# Riwaq Privacy Policy (End Users)
**Status:** Draft v1 -- for product/engineering implementation. **Requires qualified legal review** before publication (see release gate G10 in [07-mobile-store-production-readiness.md](../specs/07-mobile-store-production-readiness.md)).
**Applies to:** Individuals who use the Riwaq mobile app (`io.riwaq.app`) and/or sign in as a **community member** on a mosque's public Riwaq website (customer auth). This policy does **not** govern mosque operators who administer tenant workspaces through the admin portal under separate operator terms.
**Canonical URL (target):** `https://alriwaq.net/privacy`
**Last updated:** 2026-05-28
---
## 1. Scope and relationship to Terms
This Privacy Policy explains how **[LEGAL ENTITY NAME]** ("Riwaq", "we", "us") collects, uses, shares, and retains personal data for end-user services.
By creating an account or using the services, you acknowledge this policy and the [Base User Agreement](./base-user-agreement.md). If there is a conflict between this policy and mandatory law, mandatory law controls.
---
## 2. Data we collect
### 2.1 Account and profile data
- Email address and authentication identifiers.
- Optional profile fields you provide (for example display name, phone, address).
- Optional birth date used only for age-gated feature eligibility (for example, verifying 18+ eligibility for posting as a carpool driver).
### 2.2 App usage and preferences
- Tenant selection and end-user preferences (for example prayer and notification settings).
- Push notification tokens and related delivery metadata.
- Optional location data if you enable location-based features (such as geofencing for utility features).
### 2.3 Community carpools data
If your tenant enables community carpools and you participate:
- Listing content: role (driver/rider), direction, seats/party size, departure window, optional notes and preference flags.
- Coarse pickup data you provide: neighborhood label and/or rounded coordinates/geohash.
- Match and message metadata: listing links, status changes, timestamps, in-app message content.
- Safety reports: report category and optional narrative details.
We do not position community carpools as a ride-hailing marketplace and do not process in-app fares in v1.
### 2.4 Technical and device data
- Device and app metadata needed for reliability, fraud prevention, security, and troubleshooting.
- Session information needed to maintain authenticated app usage.
---
## 3. How we use data
We use personal data to:
- Provide account login, profile management, and core app functionality.
- Deliver member-facing features across mobile and web.
- Send notifications you request or that your tenant sends through supported channels.
- Operate community carpools matching, safety moderation, and abuse prevention where enabled.
- Enforce product safety rules (for example age-gating for driver listings).
- Maintain security, detect misuse, and comply with legal obligations.
---
## 4. Legal bases (where applicable)
Depending on your location, we process data under one or more of:
- Performance of a contract (providing requested services).
- Legitimate interests (service security, abuse prevention, product reliability).
- Consent (for optional permissions such as push and location where required).
- Compliance with legal obligations.
---
## 5. Who can access data
- **Same-tenant members:** can view non-hidden carpool listing fields for events where they have access, when this feature is enabled.
- **Matched members:** may view additional contact details only when explicitly enabled by product behavior and user choices.
- **Tenant administrators:** can view tenant-scoped carpool listings/matches/reports for moderation and operations.
- **Riwaq personnel and processors:** can access data as needed to operate, secure, and support the service.
We do not sell personal data for cross-app advertising.
---
## 6. Service providers and third parties
We use service providers to run core functionality (for example infrastructure, authentication, push delivery, and optional weather data). Providers may process data on our behalf under contractual controls.
Where a tenant links third-party registration/payment pages, your interactions with those pages are governed by the tenant and relevant third-party policies.
---
## 7. Retention
We retain personal data only as long as needed for the purposes above, including legal, security, and dispute requirements.
For community carpools, operational data (listings/matches/messages/reports) may be deleted or anonymized after event relevance windows and safety review periods, unless legal hold or dispute handling requires longer retention.
---
## 8. Your choices and rights
You can:
- Update profile fields in-app.
- Disable notification and location permissions in app/OS settings.
- Withdraw carpool participation by deleting or canceling listings (subject to product constraints).
- Delete your account using in-app account deletion controls.
Depending on your jurisdiction, you may also have rights to access, correct, delete, or restrict processing of your personal data. Contact **[SUPPORT EMAIL]** to submit requests.
---
## 9. Security
We use reasonable technical and organizational safeguards to protect personal data. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.
---
## 10. Children's data
The service is not directed to children under 13 (or higher minimum age required by local law). If we learn we collected personal data unlawfully from a child, we will take steps to delete it as required.
---
## 11. International transfers
Your data may be processed in countries other than your own, subject to appropriate safeguards required by applicable law.
---
## 12. Changes to this policy
We may update this policy from time to time. We will update the "Last updated" date and publish the revised version at the canonical URL.
Material changes may also be communicated through in-app notices, email, or website notices when required.
---
## 13. Contact
**[LEGAL ENTITY NAME]**
**[POSTAL ADDRESS]**
**[SUPPORT EMAIL]**
---
## Implementation checklist (engineering/product)
| Surface | Requirement |
|---------|-------------|
| Web | Publish this policy at `/privacy` with stable URL |
| Mobile register | Link to Terms + Privacy and require acceptance before account creation |
| Mobile legal settings | Open published Terms and Privacy URLs |
| Web customer register/login | Show Terms + Privacy links; require acceptance on register |
| Carpool first-post flow | Require supplemental consent tied to published updated Terms/Privacy before first listing |
| Release gate G10 | Counsel approves Terms, Privacy, and store declarations before production rollout |
**Placeholders to resolve before publish:** `[LEGAL ENTITY NAME]`, `[POSTAL ADDRESS]`, `[SUPPORT EMAIL]`.
← Back to home
Privacy Policy
Canonical source: prd/legal/privacy-policy.md