Privacy Policy

1. Introduction

This Privacy Policy explains how IlmLabs ("we", "us", or "our"), operating as Salah Companion, collects, uses, stores, and protects your personal data when you use our website, mobile applications, and related services (collectively, the "Service").

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

• Your name
• Email address
• Phone number (optional)
• Password (stored securely by Firebase Authentication)
• Mosque affiliation details
• Account creation and last login timestamps

2.2 Mosque Data

If you manage a mosque, you may provide:

• Mosque name, address, and contact information
• Prayer times and schedules
• Facilities and amenities information
• Uploaded images and logos
• Notices and announcements (Pro feature)

2.3 Technical Data

We automatically collect certain technical information:

• Browser local storage data (e.g., preferred mosque, saved drafts)
• Firebase authentication tokens (for logged-in users)
• Device and browser information for authentication purposes

2.4 Payment Data

If you subscribe to Pro features, payment processing is handled by Stripe. We do not store your payment card details. We only receive and store:

• Subscription status and plan type
• Billing history and invoice records
• Stripe customer ID

2.5 Optional Location Data

With your explicit permission, we may collect your geolocation to provide "nearby mosques" functionality. This data is only used for this specific purpose and is not stored on our servers.

3. How We Use Your Data

We use your personal data to:

• Provide and maintain the Service, including displaying prayer times
• Verify your identity and mosque affiliation during account registration
• Process your subscription payments and manage billing
• Send service-related notifications (e.g., account verification, password reset)
• Respond to your support requests and communicate with you
• Improve and develop new features for the platform
• Detect and prevent fraud or abuse of the Service
• Comply with legal obligations

4. Legal Basis for Processing

Under the UK GDPR, we process your personal data based on the following legal grounds:

4.1 Contract Performance

Processing necessary to provide you with the Service, including account management, displaying prayer times, and processing payments.

4.2 Legitimate Interests

Processing necessary for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, where these interests are not overridden by your rights.

4.3 Consent

Processing based on your explicit consent, such as using your location for nearby mosque features. You may withdraw consent at any time.

5. Data Sharing

5.1 Third-Party Services

We share data with the following third-party service providers:

• Firebase (Google) - Authentication and user account management
• Stripe - Payment processing for subscriptions
• DigitalOcean - Cloud hosting and image storage

5.2 Public Display

Please note that certain information is publicly visible:

• Mosque details (name, address, contact information)
• Prayer times and schedules
• Mosque images and facilities information
• Notices and announcements (visible to app users for your mosque)

5.3 Legal Requirements

We may disclose your data if required by law, court order, or governmental authority, or to protect our rights, property, or safety, or that of our users or the public.

6. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected:

• Account data: Until you request deletion of your account
• Prayer times: Retained for historical reference and may be kept indefinitely
• Payment records: Retained as required by law (typically 7 years for tax purposes)
• Local storage data: Controlled by you through your browser settings

7. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

7.1 Right of Access

You have the right to request a copy of the personal data we hold about you.

7.2 Right to Rectification

You have the right to request correction of inaccurate personal data.

7.3 Right to Erasure

You have the right to request deletion of your personal data in certain circumstances.

7.4 Right to Object

You have the right to object to processing of your personal data based on legitimate interests.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format.

7.6 Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. International Transfers

Some of our third-party service providers are based outside the UK. When we transfer your data internationally, we ensure appropriate safeguards are in place:

• Firebase/Google (US) - Protected by Standard Contractual Clauses and Google's data protection commitments
• Stripe (US) - Certified under Privacy Shield and uses Standard Contractual Clauses
• DigitalOcean (global) - Uses data processing agreements with appropriate safeguards

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encrypted connections (HTTPS) for all data transmission
• Secure password storage through Firebase Authentication (industry-standard hashing)
• Role-based access controls to limit data access
• Regular security reviews and updates

10. Cookies & Local Storage

We use minimal cookies and browser storage:

10.1 What We Don't Use

We do not use third-party tracking cookies, analytics cookies, or advertising cookies.

10.2 What We Use

• Local storage: To save your preferences (e.g., preferred mosque, prayer time drafts) - this data stays on your device
• Firebase session cookies: Essential for authentication and keeping you logged in

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (if you have an account) or by posting a prominent notice on our Service.

The "Last updated" date at the top of this policy indicates when it was last revised. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy, want to exercise your data protection rights, or have a complaint about how we handle your data, please contact us:

We aim to respond to all data protection requests within one month.