top of page

Privacy Policy

Privacy Policy

Effective Date: February 9, 2026 Last Updated: March 8, 2026

1. INTRODUCTION AND SCOPE

This Privacy Policy ("Policy") governs the collection, use, processing, storage, sharing, and protection of personal information by Qaswa Connect ("we," "us," "our," or "Company"), a mobile application platform that connects Muslims with their local masjid communities.

Developer/Company: Qaswa Connect Location: United States Contact Email: support@qaswaconnect.com Website: qaswaconnect.com

Data Protection Contact: Qaswa Connect is a US-based company. For all data protection inquiries, including requests from EU/EEA residents under GDPR, please contact support@qaswaconnect.com with subject line "Data Protection Inquiry." While we do not have a formal Data Protection Officer (DPO), this email serves as our designated contact point for all privacy and data protection matters.

By accessing or using the Qaswa Connect mobile application ("App"), you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service. If you do not agree, you must not use the App.

2. LEGAL BASIS AND COMPLIANCE

This Privacy Policy complies with applicable privacy laws and regulations, including but not limited to:

  • Federal Trade Commission Act (FTC Act) and FTC Privacy Rules (United States)

  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

  • General Data Protection Regulation (GDPR) (European Union)

  • Children's Online Privacy Protection Act (COPPA) (United States)

  • Apple App Store Guidelines and Google Play Store Developer Policies

These protections and rights apply to all users regardless of geographic location, unless otherwise specified by applicable law.

3. INFORMATION WE COLLECT

3.1 Personal Information You Provide

We collect personal information that you voluntarily provide when creating an account, using features, or communicating with us:

  • Account Information: Full name, email address, phone number (optional), password (encrypted)

  • Profile Data: Age or age range, gender (male/female), interests and preferences related to Islamic activities, profile photo (optional)

  • Donation Information: Donation amounts, donation method details (processed and stored securely by Stripe; we do not store complete credit card numbers)

  • Donation Records: Donation history, recurring donation preferences, designated masjids, donation goals, donor name (if not anonymous), optional messages to masjids

  • Communications: Messages sent through in-app chat, comments on posts, event RSVPs, volunteer sign-ups, support inquiries

  • User-Generated Content: Posts, comments, photos, videos, and other content you create or share within the App

3.2 Information Collected Automatically

When you use the App, we automatically collect certain technical and usage information:

  • Device Information: Device model, manufacturer, operating system (iOS/Android) and version, unique device identifiers, mobile network information, device settings

  • Usage Data: Features accessed, screens viewed, time spent in app, actions taken (e.g., donations made, events viewed), app crashes and errors, performance metrics

  • Location Data: Precise geolocation (GPS coordinates) when you grant permission, used to show nearby masjids and location-based content; approximate location derived from IP address

  • Network Information: IP address, internet service provider, browser type (if using web features), connection type (WiFi, cellular)

  • Push Notification Tokens: Device tokens to send notifications about prayer times, events, and announcements

3.3 Information from Third-Party Services

If you choose to authenticate using third-party services, we may receive limited information from those providers:

  • Google Sign-In: Name, email address, profile photo

  • Apple Sign-In: Name (optional), email address (real or private relay), user identifier

4. HOW WE USE YOUR INFORMATION

We use the information we collect for legitimate business purposes, including:

4.1 Service Provision and Account Management

  • Create, maintain, and authenticate your account

  • Provide core app features (prayer times, events, donations, messaging)

  • Process and fulfill donation transactions

  • Send transactional notifications (donation receipts, event confirmations)

  • Respond to your inquiries and provide customer support

4.2 Personalization and User Experience

  • Show nearby masjids based on your location

  • Filter content by gender preferences (male-only, female-only, or everyone events)

  • Recommend relevant events, volunteer opportunities, and content based on your interests

  • Remember your preferences and settings

4.3 Communications

  • Send push notifications about prayer times, upcoming events, and community announcements (you can opt out)

  • Send email notifications about account activity, donations, and important updates

  • Communicate promotional offers or new features (you can opt out)

4.4 Safety, Security, and Legal Compliance

  • Detect, prevent, and investigate fraud, abuse, and security threats

  • Enforce our Terms of Service and community guidelines

  • Comply with legal obligations, court orders, and law enforcement requests

  • Protect the rights, property, and safety of Qaswa Connect, our users, and the public

4.5 Analytics and Improvement

  • Analyze usage patterns and trends to improve app functionality

  • Monitor app performance, crashes, and errors

  • Conduct research and development for new features

  • Generate aggregated, anonymized statistics (no personally identifiable information)

5. INFORMATION SHARING AND DISCLOSURE

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information only in the following circumstances:

5.1 With Masjids and Community Members

  • When you make a donation, the recipient masjid receives your name (unless anonymous), email, donation amount, and optional message

  • When you RSVP to events, join group chats, or sign up for volunteer opportunities, relevant information is shared with masjid administrators

  • Your profile information (name, photo) is visible to other users in shared community spaces

5.2 With Service Providers and Business Partners

We share information with trusted third-party service providers who perform services on our behalf:

  • Stripe: Donation processing, donation transactions, subscription management (subject to Stripe's Privacy Policy)

  • Supabase: Database hosting, authentication, backend infrastructure. Data is stored on AWS infrastructure in the United States. International transfers are covered by Standard Contractual Clauses.

  • Expo Notifications: Push notification delivery

  • Google Maps: Location services and mapping (subject to Google's Privacy Policy)

  • Resend: Transactional email delivery (subject to Resend's Privacy Policy and Data Processing Agreement)

These service providers are contractually obligated to use your information only as necessary to provide services to us and are prohibited from using it for their own purposes. Where required by GDPR, we have executed Data Processing Agreements (DPAs) with our service providers.

5.3 For Legal Reasons

We may disclose your information if required by law or if we believe in good faith that such disclosure is necessary to:

  • Comply with legal obligations, court orders, subpoenas, or government requests

  • Enforce our Terms of Service or other agreements

  • Protect against fraud, abuse, or illegal activity

  • Protect the rights, property, or safety of Qaswa Connect, our users, or the public

5.4 Business Transfers

If Qaswa Connect is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the App before your information becomes subject to a different privacy policy.

5.5 With Your Consent

We may share your information for purposes not described in this Policy with your explicit consent.

6. DATA SECURITY

We implement commercially reasonable technical, administrative, and physical security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Encryption of data in transit using HTTPS/TLS protocols

  • Encryption of sensitive data at rest in our databases

  • Secure password hashing using industry-standard algorithms (bcrypt)

  • Multi-factor authentication for administrative access

  • Regular security audits and vulnerability assessments

  • Limited employee access to personal data on a need-to-know basis

  • Secure donation processing through PCI-DSS compliant providers (Stripe)

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

7. YOUR PRIVACY RIGHTS

Depending on your location, you may have certain rights regarding your personal information:

7.1 Rights Under GDPR (EU Residents)

  • Right to Access: Request a copy of the personal information we hold about you

  • Right to Rectification: Correct inaccurate or incomplete information

  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal information

  • Right to Restrict Processing: Limit how we use your information

  • Right to Data Portability: Receive your data in a structured, machine-readable format

  • Right to Object: Object to processing based on legitimate interests or for direct marketing

  • Right to Withdraw Consent: Withdraw consent for processing at any time

  • Right to Lodge a Complaint: File a complaint with your local data protection authority

7.2 Rights Under CCPA/CPRA (California Residents)

  • Right to Know: Request disclosure of personal information collected, used, and shared

  • Right to Delete: Request deletion of your personal information

  • Right to Opt-Out: Opt out of the sale or sharing of personal information (we do not sell personal information)

  • Right to Correct: Request correction of inaccurate information

  • Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights

7.3 General Rights (All Users)

  • Update your profile information in the App settings

  • Opt out of marketing emails by clicking "unsubscribe" in any promotional email

  • Disable push notifications in your device settings or App settings

  • Revoke location permissions in your device settings

  • Delete your account through the App settings (permanent after 30 days)

7.4 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: support@qaswaconnect.com Subject Line: "Privacy Rights Request"

We will respond to verified requests within 30 days (or as required by applicable law). We may require additional information to verify your identity before processing your request.

8. COOKIES AND TRACKING TECHNOLOGIES

The App uses the following tracking technologies:

  • Local Storage: To store user preferences, authentication tokens, and app state

  • Analytics: To collect usage data and app performance metrics

  • Crash Reporting: To identify and fix app crashes

  • Device Identifiers: We may collect device identifiers for analytics and crash reporting purposes only. We do not serve advertisements, engage in cross-app tracking, or share identifiers with advertising networks.

8.1 Apple App Tracking Transparency (iOS)

Qaswa Connect does not access the Identifier for Advertisers (IDFA) or engage in cross-app tracking. We do not serve advertisements, share data with advertising networks, or track your activity across other apps or websites. Because we do not access IDFA, you will not see an App Tracking Transparency (ATT) prompt from our app. If this changes in the future, we will request your permission through Apple's ATT framework before accessing any tracking identifiers.

8.2 Opting Out of Analytics

You can opt out of analytics tracking by:

  • Disabling "Allow Analytics" in App Settings (if available)

  • Denying tracking permission when prompted (iOS)

  • Enabling "Limit Ad Tracking" (iOS) or opting out of personalized ads (Android) in your device settings

9. CHILDREN'S PRIVACY (COPPA COMPLIANCE)

The App is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

If you are under 13, you may not create an account or use the App. If you are between 13 and 18, you must have permission from a parent or legal guardian to use the App.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information as soon as possible. If you believe we have collected information from a child under 13, please contact us immediately at support@qaswaconnect.com.

10. DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

  • Account Data: Retained while your account is active

  • Donation Records: Retained for 7 years for tax and legal compliance purposes

  • Communications: Retained for 2 years or as needed for support purposes

  • Usage Data: Aggregated and anonymized after 18 months

When you request account deletion, your personal information will be permanently deleted within 30 days, except for information we are required to retain by law (e.g., donation records for tax purposes). During the 30-day grace period, you may cancel the deletion request and restore your account.

11. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your country of residence.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission.

12. THIRD-PARTY LINKS AND SERVICES

The App may contain links to third-party websites, services, or integrations (e.g., Stripe, Google Maps, YouTube). This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies:

  • Stripe Privacy Policy: stripe.com/privacy

  • Google Privacy Policy: policies.google.com/privacy

  • Apple Privacy Policy: apple.com/legal/privacy

13. CALIFORNIA "SHINE THE LIGHT" LAW

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

14. DO NOT TRACK SIGNALS

Some browsers support "Do Not Track" (DNT) signals. The App does not currently respond to DNT signals because there is no industry standard for how to interpret them. We will update this Policy if we implement DNT support in the future.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this Policy

  • Notify you via email (to the address associated with your account)

  • Display a prominent notice in the App

  • For material changes affecting your rights, request your affirmative consent

Your continued use of the App after the effective date of an updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated Policy, you must stop using the App and may delete your account.

We encourage you to review this Policy periodically. Previous versions of this Policy are available upon request.

16. CONTACT INFORMATION

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@qaswaconnect.com Subject Line: Privacy Inquiry Website: qaswaconnect.com/privacy

We will respond to your inquiry within 30 days (or as required by applicable law).

17. SENSITIVE AND RELIGIOUS DATA

Important Notice: By using Qaswa Connect, you may voluntarily provide or reveal information that could indicate your religious beliefs, practices, or affiliation (e.g., following masjids, attending Islamic events, making donations to religious organizations). Under certain laws, including the GDPR, religious beliefs are considered "special category" or "sensitive" personal data.

By creating an account and using the App, you explicitly consent to the processing of any such sensitive data as described in this Policy. We process this data solely to provide you with the Services and never use it for profiling, discrimination, or purposes unrelated to the App's functionality.

We implement enhanced protections for sensitive data, including:

  • Strict access controls limiting who can view religious affiliation data

  • Encryption of all sensitive data at rest and in transit

  • No sharing of religious affiliation data with advertisers, data brokers, or any third party for marketing purposes

  • No use of religious data for automated decision-making or profiling

  • Immediate deletion of sensitive data upon account deletion (subject to legal retention requirements)

18. BIOMETRIC DATA

Qaswa Connect does not collect, store, or process biometric data (such as fingerprints, facial recognition data, voiceprints, or retina scans). If you use biometric authentication (Face ID, Touch ID) to access your device, that data is processed entirely by your device's operating system and is never transmitted to or accessible by Qaswa Connect.

19. DATA BREACH NOTIFICATION

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will:

  • Investigate the breach promptly and take immediate steps to contain and remediate it

  • Notify affected users via email within 72 hours of becoming aware of the breach (or as required by applicable law)

  • Provide details about the nature of the breach, the types of data affected, and steps we are taking to address it

  • Notify relevant supervisory authorities as required by GDPR (within 72 hours), state breach notification laws, or other applicable regulations

  • Offer guidance on steps you can take to protect yourself (e.g., changing passwords, monitoring accounts)

  • Maintain a record of all data breaches, including those that do not require notification

20. ADDITIONAL STATE PRIVACY RIGHTS

20.1 Virginia Consumer Data Protection Act (VCDPA)

Virginia residents have the right to access, correct, delete, and obtain a copy of their personal data, and to opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling. We do not sell personal data or use it for targeted advertising.

20.2 Colorado Privacy Act (CPA)

Colorado residents have similar rights to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising, sale of personal data, or profiling. To exercise these rights, contact us at support@qaswaconnect.com.

20.3 Connecticut Data Privacy Act (CTDPA)

Connecticut residents have the right to access, correct, delete, and obtain a copy of their personal data. You may also opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling. We honor all such requests.

20.4 Utah Consumer Privacy Act (UCPA) and Other States

We comply with all applicable state privacy laws, including those in Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, and any other state that enacts consumer privacy legislation. If your state provides additional privacy rights, we will honor them. Contact us at support@qaswaconnect.com to exercise any state-specific privacy rights.

21. DATA PROCESSING FOR MASJIDS

21.1 Masjid Administrators as Data Controllers

Masjids that use Qaswa Connect to manage their community, accept donations, and communicate with followers act as independent data controllers for the personal data they collect and process through the App. Qaswa Connect acts as a data processor on behalf of masjids for certain operations (e.g., processing donations, delivering notifications). As a data controller, each masjid is independently responsible for ensuring its data processing activities comply with all applicable privacy and data protection laws.

21.2 Masjid Organizational Data We Collect

When a masjid is registered on the platform, we collect and process the following organizational data:

  • Masjid name, physical address, phone number, and website

  • Employer Identification Number (EIN) for tax-exempt verification

  • Tax-exempt status documentation (501(c)(3) determination letters)

  • Administrator names, roles, email addresses, and phone numbers

  • Government-issued identification and selfie photos for identity verification

  • Banner images, logos, and other media uploaded by administrators

This organizational data is used to verify the legitimacy of the masjid, display accurate information to community members, and facilitate platform services. Masjid profiles, including name, address, and public media, are displayed publicly to all App users.

21.3 Financial Data

If a masjid enables donation processing, financial data (including bank account information) is collected and processed directly by Stripe, our payment processor, through Stripe Connect. Qaswa Connect does not store, access, or have visibility into the masjid's bank account details. All financial data processing is subject to Stripe's Privacy Policy and Terms of Service. We retain donation transaction records (amounts, dates, and donor information) as required for platform functionality and tax compliance.

21.4 Administrator Responsibilities

Masjid administrators are responsible for:

  • Ensuring their use of user data complies with applicable privacy laws

  • Not using, selling, sharing, or disclosing user data for purposes unrelated to masjid community management

  • Responding to data subject requests (access, correction, deletion) from their community members within legally required timeframes

  • Maintaining the confidentiality and security of any personal data they access through the App

  • Securing administrator account credentials and promptly revoking access for unauthorized individuals

  • Providing accurate and up-to-date masjid organizational information

  • Ensuring all individuals granted administrator access are aware of and agree to the Masjid Administrator Agreement

21.5 Data Retention Upon Masjid Removal

If a masjid is removed from the platform (voluntarily or by Qaswa Connect), we will: (a) revoke all administrator access immediately, (b) remove the masjid's public profile and content within 30 days, (c) retain donation transaction records as required by applicable financial regulations, and (d) delete or anonymize remaining personal data within 90 days unless retention is required by law.

Qaswa Connect is not responsible for the privacy practices of individual masjids. If you have concerns about how a specific masjid handles your data, please contact that masjid directly or reach out to us at support@qaswaconnect.com.

22. AUTOMATED DECISION-MAKING

Qaswa Connect does not use automated decision-making or profiling that produces legal effects or similarly significant effects on users. Content recommendations (e.g., nearby masjids, suggested events) are based on simple criteria such as geographic proximity and stated interests, and do not constitute profiling under GDPR Article 22.

23. CONSENT AND AGREEMENT

By using the Qaswa Connect App, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and sharing of your information as described herein. If you do not agree, you must not use the App.

For users in jurisdictions requiring explicit consent for the processing of sensitive data (including religious data), your creation of an account and continued use of the App constitutes your explicit, informed, and freely given consent to such processing as described in this Policy. You may withdraw this consent at any time by deleting your account, though withdrawal does not affect the lawfulness of processing performed prior to withdrawal.

bottom of page