time via your browser settings.
Legal & Security Obligations: We may retain certain data to comply with applicable law, respond to legal requests, enforce our terms, or protect the rights and safety of users and the platform.

Cookies & Local Storage

Cookies & Tracking Technologies

We use a consent-managed cookie system. On first visit, a cookie preference banner (powered by Complianz) allows you to accept or decline non-essential cookies. Your choice is recorded and respected on all subsequent visits.

Essential — Always active, required for core function

Functional — Enhance experience, optional

Analytics — Require consent

Optional — Require explicit opt-in

Cookie Name	Provider	Category	Duration	Purpose
wordpress_logged_in_*	This site	Essential	2 days / 14 days (“Remember Me”)	Authenticates your login session
wordpress_sec_*	This site	Essential	Session / 14 days	Login security token
wp-settings-*	This site	Essential	1 year	Admin interface display preferences
pmpro_visit	This site (Membership)	Essential	Session	Membership access session tracking
cmplz_consent	Complianz	Essential	1 year	Stores your cookie consent preferences
cmplz_id	Complianz	Essential	1 year	Anonymous visitor ID for consent records
comment_author_*	This site	Functional	1 year	Saves commenter name/email/URL for convenience
pll_language	Polylang (This site)	Functional	1 year	Stores your language preference (Arabic / English)
_ga	Google Analytics 4	Analytics	2 years	Distinguishes unique visitors for Google Analytics
_ga_XXXXXXXX	Google Analytics 4	Analytics	2 years	Maintains session state for GA4
_gid	Google Analytics 4	Analytics	24 hours	Identifies the browser for daily GA4 session counts
onesignal-*	OneSignal	Optional	Varies (up to 1 year)	Tracks push notification opt-in state (only set if you interact with the prompt)

Managing cookies: You can withdraw or change your cookie consent at any time by clicking the cookie preferences icon at the bottom of any page, or by clearing cookies in your browser settings. Revoking analytics consent will not affect your access to any content or membership features.

Data Processors & Sub-processors

Third-Party Services We Use

The following third-party services process data on our behalf or alongside our platform. Each is bound by contractual data processing agreements and their own privacy policies.

📊

Google Analytics 4 & Tag Manager

Processes anonymized behavioral data (page views, session metrics, event tracking) to help us understand research engagement. IP anonymization is enabled. Tag Manager is used to manage the GA4 deployment without additional data collection.

→ Google Privacy Policy

🔔

OneSignal Push Notifications

When you opt in to push notifications, OneSignal stores your browser push token and delivers notifications on our behalf. No personally identifiable data is required to subscribe; OneSignal assigns an anonymous subscriber ID.

→ OneSignal Privacy Policy

💳

PayPal Express Checkout

All membership payments are processed by PayPal. Card numbers, bank details, and full billing information are handled exclusively on PayPal’s servers. We receive only a transaction ID, amount, and payer email for record-keeping.

→ PayPal Privacy Policy

🛡️

Akismet Anti-Spam

Comment data (IP address, user agent, referrer, URL, name, email, comment text) is transmitted to Akismet’s servers for spam classification. We collect information about visitors who comment on this site as described by the Automattic privacy policy.

→ Automattic Privacy Policy

🖼️

Gravatar (Automattic)

An anonymized hash (MD5) of your email address may be sent to Gravatar to display your profile picture on approved comments. The Gravatar service privacy policy is available at automattic.com/privacy/. Your avatar is publicly visible if you have a Gravatar account.

→ Gravatar Privacy Policy

⚡

Jetpack (Automattic)

Jetpack provides site security, search functionality, and performance enhancements. It transmits basic site and usage statistics to Automattic’s servers. Jetpack’s security module processes IP addresses for brute-force protection.

→ Automattic Privacy Policy

✅

Complianz — Cookie Consent

Manages your cookie consent records, ensuring they are stored securely and honored across your visits. Complianz does not share consent data with third parties and is fully GDPR-compliant by design.

→ Complianz Privacy Statement

📧

WP Mail SMTP — Email Delivery

Routes transactional email (membership confirmations, password resets, account notifications) through a verified SMTP service. Email content and recipient addresses are transmitted to the configured mail server for delivery.

→ WP Mail SMTP Privacy

🔍

Google Search Console

Provides aggregated, anonymized data about how users find this site via Google Search. No individual user data is processed; Search Console operates on aggregate search impression and click data only.

→ Google Privacy Policy

Embedded Content from Other Websites

Articles on this site may include embedded content such as videos, iframes, or interactive widgets from third-party platforms (e.g., YouTube, OSF, Twitter/X). Embedded content behaves exactly as if you had visited that third-party website directly — they may collect data, set cookies, embed additional tracking, and monitor your interaction with the embedded content, including if you are logged in to that third-party service.

Measurement & Insights

Analytics & Tag Manager

This platform uses Google Analytics 4 (GA4), deployed via Google Tag Manager, to measure research content engagement, visitor journeys, and platform performance. Analytics is consent-gated: no GA4 cookies are set and no data is transmitted unless you have accepted analytics cookies via the consent banner.

Data Collected via GA4: Pages visited, session duration, scroll depth, event interactions (clicks on research downloads, form completions), device category, browser, general geographic region (country/city level), acquisition source. Full IP addresses are anonymized before processing.
IP Anonymization: IP anonymization is enabled by default in GA4. The last octet of your IP address is zeroed before storage, meaning no full IP address is ever associated with your GA4 data.
Data Residency: GA4 data is processed on Google’s global infrastructure. A Data Processing Amendment (DPA) is in place between this site and Google under GDPR Article 28.
Google Tag Manager: Tag Manager itself does not collect data. It is used solely to manage the GA4 tracking script deployment. No additional tags, pixels, or tracking beyond GA4 are deployed through Tag Manager on this site.
Consent API Integration: This site implements Google Consent Mode v2 via the WP Consent API. Analytics and ad-personalization signals are withheld from Google until you explicitly grant consent via the Complianz cookie banner.
Opting Out: You may revoke analytics consent at any time via the cookie preferences panel. Additionally, the Google Analytics Opt-Out Browser Add-on provides a permanent opt-out independent of cookie settings.

Browser Push Notifications

Push Notifications via OneSignal

We offer optional browser push notifications for new AIM research publications and platform updates. Push notifications are entirely opt-in — no notification data is collected unless you explicitly click “Allow” on the browser permission prompt.

What Is Collected: When you subscribe, your browser issues a push subscription token (a unique endpoint URL) to OneSignal. This token is not linked to your email address or personal identity unless you are also a registered member.
What Notifications We Send: New AIM Framework research posts, behavioral tracking feature updates, and occasional platform announcements. We do not send promotional, commercial, or third-party advertising notifications.
How to Unsubscribe: You may revoke push notification permission at any time via your browser’s site settings (usually under the padlock icon in the address bar). You may also unsubscribe by visiting the notification preferences page linked in any notification.
OneSignal Processing: OneSignal stores your push token on their US-based infrastructure. OneSignal is Privacy Shield certified and GDPR-compliant. No notification content is personalized using personal data beyond device locale.

No tracking pixels in notifications: We do not embed tracking pixels or click-trackers inside push notification content. Notification delivery confirmation (whether your device received the notification) is provided by your browser vendor, not by us.

Subscription & Billing

Membership & Payment Processing

AhmedAlshamsy.com offers paid membership access to the AIM Practitioner content library. Membership is processed by Paid Memberships Pro with PayPal Express Checkout as the exclusive payment gateway.

Available Membership Tiers

Monthly

$4.99

per month

Quarterly

$12.99

every 3 months

Yearly — Impact

$44.99

per year

Patron

$299

per year

Data Stored by This Site: Your name, email address, membership level, subscription start and end dates, billing cycle, and PayPal transaction IDs. No payment card numbers, bank details, or full billing addresses are stored on our servers.
Data Processed by PayPal: All payment information is handled directly by PayPal. By completing a purchase, you agree to PayPal’s Privacy Policy and Terms of Service.
Billing Records Retention: Financial transaction records are retained for a minimum of 7 years from the date of the transaction to satisfy applicable tax and accounting obligations, regardless of membership cancellation.
Cancellation & Refunds: Cancelling your membership stops future billing. Access continues until the end of the paid period. Data retained for active accounts remains subject to the retention periods described in Section 11. To request erasure of non-financial account data after cancellation, use the contact form in Section 14.
Password Reset & Security: If you request a password reset, your IP address is included in the password reset email as a security reference. This is a standard WordPress security measure and cannot be disabled.

Offline Capability

Progressive Web App & Service Worker

This site is installable as a Progressive Web App (PWA) on compatible devices. The service worker enables offline access to previously visited pages by caching static assets and HTML in your browser’s local storage.

No personal data collected: The service worker does not collect, store, or transmit any personal data. It operates exclusively on cached static files (HTML, CSS, JavaScript, images) stored locally on your device. Cached data is automatically invalidated when content is updated and can be cleared at any time by clearing your browser’s site data.

The PWA installation prompt is entirely optional. Installing the app to your home screen does not grant us any additional permissions or access beyond what the browser already provides. Push notification permissions for the PWA are governed separately under Section 7.

User-Generated Content

Comments & Uploaded Media

Comment Submissions: When you leave a comment, we collect the data shown in the comment form: your name, email address, website URL (optional), the comment text itself, your IP address, and browser user agent string. This information is collected to facilitate discussion, detect spam, and recognize and approve follow-up comments automatically. Your email address is never displayed publicly; only your name and optional website URL appear alongside your comment.
Gravatar Integration: An anonymized hash of your email address may be sent to the Gravatar service to check whether you have an associated profile picture. If you have a Gravatar, your profile photo will be publicly visible next to your comment. See automattic.com/privacy for Gravatar’s full privacy terms.
Comment Cookie Opt-in: If you leave a comment, you may opt in to saving your name, email, and website in browser cookies for your convenience. These functional cookies last for one year. This opt-in is presented at the time of commenting and can be declined or cleared at any time.
Uploaded Media & EXIF Data: If you upload images to this website (e.g., as a registered member), you should avoid uploading images with embedded location data (EXIF GPS coordinates) included. Visitors to the website can download and extract any location data embedded in images you upload. We do not automatically strip EXIF data from uploaded images.
Comment Moderation & Spam: Comment data is processed through Akismet’s spam filter. Akismet collects the commenter’s IP address, user agent, referrer, site URL, name, username, email address, and the comment text. Comments identified as spam are held for review and may be deleted. Approved comments and their metadata are retained indefinitely to facilitate follow-up comment recognition.

Storage Periods

How Long We Retain Your Data

Data Type	Retention Period	Basis
Approved comments & metadata	Indefinitely (while site operates)	Legitimate interest — follow-up comment recognition
Member account data (active)	Duration of membership + 30 days post-cancellation	Contract performance
Member account data (inactive, no financial record)	3 years from last login or until erasure request	Legitimate interest
Payment / financial transaction records	7 years from transaction date	Legal obligation (tax/accounting law)
AIM behavioral research form data	Until you withdraw consent or request erasure	Consent (Art. 6.1.a)
Cookie consent records	1 year or until updated	Legal obligation (GDPR Art. 7)
Push notification subscriptions	Until you unsubscribe (browser or OneSignal dashboard)	Consent
Security log data (IP, login attempts)	Up to 30 days (rolling)	Legitimate interest — security
Google Analytics 4 data	14 months (GA4 default, configurable)	Consent
Spam comment data (Akismet)	15 days on Akismet servers	Legitimate interest

Erasure requests: You may request erasure of any data not subject to a legal retention obligation. Financial records (7-year accounting requirement) cannot be erased on request, but all other personal identifiers can be anonymized or removed. See Section 14 for how to submit an erasure request.

GDPR · CCPA · International

Your Rights Over Your Personal Data

Depending on your jurisdiction, you hold various rights over your personal data. We honor all of the following rights. All requests are fulfilled within 30 days and free of charge.

👁️

Right to Access

Request a complete export of all personal data we hold about you, including account details, membership records, and any behavioral research data you have submitted.

GDPR Art. 15 · CCPA §1798.110

✏️

Right to Rectification

Request correction of inaccurate or incomplete personal data. You can update most profile information yourself from your account dashboard at any time.

GDPR Art. 16

🗑️

Right to Erasure

Request deletion of your personal data. We will erase all data not subject to a legal retention obligation. Financial transaction records are retained for 7 years per accounting law.

GDPR Art. 17 · CCPA §1798.105

⏸️

Right to Restrict Processing

Request that we pause processing your data — for example, while you contest its accuracy or pending an objection — without requiring full erasure.

GDPR Art. 18

📦

Right to Data Portability

Receive your personal data in a structured, machine-readable format (JSON or CSV) suitable for transfer to another service. Available for data processed by consent or contract.

GDPR Art. 20 · CCPA §1798.100

🚫

Right to Object

Object to processing based on legitimate interests (e.g., analytics, spam protection). We will cease such processing unless we can demonstrate compelling grounds that override your interests.

GDPR Art. 21

↩️

Right to Withdraw Consent

Withdraw consent for any processing based on consent (analytics cookies, push notifications, behavioral research data submission) at any time without affecting prior lawful processing.

GDPR Art. 7(3)

⚖️

Right to Lodge a Complaint

If you believe your rights have been violated, you have the right to lodge a complaint with your national data protection authority (e.g., EDPB for EU residents, ICO for UK residents).

GDPR Art. 77

WordPress built-in tools: If you have an account on this site, or have left comments, you can use the built-in privacy tools under your WordPress profile to request a Personal Data Export (generates a ZIP file) or submit a Personal Data Erasure request directly from the WordPress admin. Erasure requests require administrator approval before processing to verify identity.

Cross-Border Data Flows

International Data Transfers

As a globally accessible research platform, some of the third-party services described in this policy process data outside your country of residence, including in the United States and European Union.

Google (GA4, Tag Manager, Search Console, Site Kit): Data processed under Google’s EU Standard Contractual Clauses (SCCs) and Data Processing Terms. Google maintains an EU-US Data Privacy Framework certification. See Google’s compliance page.
Automattic (Akismet, Gravatar, Jetpack): Automattic processes data in the United States under standard contractual clauses. See automattic.com/privacy.
OneSignal: Push notification data processed in the United States. OneSignal holds a Privacy Shield successor certification and provides SCCs for EU data subjects. See onesignal.com/privacy_policy.
PayPal: Payment data processed globally under PayPal’s own data governance framework and local regulatory requirements. See PayPal’s privacy policy.
Platform Origin: This site’s origin server is located outside the EU. No server-level personal data is accessible to or processed by any third party except technical support contacts under strict NDA, as described throughout this policy.

Requests & Enquiries

Contact & Privacy Requests

To exercise any of your rights, request your data export, submit an erasure request, or ask any privacy-related question, please use the contact form below. All privacy requests are acknowledged within 72 hours and fulfilled within 30 days.

Privacy Request or Question?

Use the contact form to send your request. Please include: your full name, the email address associated with your account (if any), and a clear description of your request (access, erasure, portability, etc.). Identity verification may be required before processing erasure or export requests.

Response time: within 30 days · No charge for valid requests · Identity verification required for erasure

✉ Contact Us

Policy updates: This privacy policy may be updated periodically to reflect changes in our data practices, legal requirements, or third-party services. Material changes will be announced on the site. The “Last Updated” date at the top of this page always reflects the most current version. Continued use of the platform after an update constitutes acceptance of the revised policy.