Privacy

Privacy Policy.

Effective 28 April 2026 · Jurisdiction United Kingdom (GDPR & UK Data Protection Act 2018)

Bismillāh. Your data is an amānah we take seriously. This policy explains what we collect, why we collect it, what we do with it, and the rights you have over it. Plain English wherever possible — legal language only where necessary.

1. Who we are

Musa Jey Consulting ("MJC", "we", "us", "our") is a sole-trader consultancy based in the United Kingdom, operated by Musa Jey. We deliver AI training, content systems, and growth operations for Muslim founders, coaches, creators, and Islamic charities — primarily through live trainings, lead magnets, brand diagnostics, and one-to-one client engagements.

For the purposes of UK GDPR, MJC is the data controller for the personal data described in this policy.

2. Contact details

Privacy enquiries

Email: info@kmconsulting.co

Postal: Musa Jey Consulting, United Kingdom (full address available on request)

If you believe we've handled your data incorrectly, please email us first — we'll respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

3. Who this policy applies to

This policy applies to anyone aged 16 or over who:

Registers for a live training, webinar, or workshop hosted by MJC
Downloads a lead magnet, completes a brand quiz, or submits a form on any MJC-owned site
Becomes a paying client of any MJC service (Halal Consulting, Starter Kit, Funnel Build, etc.)
Subscribes to email updates, books a discovery call, or otherwise voluntarily provides personal data to MJC

MJC services are not directed at children under 16. We do not knowingly collect personal data from anyone under that age. If you believe a child has provided us data, please email us and we will delete it promptly.

4. What data we collect

Information you give us directly

Identity data — first name (and surname when you become a client)
Contact data — email address, phone number, occasionally postal address for client work
Profile data — your business / niche / role, AI experience level, and the questions you submit on registration forms
Transactional data — invoice records, Stripe references, contracts (clients only)
Communications — email replies, DMs, voice notes, and call recordings (always with your knowledge)

Information collected automatically

Technical data — IP address, browser type, device type, referring URL, timestamps
Usage data — pages viewed, time on page, basic analytics events

Information from third parties

Payment providers (Stripe) — payment confirmation only; we never see your full card number
Calendar / video platforms (Google Calendar, Google Meet, Zoom) — attendance status for sessions you book
Social platforms — only the profile information you make public if you reach out via Instagram, LinkedIn, etc.

5. Why we use your data (and our lawful basis)

UK GDPR requires us to have a "lawful basis" for every use of your personal data. We rely on the following:

Performance of a contract — to deliver the training, lead magnet, or paid service you signed up for (e.g. sending the Zoom link, delivering the PDF, fulfilling a Starter Kit build).
Legitimate interest — to send service-related updates, improve our content based on what people ask, prevent fraud and form spam, and follow up sensibly with people who've engaged with us. You can object at any time.
Consent — for marketing emails (we ask you to opt in), and for any optional cookies. You can withdraw consent at any time.
Legal obligation — to keep tax, accounting, and contract records as required by HMRC and UK law.

6. AI training & your data

MJC's services involve AI tools — both as a topic we teach and as instruments we use in delivery. To be explicit about what this means for your data:

We do not feed your personal data into public model-training pipelines. Your name, email, phone number, and DMs are not handed to OpenAI, Anthropic, or any other model provider for training.
We do use AI tools (Claude, ChatGPT, etc.) operationally — for example, to draft replies, structure briefs, or analyse anonymised patterns in language usage. When we do, we use the API or paid plans where data is contractually excluded from training (per the providers' enterprise terms).
If we ever quote a sentence from your DM, comment, or reply in our content (a "Language Bank" entry), it is anonymised — no handle, no name, no identifying detail. If we ever want to use a quote attributed to you, we ask first.
Recordings of live trainings may be used to improve future trainings (transcription, internal review). Attendees with cameras off remain anonymous; attendees who speak on camera are told before the session begins.

7. Marketing & communications

If you give us your email through a registration form, brand quiz, or lead magnet, we may send you:

Service emails — the Zoom link, the replay, the PDF you requested. These are essential to the thing you signed up for and you cannot opt out without losing the service.
Marketing emails — occasional updates on new trainings, content, and offers. You opt in separately, and every marketing email has a one-click unsubscribe at the bottom.

We never sell, rent, or trade your email address. We don't share it with sponsors, partners, or affiliates. We don't use it to retarget you on Meta or Google (we may run general-audience ads, but not lookalike audiences seeded from your data).

8. Cookies & tracking

This site uses minimal cookies — generally only what's needed to make the page work and to count visits in aggregate. We do not use Facebook Pixel, Google Ads conversion tracking, or third-party advertising cookies on our MJC-owned pages.

You can control cookies in your browser settings. Disabling cookies may break form submissions or video embeds. Where consent for non-essential cookies is required, we ask before setting them.

9. Who we share your data with

We share data only with carefully chosen processors who help us run the service. Each is bound by a Data Processing Agreement and processes your data only on our instructions:

Netlify — hosts our websites and form submissions (US/EU)
Google Workspace — Sheets, Calendar, Drive, Meet, Gmail (US/EU)
Stripe — payment processing for clients (US/UK)
Notion — internal CRM and content systems (US)
Loom / Fathom — call recording and Loom replies (US)
Email service providers — to deliver service and marketing emails (UK/EU)

Some of these providers process data outside the UK. Where that happens, we rely on the UK's adequacy decisions, Standard Contractual Clauses, or equivalent safeguards approved by the ICO.

We will only disclose data outside this list if (a) you ask us to, (b) we're legally compelled to (HMRC, court order, fraud investigation), or (c) we're protecting our rights or yours.

10. How long we keep your data

Webinar / lead magnet registrations — kept while you remain on our list. If you unsubscribe, we keep a suppression record (your email only) so we don't accidentally email you again.
Client records — kept for 6 years after the engagement ends, in line with HMRC requirements for tax records.
Anonymised analytics & aggregated language patterns — kept indefinitely, as they no longer identify you.
Communication logs — kept for as long as is reasonable for the purpose, then deleted.

11. Your rights under UK GDPR

You have the following rights, free of charge, exercisable by emailing info@kmconsulting.co:

Access — request a copy of the personal data we hold about you
Rectification — ask us to correct anything that's wrong
Erasure — ask us to delete your data ("the right to be forgotten")
Restriction — ask us to pause processing while we resolve a dispute
Portability — receive your data in a machine-readable format
Object — object to processing based on legitimate interest, including marketing
Withdraw consent — for anything we relied on consent for, including marketing emails

We respond to all rights requests within 30 days. If we need more time for a complex request, we'll tell you why and keep you updated.

12. Security

We use commercially reasonable security measures: TLS encryption in transit, password hygiene, two-factor authentication on every internal account, restricted access on a need-to-know basis, and audit trails for client engagements (per our internal amānah verification protocol).

That said, no internet transmission or storage system is ever 100% secure. If a breach affects your data, we will notify you without undue delay, and notify the ICO within 72 hours where required.

13. Third-party links

Our sites may link to third-party websites (Netlify, GitHub, social media, partner sites). Once you leave a MJC-owned page, you're governed by that site's privacy policy, not this one. We're not responsible for how those sites handle your data.

14. Changes to this policy

We may update this policy as our services evolve, the law changes, or we add new tools. The "Effective" date at the top will always reflect the current version. For material changes (e.g. new processors, new data categories, new cross-border transfers), we'll notify you by email if we have one for you.

Continuing to use our services after a change means you accept the updated policy. If you don't agree to a change, you can exercise your rights under §11.

15. Religious framing

MJC operates as a Muslim-led consultancy. We treat your data as an amānah — a trust placed in our care that we'll be answerable for. That means we err on the side of less collection, shorter retention, fewer third parties, and more transparency than the law strictly requires. If something in this policy ever feels at odds with that principle, please email us — we want to know.

Last reviewed 28 April 2026