Privacy Policy

Welcome to MyShahada.net ("MyShahada", "we", "our", or "us"), a global Islamic support and guidance platform operated by MyShahada Global Foundation, based in the State of California, United States.

MyShahada provides free services to individuals around the world who are exploring Islam, embracing Islam, learning about Islam, seeking Islamic guidance, or accessing related religious services. The Shahada service itself is provided entirely free of charge.

This Privacy Policy explains how we collect, use, store, protect, and disclose personal information when you use our website, applications, services, events, educational tools, and communication channels.

Because MyShahada processes religious identity information, we recognise that some of the information you provide is highly sensitive personal data under applicable laws, including the California Consumer Privacy Act ("CCPA/CPRA"), the UK GDPR and Data Protection Act 2018, the EU General Data Protection Regulation ("GDPR"), and other international privacy and data protection laws where applicable.

We are committed to handling your information responsibly, respectfully, securely, and transparently.

1. Who We Are

MyShahada is a project of MyShahada Global Foundation, headquartered in California, United States.

For the purposes of applicable data protection laws, MyShahada Global Foundation acts as the "data controller" of your personal information.

Contact: email contact@myshahada.net or visit MyShahada.net.

2. Core Privacy Commitments

We believe privacy and dignity are essential parts of serving the Muslim community and those embracing Islam.

We never sell your personal data. We never use your data for advertising purposes. We do not permit third parties to use your data for behavioural advertising. We only collect information necessary to operate and improve our services.

We process sensitive religious information only with your consent or where otherwise permitted by law. We apply enhanced safeguards to Shahada and religious identity records. We never share recordings of Shahada sessions externally without your explicit consent.

We provide services globally while aiming to comply with international privacy obligations.

3. Information We Collect

The sections that follow describe the categories of personal information we may collect and the reasons we collect each one. We collect only what is necessary to operate and improve the services you choose to use.

3A. Account Information

When you create an account or subscribe to our services, we may collect your full name, email address, password, preferred language, and account preferences.

This allows us to authenticate your account, personalise your experience, provide educational and support services, and maintain account security. Passwords are securely encrypted and are never stored in plain text.

3B. Shahada and Religious Service Information

When arranging a Shahada ceremony or issuing a Shahada certificate, we may collect your full name, date of birth, gender, national origin, email address, telephone number (optional), preferred language, scheduling details, relevant religious information, certificate information, ceremony attendance records, and witness or verification details where applicable.

This information is used to coordinate Shahada ceremonies, facilitate religious support, issue and verify Shahada certificates, and assist with future certificate-related requests.

3C. Shahada Certificate Verification Information

Shahada certificates issued through MyShahada may be publicly searchable or verifiable through our systems.

Verification may display limited certificate-related information to authorised individuals or organisations for purposes including Umrah applications, Hajj applications, marriage-related verification, religious identity confirmation, Islamic institutional requirements, and community or mosque verification requests.

By requesting or accepting a Shahada certificate through our platform, you acknowledge and consent to this verification functionality.

3D. Shahada Session Recordings and Other Media

We record and securely store Shahada sessions. These recordings are used for identity verification, certificate issuance, internal operational records, and religious documentation.

We do not share Shahada session recordings with any third party, publish them, or use them for promotional purposes, except where you have given explicit consent. Where you choose to share your story publicly (for example, as a testimonial), we will only use the content you have specifically approved for that purpose.

In addition to Shahada recordings, we may collect other photographs, video recordings, audio recordings, screenshots, or media that you submit voluntarily (for example, testimonial content or community awareness contributions). Before publishing any such content publicly, we seek verbal, written, digital, or recorded consent where reasonably practicable. If you do not consent to public sharing, we will not publish identifiable content or will anonymise the material.

3E. Estate Planning and Islamic Will Information

Where you use our Islamic Will or estate planning services, information entered may include family details, beneficiary information, assets and liabilities, state or country of residence, school of thought, and testamentary preferences.

This information is processed only during your active session and is not stored on our servers after your session ends. This is a deliberate design choice and applies unconditionally.

Users remain responsible for independently reviewing legal documents generated through the platform. MyShahada does not provide licensed legal advice unless explicitly stated.

3F. Learning, Educational and Religious Guidance Information

We may collect learning progress (including 30-Day Program enrollment and progress), saved articles or content, Quran and Hadith bookmarks, questions submitted to scholars and our Q&A knowledge base, notes and preferences, and course participation records.

We also record your lifecycle stage (for example: exploring, learning, ready, embracing, new Muslim, practising) so we can personalise the experience appropriately for where you are in your journey.

This helps us personalise educational services and improve user experience.

3G. Communication Information

When you contact us or subscribe to communications, we may collect your email address, phone number, message content, support history, and communication preferences.

We may communicate through email, SMS, in-product notifications, and scheduled video calls with scholars (via our scheduling provider). WhatsApp may be added as a communication channel in the future; if introduced, it will be clearly disclosed and opt-in.

You may unsubscribe from non-essential communications at any time.

3H. Location Information

We may process your IP address (used for geographic region detection), GPS location, device location, and manually entered city or country information.

This enables services such as prayer times, nearby mosques, Qibla direction, halal food discovery, local Islamic services, and the routing of your data to the appropriate regional infrastructure for compliance purposes.

Where possible, location data is processed in real time and not permanently stored.

3I. Technical and Usage Information

We may automatically collect limited technical information including device type, browser type, operating system, IP address (also used for region routing — see Section 3H), language settings, pages visited, session duration, feature usage, crash reports, and security logs.

This helps us maintain platform security, prevent abuse, improve functionality, diagnose technical issues, and understand platform performance.

4. Information We Do Not Collect

We do not collect ethnicity, race, government-issued ID numbers (unless specifically required for a lawful purpose), biometric identifiers, financial account credentials, advertising profiles, data for targeted advertising purposes, or personal data from children under applicable legal age thresholds.

We do not knowingly collect personal data from children under 13, or under 16 in jurisdictions where higher age thresholds apply.

We also do not share Shahada session recordings, religious identity information, or other sensitive personal data with any third party for purposes outside the operation of our services, except with your explicit consent or where required by law.

5. Legal Bases for Processing

Depending on your location, we process personal data based on your consent, the performance of a contract or requested service, compliance with legal obligations, our legitimate interests, the protection of vital interests, or religious or non-profit exemptions permitted by law.

Sensitive religious data is processed only where lawful and appropriate safeguards exist.

6. Cookies and Tracking Technologies

We use limited cookies and similar technologies.

Essential cookies are necessary for account login, security, site functionality, and user authentication. These cannot be disabled without affecting service functionality.

Optional analytics and preference cookies may be used with your consent to understand platform usage, improve services, and remember settings and preferences.

You may manage cookie preferences through our consent tools or browser settings. For a full explanation of the categories, the specific technologies used, and how to change your choices at any time, see our Cookie Policy.

Session recording. Session recording is enabled only in non-production development environments to help our team diagnose technical issues. Session recording is disabled in our production environment.

7. How We Share Information

We do not sell personal information.

We may share limited information with trusted service providers that assist us in operating the platform, including providers for cloud hosting, infrastructure, security monitoring, analytics, email delivery, customer support, scheduling systems, prayer time APIs, communication systems, content management, and operational coordination tools.

These providers are contractually restricted from using your information for their own purposes.

8. International Data Transfers

MyShahada operates internationally.

Your information may be processed or stored in the United States, the United Kingdom, the European Union, and other jurisdictions where our providers operate. We route data regionally where applicable to support compliance with local data protection requirements. Specifically, our analytics provider (PostHog) is configured to route your data to a regional cluster matching your detected location — visitors located in the European Economic Area, the United Kingdom, or Switzerland are routed to the EU cluster; all other visitors are routed to the United States cluster.

Where legally required, we implement safeguards including Standard Contractual Clauses, data processing agreements, security assessments, and organisational and technical protections.

By using our services, you acknowledge that international transfers may occur.

9. Data Retention

We retain information only for as long as reasonably necessary. Retention periods may vary depending on the service provided.

Examples: account data is retained until account deletion or inactivity review; Shahada certificates may be retained indefinitely unless deletion is requested and legally permissible; Shahada session recordings are retained securely for the purposes described in Section 3D and never shared externally without explicit consent; support communications and analytics data are generally retained up to 12 months; learning progress is retained until removal or account deletion; security logs are retained as reasonably necessary for fraud prevention and compliance.

Detailed retention schedules are maintained operationally and are available on request. We may retain certain information longer where required for legal compliance, religious verification, fraud prevention, security investigations, or dispute resolution.

10. Your Privacy Rights

Depending on your location, you may have rights including access to your personal information, correction of inaccurate information, deletion of your data, restriction of processing, objection to processing, withdrawal of consent, data portability, and the right to lodge a complaint with a regulatory authority.

To exercise your rights, contact contact@myshahada.net. We may need to verify your identity before processing requests.

11. California Privacy Rights

California residents may have additional rights under the CCPA/CPRA, including the right to know what personal information is collected, to request deletion, to request correction, to limit certain uses of sensitive personal information, and not to be discriminated against for exercising privacy rights.

MyShahada does not sell personal information, does not share personal information for cross-context behavioural advertising, and honours recognised Global Privacy Control signals where applicable.

12. UK and EU Rights

Users located in the UK or EU may lodge complaints with their local supervisory authority.

We process special category religious data only where lawful under applicable UK/EU laws.

13. Data Security

We implement reasonable technical, organisational, and administrative safeguards including encryption in transit and at rest, secure password handling, access controls, monitoring systems, security reviews, role-based permissions, limited internal access, and secure cloud infrastructure.

No platform or transmission method can be guaranteed completely secure, but we continuously work to maintain strong protections.

14. Data Breach Procedures

If a personal data breach occurs that is likely to pose a risk to your rights or freedoms, we will investigate promptly, take mitigation measures, notify affected individuals where legally required, and notify relevant regulators within applicable legal timeframes.

15. Third-Party Links and Services

Our platform may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of third parties. Users should review external privacy policies independently.

16. Sub-Processors and Service Providers

We may use current or future providers including those offering cloud infrastructure, analytics, email communication, SMS communication, scheduling systems, operational management tools, communication platforms, prayer time services, geolocation functionality, customer engagement tools, content management, and identity and authentication services.

These providers may change over time as our services evolve.

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes become effective when posted on our platform. Where required by law, we may provide additional notice regarding material changes.

18. Contact Us

For privacy questions, requests, or concerns, contact MyShahada Global Foundation, California, United States, by email at contact@myshahada.net or via MyShahada.net.

Version 3 · Effective May 20, 2026.