Privacy Policy

1. What This Policy Covers

This policy explains how we collect, use, store, share, secure, and delete personal data when you use Social Muslims on the web, mobile app, support channels, payment flows, identity verification flows, event services, private video introductions, curated profiles, and member community services. We use your profile details and stated preferences to operate curation, recommendations, safety checks, member events, and support. It is written primarily for UK users and UK legal requirements.

2. Who We Are

SOCIALMUZ LTD is the controller of the personal data described in this policy except where a third party acts as an independent controller, such as Apple for App Store billing, PayPal for its own payment processing, or your card issuer for payment-card operations.

3. Personal Data We Collect

• Account data: phone number, account ID, login metadata, device session details, and consent records.
• Hashed identifiers: we may store one-way SHA-256 hashes of phone numbers and similar high-risk identifiers in audit logs, fraud-prevention records, and analytics streams in place of the plaintext value. This lets us trace activity to an account, defend disputes, and detect abuse without writing personally identifying numbers into long-lived logs. The plaintext value remains in the account record under the protections described in §13.
• Profile and introduction data: name, age or date of birth, gender, city or region, photos, biography, prompts, stated intentions, profile preferences, availability, and profile answers.
• Special category data you choose to provide: religion, ethnicity, practice-related information, health-adjacent or marital background information, and other sensitive information that may be revealed through photos, free text, or structured answers.
• Trust and moderation data: verification outcomes, reports, blocks, moderation notes, fraud signals, risk flags, and enforcement history.
• Communications data: support messages, complaint records, outreach responses, scheduling responses, and message delivery records.
• Introduction, event, and call data: direct video introduction requests, proposed and confirmed slots, accept and decline events with optional decline reasons, cancellations, expiry timestamps (pending requests auto-expire after 48 hours), event attendance, Intro Rounds, private event decisions, token issue time, channel or round identifiers, participant join and leave times, call duration, call outcome, report flags, and safety metadata. We do not record private call content by default unless we separately tell you and obtain any consent or other lawful basis required by law.
• Commercial data: payment references, checkout records, wallet balance, held and settled Credits, the wallet transaction ledger (hold, release, settle, refund, and adjustment entries), purchases, refund records, fixed-term package records, legacy subscription status, invoice references, and transaction identifiers.
• Technical and analytics data: IP address, browser or app version, device type, diagnostics, crash data, authentication logs, performance data, abuse-prevention logs, and analytics events where permitted.
• Legal and safety data: complaint records, dispute records, evidence preservation data, and information relevant to potential regulatory or law-enforcement escalation.

4. How We Collect Data

• Directly from you when you sign up, build a profile, verify identity, contact support, join events, or buy a paid service.
• Automatically from your device, browser, app, and use of the service.
• From service providers that support authentication, hosting, analytics, payments, messaging, video, and identity verification.
• From other users when they report, block, decline, accept, or otherwise interact with your profile through the service.

5. Why We Use Your Data

• To create and manage accounts and enforce age, eligibility, and service-purpose rules.
• To host profiles, evaluate fit, run curation, operate video introductions, scheduling, events, and support.
• To process fixed-term prepaid video-introduction purchases, legacy recurring memberships, credits, refunds, and billing administration.
• To operate the Credit-and-hold economy that underpins direct video introduction requests, including placing Credit holds, releasing holds on a non-call outcome, settling holds on a completed call, maintaining the wallet transaction ledger required for accounting and dispute resolution, and defending payment disputes through documented evidence of consent, delivery, and outcome.
• To send service messages about verification, safety, scheduling, billing, reminders, and support.
• To prevent fraud, impersonation, harassment, abuse, illegal activity, and chargeback abuse.
• To moderate content, investigate complaints, protect users, and preserve evidence where necessary.
• To comply with legal obligations, including accounting, law-enforcement cooperation, and online-safety duties.
• To improve product reliability, performance, and service design, subject to consent where required.

6. Our UK GDPR Legal Bases

• Contract: to provide the account, profile hosting, video introduction, scheduling, paid services, support, and billing you ask us for.
• Legitimate interests: for fraud prevention, platform security, moderation, service administration, analytics, dispute handling, and product improvement.
• Consent: for optional analytics or similar technologies where required, product-update and marketing communications by SMS or email, and certain uses of sensitive data where we rely on consent. You can withdraw marketing consent at any time by replying STOP to any marketing SMS, using the unsubscribe link in any marketing email, or contacting support; this does not affect transactional and service-critical messages.
• Legal obligation: where we must retain, disclose, investigate, or otherwise process data to comply with law or lawful requests.

7. Special Category Data and Article 9 Conditions

Because Social Muslims is a British Muslim member platform, some information you provide or choose to reveal may constitute special category data under UK GDPR, including religious beliefs and data revealing ethnicity, health-related information, marital background, or other highly personal information.

Where you actively submit that information for profile review, curation, safety review, video introductions, or events, we rely on your explicit consent and, where relevant, your explicit request that we use it to operate the service you asked for. You should only provide sensitive data you want us to use for those purposes.

8. Moderation, Curation, and Human Review

We use rules, ranking logic, compatibility signals, fraud checks, moderation signals, and operational judgment to support profile curation, safety review, and introduction decisions. We may combine automated tools with human review by staff or the curation team. We do not intend to make solely automated decisions with legal or similarly significant effects on you without appropriate safeguards and human involvement.

8A. Video Calls, Intro Rounds, Reports, and Blocks

Before video calls and Intro Rounds, we show a safety notice explaining that Social Muslims does not record private calls by default and that users must not record, screenshot, or share call content without lawful permission. In-call and post-call controls allow you to report, block, or leave.

When you report or block another user from a call, we store the report category, notes you provide, reporter and target account IDs, relevant intro or event identifiers, round or assignment identifiers where applicable, timestamps, moderation status, and report urgency. We preserve relevant metadata for safety review, but we do not create or store a recording of the call content by default.

Blocking is used to prevent future recommendations, introduction requests, event pairings, and Calls prospects between you and the blocked user where technically supported.

9. Who We Share Data With

• Infrastructure providers: hosting, storage, authentication, logging, and database providers such as Google Firebase and Google Cloud.
• Payments providers: PayPal for web payments, Apple for App Store in-app purchases, Google for Play Store in-app purchases, card issuers, and payment support providers. Some existing users may also have legacy Stripe-billed recurring memberships covered by the rules in our Terms §13.
• Messaging providers: SMS, email, and push-notification suppliers such as Twilio and SendGrid where used.
• Verification providers: identity or verification providers such as Stripe Identity where used. (Stripe Identity is a separate product from Stripe payments and is used only for identity verification.)
• Call and event providers: video or real-time service providers such as Agora where used.
• Professional advisers and insurers: where reasonably necessary for legal, audit, insurance, or transaction support.
• Regulators and authorities: where required by law or necessary to investigate illegal conduct, safety risks, or enforce rights.

We do not sell your personal data.

10. International Transfers

Some suppliers may process personal data outside the UK. Where we transfer personal data internationally, we use safeguards required or recognised by law, such as adequacy regulations, standard contractual mechanisms, UK International Data Transfer Addendum or Agreement terms, or equivalent lawful safeguards. We maintain a vendor and transfer register for core processors including hosting, messaging, payments, verification, and video-call providers.

11. Cookies, Local Storage, and Analytics

Our web services use essential local storage or similar technologies for sign-in, security, fraud prevention, and account continuity. We only enable optional analytics after consent where consent is required. You can use the cookie banner or preference tools we provide to choose between essential-only operation and optional analytics.

12. Retention and Deletion

We keep personal data only for as long as reasonably necessary for the relevant purpose, subject to legal, safety, fraud, and evidential needs. Our current operational targets are:

• Active account and profile data: while your account remains active and for a limited period after closure to handle reactivation, complaints, or fraud review.
• Billing, tax, and accounting records: normally up to 6 years after the relevant transaction year where required by law or accounting practice.
• Safety, moderation, complaint, and enforcement records: normally up to 6 years from the last relevant action where needed for safety, dispute, fraud, or legal reasons.
• Support tickets and operational records: normally up to 24 months after closure unless needed longer for an open issue.
• Analytics and diagnostics: typically shorter retention windows, often around 12 months, unless aggregated or needed for incident investigation.
• Backups: short rolling backup windows and disaster-recovery retention, then deletion or overwrite in the ordinary course.
• Video introduction request records: normally retained for up to 90 days after a request reaches a terminal state (accepted, declined, expired, or cancelled), unless retained longer for safety, fraud, or dispute reasons. Associated wallet transaction ledger entries (hold, release, settle) are retained under the billing-records period above.
• Video call and Intro Rounds metadata: normally retained for up to 90 days after the call, round, or event reaches a terminal state, unless retained longer for safety, fraud, billing, complaint, or legal reasons.
• Call-related reports and blocks: normally retained under the safety and moderation period above so we can investigate, prevent rematching, respond to complaints, and evidence actions taken.

If you want us to delete your account and personal data, email socialmuslims02@gmail.com with the subject line Data Deletion Request and include the phone number or email address linked to your account so we can locate it and verify the request.

13. Security

We use technical and organisational measures designed to protect personal data, including access controls, encryption in transit, logging, least-privilege access, and account-security controls. No service can guarantee absolute security.

Where practical, we replace plaintext personally identifying values (for example phone numbers) with one-way SHA-256 hashes in audit logs and operational records, so that account-linkage and abuse-detection can occur without those values being written into long-lived log storage.

14. Your Rights

Depending on applicable law, you may have rights to access, rectify, erase, restrict, object, port certain data, withdraw consent, and ask for review of certain processing decisions. You can request account deletion or data export by contacting socialmuslims02@gmail.com from the email address linked to your account, or by including the phone number linked to your account in your message.

15. Complaints and the ICO

Please contact us first so we can try to resolve your privacy concern. If you are in the UK and remain unhappy, you may complain to the Information Commissioner’s Office.

16. Children

Social Muslims is for adults aged 18 and over only. We do not knowingly provide the service to children or intentionally collect personal data from children.

17. Third-Party Services

The service may link to or integrate with third-party services. Those services may publish their own privacy notices and terms. We are not responsible for third-party privacy practices we do not control.

18. Changes to This Policy

We may update this policy to reflect changes in law, regulation, guidance, product design, suppliers, or operations. The latest version will be posted here with the update date.

19. Contact

For privacy, legal, online-safety, or rights requests, contact socialmuslims02@gmail.com. For general support, you can also contact socialmuslims02@gmail.com.

For account deletion requests, use the subject line Data Deletion Request and include the phone number or email address linked to your account.