Privacy Policy

How Main Mosque handles your data

This policy explains what we collect, why we collect it, how we use and share it, and the choices you have. It applies to both the mobile app and the web experience. We operate with GDPR/UK compliance in mind.

Updated: 05 Dec 2025

Data we collect

  • Account data: name, email, phone, password hash or social login identifiers (Google).
  • Mosque preferences: selected mosque(s), reminder and language settings, saved payment methods.
  • Device data: Expo push token / FCM token, device identifiers and OS for notification delivery and security.
  • Usage data: feature usage, error logs, and analytics to improve stability.
  • Donations: amounts, frequency, gift-aid choice (if enabled), and payment instrument metadata (processed via Stripe/PayPal; we do not store full card/bank details).

How we collect it

  • Directly from you when you create an account, adjust settings, or submit forms (e.g., register a Mosque).
  • Automatically from your device when you use the mobile app or web (e.g., push token, IP, device/OS metadata).
  • Third parties where you authorize it (e.g., Google Sign-In, Stripe/PayPal payment processors).

How we use it

  • Provide core services: show salah times, announcements, reminders, live streams, Mosque directories (when enabled), and donations.
  • Send notifications and reminders you opt into (adhan/iqamah reminders, announcements, live streams).
  • Maintain safety: fraud monitoring, abuse prevention, authentication, and debugging.
  • Product improvement and analytics (aggregate/anonymous where possible).
  • Legal compliance, accounting, and responding to lawful requests.

Who we share with

  • Service providers/processors: hosting, analytics, monitoring, email/SMS, push notification delivery (Expo/FCM/APNs), and payment processing (Stripe/PayPal).
  • Mosque admins/organization owners: limited data needed to manage donations and registrations you submit to that Mosque.
  • Legal and safety: to comply with law, protect rights, prevent fraud or abuse.
  • Business transfers: if we restructure or transfer the service, per UK/GDPR requirements.

Retention

  • Account data is kept while you maintain an account; we delete or anonymize upon request unless law requires retention.
  • Push tokens and reminder schedules are kept as long as you allow notifications; removing the app/token or disabling reminders deletes/invalidates them.
  • Payment records are retained as required for tax and accounting (typically 6–7 years in the UK).
  • Backups and logs are retained for limited periods for security and recovery.

Your rights

  • Access, correct, or delete your data.
  • Object to or restrict processing, and data portability where applicable.
  • Withdraw consent (e.g., notifications) at any time in app settings or device settings.
  • Lodge a complaint with your local data protection authority (e.g., ICO in the UK).

Security

  • Encryption in transit (HTTPS) and at rest where supported by our providers.
  • Restricted access controls for staff and admins.
  • Credential best practices; we never store raw passwords.

Children

  • The service is not directed to children under 13. If you believe a child provided data, contact us to remove it.

Cookies & tracking

The web app may use essential cookies for authentication and security, and limited analytics to improve reliability. You can manage cookies in your browser settings. The mobile app does not use third-party ad trackers; system identifiers may be used for push notifications and analytics.

Contact & requests

To exercise your rights (access, deletion, correction, objection) or ask privacy questions, reach us at:

  • Email: support@mainmosque.com