Legal

Privacy Policy

Last Updated: May 31, 2026

1. Introduction

Masjid Connects is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

2. Information We Collect

We may collect information about you in a variety of ways including:

  • Personal Data: Name, email address, phone number, and other identifiers you provide.
  • Usage Data: Information about how you use our services, such as the pages you visit.
  • Device Data: Information about your device, IP address, browser type, and operating system.

3. How We Use Your Information

We may use the information we collect about you to:

  • Provide, maintain, and improve our services
  • Process and complete transactions
  • Send you technical notices and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyze trends, usage, and activities

4. Legal Bases for Processing (EU/UK)

Under GDPR and UK-GDPR, we rely on the following legal bases per processing purpose:

  • Performance of a contract (Art. 6(1)(b)): account creation, authentication, donation processing, event registration, and delivering the services you request.
  • Legitimate interest (Art. 6(1)(f)): platform security, fraud prevention, abuse detection, IP-hash audit logging, and product analytics from non-PII signals.
  • Legal obligation (Art. 6(1)(c)): retaining donation, payment, and tax records as required by tax authorities; responding to data-subject requests within statutory deadlines.
  • Consent (Art. 6(1)(a)): non-essential cookies (when applicable); marketing emails; processing of special-category data such as religious affiliation when you voluntarily disclose it (Art. 9(2)(a)).

5. Data Retention

We retain personal data only as long as necessary for the purpose it was collected, then delete or anonymize it. Indicative retention periods:

  • Account and profile data: until you request deletion, or 24 months after your last sign-in, whichever comes first.
  • Donation, payment, and tax records: minimum 7 years to satisfy tax-authority retention obligations (HMRC / IRS / CRA / EU member-state equivalents); donor PII fields are nullified earlier on deletion request, with amount, currency, and transaction identifiers preserved for audit.
  • Event/service registration records: 24 months after the event date.
  • Audit logs (security and privacy events): 36 months from creation; PII fields are nullified on a deletion request.
  • IP-address hashes: 12 months.
  • Email communications and support tickets: 24 months from last interaction.

4. Sharing Your Information

We may share information about you in the following ways:

  • With service providers who perform services on our behalf
  • To comply with legal obligations
  • In connection with a business transfer or transaction
  • With your consent or at your direction

5. Security of Your Information

We use administrative, technical, and physical security measures to protect your personal information. However, no data transmission over the Internet or storage system can be guaranteed to be 100% secure.

6. Your Choices

You may update, correct, or delete your account information at any time by logging into your account. You may also opt out of receiving promotional communications from us by following the instructions in those messages.

7. Children's Privacy

Our services are not intended for individuals under the age of 16, the default GDPR Article 8 digital-consent age. We do not knowingly collect personal information from children under 16 without verified parental or guardian consent. If you become aware that a child under 16 has provided personal information to us, please contact our Data Protection Officer so we can promptly delete it.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

9. Your Privacy Rights (GDPR, UK-GDPR, PIPEDA, Law 25, CCPA)

Depending on where you live, you have the following rights over your personal data:

  • Right to Know: Request information about what personal data we collect and how we use it
  • Right to Access: Request a copy of your personal data
  • Right to Delete: Request deletion of your personal data
  • Right to Portability: Request your data in a machine-readable format
  • Right to Rectification: Request correction of inaccurate data
  • Right Against Sale or Sharing: We do not sell or share personal information for advertising or marketing purposes.

10. EU / UK Residents (GDPR & UK-GDPR)

For EU and UK residents, Masjid Connects acts as the data controller for platform-level data and as a data processor on behalf of the Islamic centers you interact with. We rely on Standard Contractual Clauses (SCCs) for any transfer of personal data outside the EEA / UK. Our subprocessors include Stripe, Clerk, Cloudinary, Firebase, Resend, and Vercel. To exercise any GDPR or UK-GDPR right, or to reach our designated Privacy Officer (Responsable de la protection des données / Datenschutzbeauftragter), contact us at the email address below; we respond within the 30-day legal deadline.

11. Canadian Residents (PIPEDA)

For Canadian residents, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). We collect personal information only for the purposes identified at the time of collection (running your Islamic center, processing donations, sending notifications), retain it only as long as necessary for those purposes, and provide an access request mechanism via the privacy controls in your account settings. Our Privacy Officer can be reached at the contact below.

12. Quebec Residents (Loi 25 / Law 25)

For residents of Quebec, additional protections apply under An Act to modernize legislative provisions as regards the protection of personal information (Law 25):

  • We have a designated Privacy Officer (Responsable de la protection des renseignements personnels) reachable at the contact below.
  • We may transfer personal information outside Quebec to subprocessors located in the United States and the European Union. As required by Law 25 §17, we have completed a privacy impact assessment of these transfers and implemented adequate protective measures; the assessment is available on request via the contact below.
  • We do not use personal information for automated decisions that produce legal effects without notifying you and offering a way to opt out.
  • In the event of a confidentiality incident that presents a serious risk of harm, we will notify you and the Commission d'accès à l'information promptly.

13. Contact Us

If you have questions or concerns about this Privacy Policy, or to exercise any of the rights above, please contact us at support@masjidconnects.com.