Effective date: May 24, 2026 · Last updated: May 24, 2026 · Version 3.0
Al Amaanah ("the App", "we", "us", "our") is a masjid management software-as-a-service platform operated by Al Amaanah for Indian Islamic communities. This Privacy Policy explains what information we collect, why we collect it, how we use it, and the rights you have over your data.
By using the App you agree to this Privacy Policy and to our Terms of Service. If you do not agree, do not use the App.
1. Data Controller
Al Amaanah is the data controller for personal information processed through the App. For privacy questions or to exercise your rights, contact us at alamanah.ind@gmail.com or +91 8217898432.
2. Information We Collect
We collect only what is needed to provide the App's masjid management features.
2.1 Information you provide directly
Email address — required to create and identify your account.
Mosque name, contact person name, phone number, and city — collected when a masjid submits an "Access Request" to sign up. Phone number is required so our verification team can contact the masjid administrator to confirm the request before provisioning the account. Phone numbers are never shared with third parties or used for marketing.
Account credentials — temporary password (set by your masjid administrator and used once) and a 4-digit Personal Identification Number (PIN) you create on first login. Credentials are stored only as one-way bcrypt hashes; we cannot recover or read your original PIN.
Member, donor, staff, attendance, finance, and madrasa records — entered by your masjid administrators and staff to operate the masjid (donor names, transaction amounts in INR, attendance marks, student records, exam marks, complaints, announcements). This data belongs to your masjid; we process it on your masjid's behalf.
Photos and file uploads — images or documents you choose to upload from your device camera or photo gallery. The App uses uploads in three places: (a) attachments on announcements, (b) attachments on madrasa homework, and (c) masjid branding assets such as an official seal or signature image. These files are stored in Google Firebase Cloud Storage as part of your masjid's data. We only access your camera or photo gallery at the moment you choose to upload — we do not scan or read your gallery in the background.
2.2 Information collected automatically
Device location — only if you grant location permission, and only used to calculate prayer times when the masjid administrator has not configured a fixed location (and for the optional "find nearby masjid" feature). Location is processed on your device; we do not store your raw GPS coordinates on our servers.
Push notification token — issued by Apple Push Notification service or Firebase Cloud Messaging when you allow notifications. Used to deliver masjid announcements, prayer-time reminders, transaction alerts, and budget threshold notifications. Tokens are stored against your account and deleted when you sign out or revoke notification permission.
App usage and diagnostic data — basic, anonymous diagnostic information used to keep the App reliable. We do not collect advertising identifiers and do not run any third-party analytics or advertising SDKs.
2.3 Information we do not collect
We do not collect: your contacts, microphone audio, biometric data, advertising identifiers, web browsing history, social media accounts, or precise location history. We do not access your photo gallery except for the single image you select when uploading (see Section 2.1).
3. How We Use Your Information
We use your information only to:
Provide the App's masjid management features (authentication, attendance, finance, madrasa, communications, prayer times).
Verify access requests from new masjids before granting accounts.
Maintain immutable audit logs of administrative actions for accountability within each masjid.
Diagnose problems and improve App reliability.
Comply with legal obligations.
We do not sell, rent, or share personal information for marketing or advertising. We do not run targeted advertising in the App.
4. App Permissions
The App requests only the device permissions it needs, and only at the moment they are needed. You can revoke any of them at any time through your device settings.
Location (optional) — to calculate accurate prayer times when a fixed masjid location is not configured, and for the optional "find nearby masjid" feature. Not required to use the rest of the App.
Notifications — to send announcements, prayer-time reminders, transaction alerts, and budget notifications.
Camera and Photos — requested only when you upload an image or document, for announcement attachments, madrasa homework attachments, or masjid branding assets (seal/signature). The App does not use the camera for any other purpose.
Internet — required, because the App is a cloud-based service.
The App does not request access to your contacts, microphone, or background location.
5. Third-Party Services
We use the following third-party service providers strictly to operate the App:
Google LLC / Firebase — Authentication, Firestore database, Cloud Functions, Cloud Storage, Cloud Messaging, and Hosting. Firebase provides the underlying infrastructure that runs the App and processes data under Google's Cloud Data Processing Addendum.
Apple Inc. — Apple Push Notification service, used to deliver notifications on iOS devices.
We do not use any third-party analytics, advertising, or tracking SDKs, and we never share your data with advertising networks or data brokers.
6. How We Share Information
We share information only with:
Your masjid administrators and authorized staff — within the App, according to role-based permissions (Masjid Admin, Treasurer, Staff, Member). Each masjid's data is logically isolated by tenant.
The service providers listed in Section 5 — strictly to operate the App.
Legal authorities — only when required by valid legal process.
We never sell your data.
7. Legal Basis for Processing
We process your data based on:
Contract — to deliver the App's services to you and your masjid.
Legitimate interests — to keep the App secure, prevent abuse, and improve reliability.
Consent — for optional features like location-based prayer times, photo uploads, and push notifications. You can withdraw consent at any time in your device settings.
8. Where Data Is Stored
App data is stored in Google Firebase data centers. By default, multi-region storage may include locations outside India. By using the App you consent to your data being processed in these regions. We use industry-standard transport encryption (TLS) and at-rest encryption provided by Firebase.
9. Data Ownership
All data your masjid enters into the App — members, donors, transactions, attendance, madrasa records, announcements, certificates, complaints, uploaded files, and settings — remains the property of the masjid (the "Client"). Al Amaanah acts only as a data processor on the masjid's behalf. We do not claim ownership of any data you upload or create within the App.
10. Personal Data Processing
We process personal data only as needed to provide the Service, and only as instructed by the Client masjid.
The Client masjid is responsible for obtaining any consents required from its own members and students under the Digital Personal Data Protection Act, 2023 (DPDP Act) for the data it enters into the App.
In the event of a personal data breach affecting your information, we will take reasonable steps to investigate and to notify affected parties and authorities without undue delay, as required by applicable law.
We do not share personal data with any third party beyond the sub-processors disclosed in Section 5, except where required by law.
11. Security Measures
We implement reasonable technical and organizational measures to protect personal information, including:
Bcrypt-hashed credentials — passwords and PINs are never stored in plain text.
Account lockout after 3 failed PIN attempts (15-minute lockout).
Role-based access control, enforced both in the app and on the server.
Firestore security rules that scope every read and write to the user's own masjid.
TLS encryption for all data in transit, and at-rest encryption provided by Firebase.
No method of transmission or storage is 100% secure. Use a strong, unique PIN and keep your account credentials confidential.
12. Data Backup & Recovery
Your data is stored on Google Firebase, which provides built-in durability and multi-region replication of stored data. We do not operate a separate scheduled backup product, and we do not guarantee a specific recovery time.
If a masjid account is deleted, it can be recovered only within the 30-day window described in Section 14. After that window, the data is permanently and irreversibly removed and cannot be restored.
13. Data Retention
Account data — retained for as long as your masjid maintains an active subscription, plus a short retention period after deactivation to allow recovery.
Audit logs — retained immutably to support the financial accountability obligations of the masjid, except where the masjid itself is deleted (see Section 14).
Push tokens — deleted when you sign out, uninstall the App, or disable notifications.
Deactivated user accounts — credentials are nulled but the user record is retained until the masjid deletes it, to preserve attribution on historical records (e.g., who recorded a donation).
You can request deletion of your personal data at any time by contacting alamanah.ind@gmail.com. We will honor deletion requests within 30 days, subject to legal retention requirements.
14. Account and Tenant Deletion
You can permanently delete your account from within the App at any time:
Sign in to the App.
Open My Profile from the home screen.
Scroll to the Danger zone section.
Tap Delete my account, type DELETE to confirm, and tap the destructive button.
The deletion is immediate and cannot be undone. Behavior depends on your role within your masjid:
Member, staff, treasurer, or non-last administrator — your Firebase Authentication record, your tenant user document, your person profile, and your global email-index entry are permanently deleted. Operational records that you contributed to your masjid (financial transactions, attendance entries, audit log entries authored by you) remain with the masjid as part of its regulated record-keeping; they no longer reference your account.
Last active administrator of a masjid — because no administrator would remain to manage the masjid afterwards, deleting your account will permanently delete the entire masjid. This wipes every user account in that masjid (including all members, staff, and treasurers), every financial transaction, every attendance record, every audit log entry, every donor record, every announcement, every madrasa record (students, exams, marks, attendance, leave requests, homework, conduct notes, progress notes), every nikah certificate, every complaint, every push notification log, every budget, all settings, all uploaded files, and the masjid document itself. All other users of that masjid will lose all access to the App. A short technical record of the deletion event (masjid id, deleting user id, timestamp) is retained for platform integrity and abuse-prevention purposes only.
A deleted masjid enters a 30-day window during which it can be restored and its data exported; after 30 days it is permanently purged. This behavior implements Apple App Store Guideline 5.1.1(v) (account deletion) and applies the same level of control across Android and web.
15. Your Rights
Depending on your jurisdiction, you have the right to:
Access the personal data we hold about you.
Correct inaccurate data.
Request deletion of your data ("right to be forgotten"), subject to legal retention.
Restrict or object to certain processing.
Receive a copy of your data in a portable format.
Withdraw consent for optional features.
Lodge a complaint with your local data protection authority.
Data portability: within the App, finance data can be exported as PDF, CSV, or XLSX reports. For a broader export of your masjid's data, contact support and we will assist where reasonably possible. To exercise any right, email alamanah.ind@gmail.com. We will respond within 30 days.
16. Children's Privacy
The App is intended for use by adults responsible for masjid administration, and by older students and parents in the madrasa module. We do not knowingly collect personal information directly from children under 13. Madrasa student records are entered by authorized teachers and parents on behalf of children, with the masjid acting as the controller of that data. If you believe a child has provided information directly to us without authorization, contact us and we will delete it.
17. Legal Compliance
This Privacy Policy is designed to comply with applicable Indian law, including:
Information Technology Act, 2000
IT Rules, 2011 (Reasonable Security Practices)
Digital Personal Data Protection Act, 2023 (DPDP Act)
Indian Contract Act, 1872
18. Third-Party Links
The App may contain links to external resources (e.g., a masjid's social media). We are not responsible for the privacy practices of third-party sites.
19. Changes to This Policy
We may update this Privacy Policy to reflect changes to the App or legal requirements. Material changes will be communicated via in-App notice or email. The "Last updated" date at the top reflects the most recent revision. Continued use of the App after changes take effect constitutes acceptance of the revised policy.