سياسة الخصوصية

The Palestinian Roots Platform (referred to as "the Platform", "we", or "us") is committed to protecting the privacy of every person who uses it. We understand that the information you share with us is not ordinary data — it is your family history, your heritage, and in many cases deeply personal details about yourself, your relatives, and your ancestors. We treat it with the seriousness and respect that it deserves.

This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, who we share it with, and what rights you have over it. It applies to all users of the Platform, regardless of where in the world they are located.

By registering for and using the Platform, you confirm that you have read and understood this Privacy Policy. If you do not agree with any part of it, you should not use the Platform.

البيانات الشخصية

Any information that can identify a living individual, directly or indirectly — names, dates of birth, contact details, photographs, and family relationship data.

البيانات النَّسَبية

Information about an individual's family history, ancestry, lineage, and family relationships, including details of deceased relatives.

البيانات الحسّاسة

A subset of personal data requiring heightened protection, including living individuals' whereabouts, contact details, and identity documents.

شجرة العائلة الفردية

A family tree submitted and managed by a registered user, relating to their specific family.

الشجرة العائلية الأم

The unified Palestine Family Tree, formed by linking all connected Individual Family Trees.

المستخدم

Any person who has registered an account on the Platform.

المسؤول

The designated platform manager with exclusive write access to the Master Family Tree.

GEDCOM

A standard file format for exchanging genealogical data between systems.

المعالجة

Any operation performed on personal data, including collection, storage, use, and deletion.

3.1 Information you give us directly. When you register and use the Platform, you provide us with:

• Account information: your name, email address, and password when you create an account.
• Identity verification documents: copies of identity documents you upload to confirm your eligibility to access or manage a specific family tree.
• Family tree data: names, dates of birth and death, places of birth and death, village and clan affiliations, family relationships, and other genealogical details.
• Photographs and documents: images and files you upload to the picture gallery or document archive.
• Messages: communications you send to other users or to the Administrator through the internal messaging system.
• GEDCOM files: genealogical data files you import into or export from the Platform.

3.2 Information we collect automatically: log data (IP address, browser type, pages visited, time and date of visits), device information, and your language preference (Arabic or English).

3.3 Information about other people. When you add individuals to your family tree, you provide personal data about people other than yourself — relatives both living and deceased. You must ensure you have the right to share this information and that doing so is consistent with the privacy expectations of the people concerned.

We use the information we collect to:

• Run the Platform: create and manage your account; let you build, edit, and view family trees; link Individual Trees into the Master Tree; run end-of-day duplicate detection and merge processing; process GEDCOM import/export; and enable messaging.
• Verify identity and access: verify your eligibility to manage a specific tree; review and approve or deny access requests; and maintain the security and integrity of the Platform.
• Improve the Platform: understand how it is used, fix technical problems, and generate anonymised statistical data about the Palestinian diaspora (see Section 6).
• Communicate with you: send notifications about activity on your tree; inform you of changes to the Platform, this Policy, or the Terms; and respond to your questions and support requests.

• Consent: where you have given clear consent for a specific purpose — for example, uploading a photograph or document.
• Contract: where processing is necessary to fulfil the agreement between you and us when you register for and use the Platform.
• Legitimate interests: where processing is necessary for our legitimate interest in operating a secure, accurate, and meaningful genealogical record for the Palestinian people, provided your rights are not overridden.
• Legal obligation: where we are required to process data to comply with a legal requirement.

We may generate statistical and demographic reports from the data held on the Platform — for example, the number of documented Palestinians by country, by district of origin within historic Palestine, or by generation. These reports are anonymised and aggregated: they will not identify any individual and cannot be traced back to a specific person.

Such reports may be shared with Palestinian civil society organisations, legal teams, advocacy groups, academic researchers, and intergovernmental bodies for purposes consistent with the Platform’s mission of documenting and supporting the Palestinian people.

We do not sell your personal data. We do not share it with advertisers. We share it only in these limited circumstances:

• Other Platform users: information you add to your tree may be visible to other users, subject to the access rights and privacy settings you choose. You control what others can see.
• The Administrator: has access to all data for verifying accounts, resolving duplicate records, managing the Master Tree, and maintaining security — bound by the same confidentiality obligations as all users.
• Service providers: a small number of trusted providers (cloud hosting and security) process your data only on our instructions and are contractually required to protect it.
• Legal requirements: where required by law, or in good faith to protect the rights, safety, or property of any person, or to comply with a legal process.
• With your consent: in any other circumstances where you have given explicit, informed consent.

• Account data: retained for as long as your account remains open.
• Family tree data: retained indefinitely as part of the Platform’s permanent record. If you delete your account, genealogical data already linked to the Master Tree may be retained in anonymised or de-identified form, as removing it could disrupt other families’ records.
• Photographs and documents: retained for as long as they remain linked to active records.
• Identity verification documents: retained only as long as necessary to complete verification, after which they are securely deleted.
• Log data: retained for a maximum of 12 months.

• All data is transmitted over encrypted connections (HTTPS/TLS).
• Passwords are stored using industry-standard hashing and never in plain text.
• Access to personal data is restricted to Platform staff and administrators on a need-to-know basis.
• We conduct regular security audits and vulnerability assessments.
• Identity verification documents are stored in a separately secured, access-logged environment.
• We maintain a data breach response procedure and will notify affected users and relevant authorities in accordance with applicable law.

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: ask us to correct inaccurate or incomplete data.
• Right to erasure: ask us to delete your personal data in certain circumstances. Genealogical data already incorporated into the Master Tree may be retained in anonymised form (see Section 8).
• Right to restrict processing: ask us to restrict how we use your data in certain circumstances.
• Right to data portability: receive a copy of your data in a portable, machine-readable format — including as a GEDCOM file for your family tree data.
• Right to object: object to certain types of processing, including processing based on legitimate interests.
• Right to withdraw consent: where we process your data based on consent, withdraw it at any time.

To exercise any of these rights, contact us using the details in Section 14. We will respond to all requests within 30 days.

The Platform is not intended for use by persons under the age of 16. We do not knowingly collect personal data directly from children under 16. If a child’s details are entered into a family tree by an adult user, those details receive the same protections as all other personal data, with the additional protection that the details of children will not be displayed publicly.

If we become aware that we have inadvertently collected personal data directly from a child under 16, we will take steps to delete it promptly.

The Platform serves users in many countries. Your data may be transferred to and stored on servers located in countries other than the one in which you live. We ensure all such transfers comply with applicable data protection law and that appropriate safeguards are in place wherever your data is held.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify all registered users by email and by a prominent notice on the Platform. The date at the top indicates when it was last updated. Your continued use after notification constitutes acceptance of the updated Policy.

If you have questions about this Policy, wish to exercise your rights, or wish to make a complaint, contact the Data Protection Contact at privacy@palestinianroots.org (placeholder — to be confirmed). We aim to respond to all enquiries within 30 days.