Privacy Policy for MosqlyFi (Al-Saut-Fi)

Effective Date: June 5, 2026 Last Updated: June 5, 2026 Version: 2.0


1. Introduction

MosqlyFi, operated by Al-Saut-Fi ("we", "our", "us", or the "Company"), is committed to protecting your privacy and personal data in full compliance with the EU General Data Protection Regulation (GDPR — Regulation (EU) 2016/679), the Finnish Data Protection Act (Tietosuojalaki 1050/2018), the Finnish Act on Electronic Communication Services (917/2014), and the EU Digital Services Act (DSA).

This Privacy Policy explains what personal data we collect, why we collect it, our lawful basis for processing, how we protect it, and what rights you have. This policy applies to all users of the MosqlyFi mobile application (Android and iOS), the MosqlyFi website, and all associated services (collectively, the "Platform").

Data Controller: Al-Saut-Fi Helsinki, Finland Email: privacy@alsaut.org Website: https://mosqlyfi.com

Data Protection Officer (DPO): Email: dpo@alsaut.org


2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person ("Data Subject"), such as name, email address, location data, or device identifiers.
  • Processing: Any operation performed on personal data, including collection, storage, use, transfer, or deletion.
  • Data Subject: The individual whose personal data is processed (i.e., you, the user).
  • Supervisory Authority: The Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), Finland's national data protection authority.

3. Data We Collect

We collect and process the following categories of personal data:

3.1 Account & Identity Data

  • Full name, email address, phone number, and profile picture.
  • Authentication credentials (managed securely via Firebase Authentication; we do not store raw passwords).
  • Account role and entity affiliations (e.g., masjid membership, tutor status).

3.2 Location Data

  • Precise Location (GPS): Used to calculate accurate prayer times, determine Qibla direction, and display nearby mosques and halal restaurants.
  • Approximate Location (IP-based): Used as a fallback for location-based services when precise location is not available.

3.3 Financial & Transaction Data

  • Donation amounts, recipient masjid or charity, donation type (Zakat, Sadaqah), and transaction timestamps.
  • Payment is processed by Stripe — we do not store full credit or debit card numbers. Stripe is a PCI DSS Level 1 certified payment processor.

3.4 Religious & Preference Data

  • Preferred Madhab (Islamic school of jurisprudence), followed mosques, bookmarked Quran verses, Hadith reading progress, prayer tracking data.
  • Notification preferences and communication settings.

3.5 Usage & Analytics Data

  • App interaction data: screens visited, features used, timestamps, session duration.
  • Device information: device model, operating system version, app version, screen resolution.
  • Crash and performance logs for debugging and stability improvements.

3.6 Communication Data

  • Content of messages sent through in-app messaging features (e.g., masjid announcements, tutor communications).
  • Support requests and correspondence.

3.7 Device & Technical Data

  • Unique device identifiers (e.g., Firebase Installation ID, advertising ID — only with consent).
  • Push notification tokens for delivering notifications.
  • IP address (processed temporarily for security and service delivery).

4. Lawful Basis for Processing

Under Article 6 of the GDPR, we process your personal data based on the following lawful bases:

Data CategoryPurposeLawful Basis (Art. 6 GDPR)
Account & Identity DataAccount creation, authentication, and service deliveryPerformance of a contract (Art. 6(1)(b))
Location Data (Precise)Prayer times, Qibla direction, nearby masjid finderExplicit consent (Art. 6(1)(a))
Location Data (Approximate)Fallback for location-based servicesLegitimate interest (Art. 6(1)(f))
Financial DataDonation processing and receiptsPerformance of a contract (Art. 6(1)(b))
Financial Records (Retention)Tax compliance and audit requirementsLegal obligation (Art. 6(1)(c))
Religious PreferencesPersonalized religious content and featuresExplicit consent (Art. 6(1)(a)) — as special category data under Art. 9(2)(a)
Usage & Analytics DataPlatform improvement and bug fixingLegitimate interest (Art. 6(1)(f))
Communication DataIn-app messaging and supportPerformance of a contract (Art. 6(1)(b))
Push NotificationsService alerts and masjid announcementsConsent (Art. 6(1)(a))
Advertising ID / TrackingAnalytics and advertising (if applicable)Consent (Art. 6(1)(a))

Special Category Data (Article 9): Religious preference data is classified as special category data under the GDPR. We only process this data with your explicit consent, which you provide when configuring your religious preferences. You may withdraw this consent at any time through your account settings.


5. How We Use Your Data

We use personal data for the following purposes:

  1. Service Delivery: Providing accurate prayer times, Qibla direction, Quran and Hadith access, and masjid-related features.
  2. Donation Processing: Facilitating secure financial contributions to masjids and charitable causes, generating receipts and transparency reports.
  3. Personalization: Tailoring content based on your location, Madhab preferences, followed mosques, and reading progress.
  4. Communication: Sending masjid announcements, prayer time alerts, booking confirmations, and service notifications.
  5. Platform Improvement: Analyzing anonymized usage patterns to improve features, fix bugs, and optimize performance.
  6. Security & Fraud Prevention: Detecting and preventing unauthorized access, fraud, and abuse.
  7. Legal Compliance: Maintaining records as required by Finnish tax law, the Finnish Accounting Act, and other applicable regulations.

6. Third-Party Data Sharing

We do not sell your personal data. We share data only with the following categories of recipients, and only to the extent necessary:

6.1 Service Providers (Data Processors)

ProviderPurposeData SharedLocation
Firebase (Google)Authentication, cloud hosting, push notifications, analyticsAccount data, device tokens, usage dataEU / US (with Standard Contractual Clauses)
StripePayment processingTransaction data, billing detailsEU / US (with Standard Contractual Clauses)
CloudinaryImage storage and deliveryUploaded images, profile picturesEU / US (with Standard Contractual Clauses)
ResendTransactional email deliveryEmail address, email contentEU / US (with Standard Contractual Clauses)

All data processors are bound by Data Processing Agreements (DPAs) that ensure GDPR-level protections.

6.2 Masjid Institutions

If you donate to or interact with a specific masjid, relevant information (e.g., donation amount, your name for receipt purposes) may be shared with that masjid's authorized administrators to facilitate their services and record-keeping.

6.3 Tutors & Service Providers

If you book a tutoring session or masjid service, your name and contact details may be shared with the assigned tutor or service provider to facilitate the session.

6.4 Legal & Regulatory Authorities

We may disclose personal data when required by law, court order, or governmental authority, including requests from the Finnish Data Protection Ombudsman, law enforcement, or tax authorities.


7. International Data Transfers

Some of our service providers process data outside the European Economic Area (EEA). When transferring personal data outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914).
  • Adequacy Decisions — transfers to countries recognized by the European Commission as providing adequate data protection.
  • Additional Supplementary Measures — including encryption, pseudonymization, and access controls, as required by the CJEU Schrems II decision.

You may request a copy of the relevant transfer safeguards by contacting us at dpo@alsaut.org.


8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy:

Data CategoryRetention Period
Account DataUntil you delete your account, plus 30 days for processing
Location DataProcessed in real-time; not stored persistently
Financial/Donation Records6 years after the transaction (Finnish Accounting Act, Chapter 2, Section 10)
Religious PreferencesUntil you modify or delete them, or delete your account
Usage & Analytics Data26 months (anonymized after this period)
Communication Data12 months after last interaction, or until account deletion
Support Requests24 months after resolution
Push Notification TokensUntil you disable notifications or delete your account

After the retention period expires, data is securely deleted or irreversibly anonymized.


9. Your Rights Under the GDPR

As a data subject, you have the following rights under the GDPR and Finnish data protection law:

9.1 Right of Access (Article 15)

You may request a copy of all personal data we hold about you, free of charge.

9.2 Right to Rectification (Article 16)

You may request correction of any inaccurate or incomplete personal data.

9.3 Right to Erasure / "Right to Be Forgotten" (Article 17)

You may request the deletion of your personal data, subject to legal retention obligations (e.g., financial records).

9.4 Right to Restriction of Processing (Article 18)

You may request that we limit the processing of your data in certain circumstances (e.g., while we verify the accuracy of your data).

9.5 Right to Data Portability (Article 20)

You may request your personal data in a structured, commonly used, machine-readable format (e.g., JSON or CSV) and have it transmitted to another controller.

9.6 Right to Object (Article 21)

You may object to processing based on legitimate interests at any time. We will cease processing unless we demonstrate compelling legitimate grounds.

9.7 Right to Withdraw Consent (Article 7(3))

Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing performed before the withdrawal. You can manage your consent preferences in your account settings.

9.8 Right Not to Be Subject to Automated Decision-Making (Article 22)

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

9.9 Right to Lodge a Complaint

You have the right to lodge a complaint with the Finnish supervisory authority:

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) Address: Lintulahdenkuja 4, 00530 Helsinki, Finland Email: tietosuoja@om.fi Website: https://tietosuoja.fi Phone: +358 29 566 6700

How to Exercise Your Rights:

  • In-App: Navigate to Settings > Privacy & Data > Manage My Data.
  • Email: Send your request to dpo@alsaut.org.
  • Account Deletion: You can delete your account directly from the app under Settings > Account > Delete Account. We will process the deletion within 30 days.

We will respond to all data subject requests within one (1) month of receipt, as required by Article 12(3) of the GDPR.


10. Cookies, SDKs, and Tracking Technologies

10.1 Website Cookies

Our website uses cookies. We obtain your consent before setting non-essential cookies, in accordance with the Finnish Act on Electronic Communication Services (917/2014) and the ePrivacy Directive.

  • Strictly Necessary Cookies: Required for the website to function (e.g., session management, security). No consent required.
  • Analytics Cookies: Used to understand how visitors use the website (e.g., Firebase Analytics). Require consent.
  • Marketing Cookies: Currently not used.

10.2 Mobile App SDKs

Our mobile application uses the following software development kits (SDKs) that may process personal data:

SDKPurposeData CollectedConsent Required
Firebase AnalyticsUsage analyticsEvents, device info, app instance IDYes
Firebase CrashlyticsCrash reportingCrash logs, device state, stack tracesLegitimate interest
Firebase Cloud MessagingPush notificationsDevice tokenYes (via OS permission)
Stripe SDKPayment processingTransaction dataContractual necessity

You can manage your tracking preferences through your device settings (e.g., "Limit Ad Tracking" on iOS, "Opt out of Ads Personalization" on Android) and within the app's privacy settings.


11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, in accordance with Article 32 of the GDPR:

  • Encryption: All data in transit is encrypted using TLS 1.2+ (HTTPS). Sensitive data at rest is encrypted using AES-256.
  • Access Controls: Role-based access controls (RBAC) limit data access to authorized personnel only.
  • Authentication Security: User credentials are managed through Firebase Authentication with secure hashing; we never store plaintext passwords.
  • Infrastructure Security: Our backend infrastructure uses secure cloud hosting with regular security patching and monitoring.
  • Incident Response: We maintain a data breach response plan. In the event of a personal data breach, we will notify the Finnish Data Protection Ombudsman within 72 hours (Article 33) and affected individuals without undue delay where required (Article 34).
  • Regular Audits: We conduct periodic reviews of our data processing activities and security measures.

12. Children's Privacy

MosqlyFi is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. In Finland, children aged 13 and older may consent to information society services under the Finnish Data Protection Act, Section 5 (implementing Article 8 of the GDPR, which Finland has set at 13 years).

If we become aware that we have inadvertently collected personal data from a child under 13 without appropriate parental consent, we will promptly delete that data and terminate the associated account. If you believe a child under 13 has provided us with personal data, please contact us at dpo@alsaut.org.


13. Privacy by Design and Default

In accordance with Article 25 of the GDPR, we incorporate data protection principles into the design and development of MosqlyFi:

  • Data Minimization: We only collect data that is necessary for the stated purpose.
  • Purpose Limitation: Data collected for one purpose is not repurposed without additional lawful basis.
  • Default Privacy Settings: New accounts are configured with the most privacy-protective settings by default. Features requiring additional data (e.g., precise location) are opt-in.
  • Pseudonymization: Where possible, we use anonymized or pseudonymized data for analytics and improvement.

14. Push Notifications

We may send you push notifications for prayer time alerts, masjid announcements, donation confirmations, and platform updates. You can manage notification preferences:

  • In the App: Settings > Notifications.
  • On Your Device: Through your device's notification settings (iOS Settings > Notifications > MosqlyFi; Android Settings > Apps > MosqlyFi > Notifications).

Disabling push notifications will not affect core app functionality.


15. Third-Party Links

MosqlyFi may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.


16. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or platform features. When we make material changes:

  • We will update the "Last Updated" date at the top of this policy.
  • We will provide a prominent in-app notification.
  • For significant changes that affect your rights, we will seek your renewed consent where required.

We encourage you to review this policy periodically.


17. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the Republic of Finland and the European Union. Any disputes relating to this policy shall be subject to the jurisdiction of the courts of Helsinki, Finland, without prejudice to your right to lodge a complaint with the Finnish Data Protection Ombudsman or any other competent supervisory authority.


18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

  • Data Protection Officer: dpo@alsaut.org
  • General Privacy Inquiries: privacy@alsaut.org
  • Postal Address: Al-Saut-Fi, Helsinki, Finland
  • In-App Support: Settings > Help & Support

Finnish Supervisory Authority: Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) Lintulahdenkuja 4, 00530 Helsinki, Finland Email: tietosuoja@om.fi | Website: https://tietosuoja.fi | Phone: +358 29 566 6700

AL-Saut Logo

Trusted mosque network and halal verification platform for the Finnish Muslim community.

Verified & Transparent
info@al-saut.org+358 40 123 4567

Platform

  • About
  • Contact
  • Privacy Policy
  • Terms & Conditions

Features

  • Mosques & Prayer Times
  • Halal Restaurants
  • Zakat & Sadaqah
  • Islamic Services
  • Announcements

Trust & Verification

  • Verification Process
  • Community Guidelines

© 2026 AL-Saut - Connecting the Ummah.

Al-Saut Logo
HomeAboutServicesContact
GET STARTED