Privacy Policy
Your privacy is sacred to us. We collect only what is necessary and nothing more.
Last updated: 15 April 2026
1. Overview
The Salafi Masjid ("we", "our", "us") operates The Salafi Masjid mobile application (the "App") and the website at salafimasjid.app (the "Site"). This Privacy Policy explains how we collect, use, and protect your information when you use our services.
We are committed to protecting your privacy. We do not sell, trade, or rent your personal information to third parties. We do not use advertising networks or tracking SDKs.
2. Information We Collect
2.1 Account Information
General use of the App requires no account. Accounts exist only for the masjid’s authorised administrators, who post and manage content. When an administrator account is created, we collect a name and email address solely to identify and secure that account.
2.2 Notification Preferences
We store your notification preferences (prayer reminders, announcements, events, lessons) so the App delivers only the content you have opted into. These preferences are kept on your device and sent alongside your anonymous push token; they are not tied to any account.
2.3 Location Data
The App uses your device's location for one purpose only: the Qibla compass, which shows the direction and distance to the Kaaba in Makkah. When you open the Qibla screen, the App requests permission to access your location while the App is in use, and your coordinates are used on your device to calculate the Qibla bearing. They are never sent to our servers and never shared. Granting location is optional — if you decline, the compass falls back to the masjid's fixed location. Prayer times never use your location; they come from the bundled timetable of The Salafi Masjid, Birmingham.
2.4 Push Notification Tokens
If you enable push notifications, we store your device's push token (provided by Apple or Google) to deliver notifications. No account is required to receive notifications, and this token is not linked to your name or any personal identity.
2.5 Contact Form Submissions
When you use the contact form on our website, we collect your name, email address, subject, and message. This information is used solely to respond to your enquiry.
2.6 Donation Information
Donations are processed by Stripe, a PCI-compliant payment processor. We do not store your card details. Stripe may collect payment information in accordance with their own privacy policy. We receive only a confirmation of the donation amount and your email (if provided) for receipt purposes.
3. Information We Do Not Collect
- We do not use third-party analytics or tracking SDKs in the app (no Google Analytics, Firebase Analytics, Mixpanel, etc.). This website uses only privacy-friendly, cookieless visitor analytics — see §6.
- We do not use advertising networks or ad identifiers
- We do not track your browsing behaviour across apps or websites
- We do not collect device fingerprints or unique advertising identifiers
- We do not sell, rent, or share your data with third parties for marketing
- We do not profile you or build behavioural models
4. How We Use Your Information
- Deliver prayer time notifications and reminders you have opted into
- Send the masjid's announcements, events, and lesson notifications you have opted into
- Respond to your contact form enquiries
- Process donations via Stripe
5. Data Storage & Security
Your data is stored on our self-hosted server on Hetzner Cloud, in a secure data centre in Helsinki, Finland (EU). All data is transmitted over HTTPS (TLS encryption). Passwords are hashed using industry-standard algorithms and are never stored in plain text.
Prayer times, announcements, and events are cached locally on your device using secure on-device storage for offline access. This data remains on your device and is cleared when you uninstall the app.
6. Third-Party Services
We use a minimal number of third-party services, each for a specific purpose:
- Cloudflare Web Analytics — privacy-friendly visitor analytics for this website (salafimasjid.app). It counts aggregate page views and referrers without cookies, without an advertising identifier, and without tracking you across other sites. No personal data is collected and nothing is sold. See Cloudflare Web Analytics.
- Aladhan API — converts Gregorian dates to Hijri dates for display (no account required, no tracking). Only the calendar date is sent; never your location.
- Expo Push Service — delivers push notifications to your device
- Sentry — crash and error reporting to help us fix bugs and improve app stability. Sentry receives error messages, device type, and app version. We scrub all personally identifiable information (email addresses, IP addresses, and authentication tokens) before data is sent to Sentry. Sentry's servers are located in the US; data transfers are governed by Standard Contractual Clauses (SCCs) as approved under UK GDPR. See Sentry's Privacy Policy.
- Stripe — processes donations securely
- Apple App Store / Google Play Store — distributes the app
We do not use any social media SDKs, advertising networks, or behavioural analytics platforms.
7. Data Retention
Administrator account data is retained for as long as the account stays active. If an account is deleted, all associated data is permanently removed from our servers within 30 days. Anonymous push tokens and notification preferences are removed when you disable notifications or uninstall the App.
Contact form submissions are retained for up to 12 months to handle follow-up enquiries, then permanently deleted.
Donation records (transaction amounts, dates, and Gift Aid declarations) are retained for a minimum of 6 years after the end of the tax year in which the donation was made, as required by HMRC for Gift Aid audit purposes. After this period, records are permanently deleted.
8. Your Rights
Under applicable data protection laws (including UK GDPR), you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Portability — request your data in a machine-readable format
- Objection — object to processing of your data
- Withdraw consent — withdraw consent for notifications at any time via app settings
To exercise any of these rights, contact us at privacy@salafimasjid.app.
9. Children's Privacy
Our App is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.
11. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@salafimasjid.app
- Address: The Salafi Masjid, Wright Street, Small Heath, Birmingham, B10 9SP
- Phone: 0121 773 0033
- Charity: Salafi Bookstore and Islamic Centre, Registered Charity No. 1083080
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been handled improperly.