Back to home

Privacy Policy

Last updated: 20 April 2026

1. Who we are

Khairun Nikah (“we”, “our”, “us”) is the data controller for the personal information you provide when using this platform. We are registered in England and Wales.

We are registered with the Information Commissioner’s Office (ICO) as a data controller. If you have a question or concern about how we handle your data, you can reach us via our contact form.

2. What we collect

a. Account data

Your name, email address, date of birth, and login credentials. This is required to create and maintain your account.

b. Profile and values data — including special category data

To help us match you with compatible partners, we ask for information about your values, preferences, and background. This includes your sect, level of Islamic practice (e.g. prayer, dietary observance), relationship expectations, Mahr expectations, family and lifestyle preferences, love language responses, and similar.

Important: some of this information — in particular your religious beliefs and practices — is classified as special category data under UK GDPR (Article 9). We process this data only with your explicit consent, which you give when you complete your profile. You can withdraw consent at any time by deleting the relevant profile information or closing your account.

c. Guardian (Wali) data

If you use our Wali mode, we collect your guardian’s name, contact details, and their relationship to you. Guardians who create an account are subject to the same data handling as any other member.

d. Contract and ceremony data

When you use the Nikkah contract tools, we store the contract content, negotiation records, Mahr amounts, witness details (name, contact), signing tokens, PDF files, and ceremony-related records. This data is required to operate the contract features and is retained as part of your account record.

e. Identity verification data

If you choose to verify your identity, we use a third-party provider (Didit) to perform the check. Didit processes your identity documents directly under their own privacy policy. We receive only a verification status (verified / not verified) and a reference ID — we do not store copies of your identity documents.

f. Subscription and billing data

Subscription status, billing dates, and payment references. Payment card details are processed directly by Stripe and RevenueCat — we never see or store your full card number.

g. Messages and calls

Messages you send through the platform are stored so the other party can receive them. If Wali mode is active, your guardian can read messages in the conversation. Audio and video calls use LiveKit and are not recorded or stored by us.

h. Location data

We ask for your city or postcode to show you geographically relevant matches. You can optionally allow live location updates, which you can disable at any time in your profile settings.

i. Technical data

IP address, browser type, and device information, collected automatically when you use the platform. This is used only for security, fraud prevention, and keeping the service running.

j. Session analytics

We use LogRocket for session recording and analytics. This helps us identify bugs and improve the user experience. LogRocket may capture screen interactions and technical events. We do not use it to monitor private message content.

3. Why we process your data (lawful basis)

UK GDPR requires us to have a lawful basis for each type of processing. Here is what we rely on:

  • Performance of a contract — providing the service you signed up for: your account, matching, messaging, contracts, and subscriptions.
  • Explicit consent — processing special category data (religious beliefs, practices, and related values data). You give this consent when you complete your profile. You can withdraw it at any time.
  • Legitimate interests — security, fraud and abuse prevention, improving the service, and communicating with you about your account. We have assessed these interests and concluded they do not override your rights.
  • Legal obligation — where we are required by law to process or retain data (e.g. fraud investigation, safeguarding, responding to a court order).

4. Matching and profiling

Our platform uses your profile data to calculate a compatibility score with other members and to rank discovery results. This constitutes automated profiling under UK GDPR Article 22. The score affects which profiles you see first, but it does not make automated decisions that have legal or similarly significant effects — you always choose who to connect with. You can contact us if you want to understand how your score is calculated or to request that it not be used.

5. Who we share your data with

We do not sell your personal data. We share it only with the service providers listed below, and only to the extent needed to operate the platform.

  • Supabase — database, authentication, and file storage (our core infrastructure provider).
  • Stripe — payment processing and subscription billing.
  • RevenueCat — subscription management and entitlement tracking.
  • Resend — transactional email delivery (e.g. verification emails, notifications).
  • LiveKit — real-time audio and video calls between matched members.
  • Didit — identity verification. Didit processes document and biometric data directly; see the Didit Privacy Policy for details.
  • LogRocket — session recording and analytics to help us fix bugs and improve the product.
  • Sentry — error monitoring. Sentry may capture technical context around errors, but we configure it to minimise personal data in error reports.
  • OSM Nominatim / Google Maps — geocoding your location when you provide an address (no personal identifiers are sent, only the address string).
  • Law enforcement or regulators — where we are legally required to disclose data.

Other members see only the profile information you choose to make visible. Matched members see your profile; your guardian (if Wali mode is active) can see your matches and messages as you have configured.

6. International transfers

Several of our service providers are based in the United States (Stripe, RevenueCat, LiveKit, LogRocket, Sentry, Didit). Transferring your data to these providers involves sending it outside the UK. We ensure these transfers are protected by appropriate safeguards, primarily Standard Contractual Clauses (SCCs) approved by the UK ICO (or the EU equivalent where applicable), or by the provider’s participation in a recognised data transfer framework.

7. How long we keep your data

  • Active account: we retain your data for as long as your account is open.
  • After account deletion: we delete or anonymise your profile data within 30 days, except where we are required to retain records for legal compliance (e.g. financial transaction records, which are retained for up to 7 years per HMRC requirements).
  • Contract and ceremony records: given the legal and religious significance of Nikkah contracts, signed contracts and ceremony records may be retained for a longer period (up to 7 years) even after account deletion, unless you specifically request deletion and there is no legal reason to retain them.
  • Support and dispute records: retained for up to 3 years after closure of the matter.

8. Your rights

Under UK GDPR, you have the following rights. To exercise any of them, contact us via our contact form. We will respond within one month.

  • Access: request a copy of the personal data we hold about you.
  • Rectification: ask us to correct inaccurate or incomplete data.
  • Erasure: ask us to delete your data (“right to be forgotten”), subject to any legal obligations to retain it.
  • Portability: receive your data in a structured, commonly used format so you can take it elsewhere.
  • Restriction: ask us to pause processing of your data in certain circumstances.
  • Objection: object to processing based on legitimate interests. We will stop unless we have compelling grounds to continue.
  • Withdraw consent: where processing is based on your consent (including for special category data), you can withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing that already took place.
  • Automated decision-making: you have the right not to be subject to decisions made solely by automated means that have a significant effect on you. Our profiling (matching scores) does not make such decisions — you always remain in control.

Right to complain: if you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): ico.org.uk/make-a-complaint. We would always appreciate the chance to address your concern first.

9. Children

This platform is for adults only. You must be at least 18 years old to create an account. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, please contact us and we will remove it promptly.

10. Cookies

We use cookies for authentication and to keep your session active. We also use third-party tools (LogRocket) that set cookies for analytics. You can manage or block cookies in your browser settings, though doing so may affect how the service works.

11. Changes to this policy

We will update this policy when we make changes to how we handle your data. For significant changes, we will notify you by email or via the platform before they take effect. The “last updated” date at the top of this page always reflects the current version.

12. Contact us

For any privacy-related question, request, or concern — including to exercise your rights — please use our contact form. We aim to respond within 5 working days and are required by law to respond within one month.