Privacy Policy

Why we process data. Depending on your location and the activity, we rely on one or more of the following: performing a contract with you (for example, processing a payment you request); our legitimate interests (for example, securing the site, preventing abuse, improving reliability, and operating internal contribution reporting for authorized staff); compliance with legal obligations; and, where required, your consent.

Cookies and similar tech. We use cookies and similar technologies that are needed to run the site:

• Authentication — session cookies from our authentication provider keep dashboard users signed in.
• Preferences — a theme cookie (iqa_theme) stores your light/dark choice where the UI offers it.
• Landing experiments — a short-lived visitor cookie (lp_vid) may assign consistent public page variants for contribution landing tests. It is not used to sell your personal information.
• Analytics (when enabled) — if our deployment is configured with Google Analytics 4 (GA4), scripts from Google Tag Manager / Google may run to help us understand aggregated traffic and improve the site. Those services may set their own cookies or use similar storage on your device. See Google's Privacy Policy.

In the browser, we may use sessionStorage for the current tab only to reduce duplicate analytics signals during a single visit. You can clear cookies and site data in your browser settings; doing so may sign you out of the dashboard or reset preferences and experiment assignment.

We do not operate third-party advertising cookies on this site to sell your personal information. When analytics tools such as GA4 are enabled, they may use cookies or similar technologies for measurement; depending on your region and our configuration, additional consent or controls may apply. If we introduce new non-essential trackers, we will update this policy and, where required, provide choices.

Educational checkout (public). If you pay through our checkout, you may provide an optional email address for receipts. Payment details (such as card or wallet information) are entered into Stripe’s payment interface on our site; we do not receive or store your full card number on our servers. Where PayPal is offered, PayPal’s interface collects what it needs under its policies.

Technical and usage data. Like most websites, we and our hosting provider may process technical data automatically, such as IP address, approximate location derived from IP, browser type, device type, date and time of requests, and similar diagnostic information needed to deliver the service securely and reliably.

Team dashboard accounts. Authorized users who sign in to the internal dashboard provide account credentials managed by our authentication provider (email-based sign-in and related profile data as configured). Session cookies (or similar technologies) keep you signed in while you use the dashboard.

Payment and supporter records (operations). To operate IslamQA contribution and internal reporting, we store information about completed payments and related Stripe records (for example, transaction identifiers, amounts, timestamps, subscription status where applicable, and limited customer metadata) in our database. This data comes from Stripe via secure server-to-server integrations (such as webhooks and reconciliation), not from you typing card data into our database. PayPal may provide limited transaction metadata through its integrations where used.

• To process and confirm payments for educational services and subscriptions
• To send or facilitate payment receipts and support responses
• To secure the site, prevent fraud and abuse, and troubleshoot issues
• To operate internal analytics and reporting for authorized team members (contribution metrics)
• To comply with law and respond to lawful requests
• To measure site traffic and improve reliability when analytics tools are enabled (typically in aggregated form)

We share information with service providers that help us run this site and process payments. They are permitted to use the data only to provide services to us:

• Stripe — payment processing, fraud prevention, and related payment services. Stripe processes payment data according to its own policies. See Stripe’s Privacy Policy.
• PayPal — payment processing where PayPal checkout is enabled. See PayPal’s Privacy Statement.
• Supabase — hosted database and authentication for dashboard accounts and operational contribution data. See Supabase’s Privacy Policy.
• Vercel — hosts the application and edge/serverless infrastructure and may process technical logs needed to deliver the site. See Vercel's Privacy Policy.
• Google — when GA4 is enabled, Google processes analytics events under its policies (see link under Cookies above).
• Resend — may send operational emails (for example, thank-you or receipt-related messages) when configured. See Resend's Privacy Policy.

We may also disclose information if we believe in good faith that disclosure is required to comply with law, regulation, legal process, or government requests, or to protect the rights, safety, and security of our users, the public, or our services.

We do not sell your personal information as a commodity. We do not use your payment data for third-party advertising profiles on this site.

Our service providers may process data in countries other than your own. Where required, appropriate safeguards (such as contractual clauses) may apply depending on the provider and your location.

We retain operational and payment-related records for as long as needed to run the service, meet legal and accounting obligations, resolve disputes, and enforce our agreements. Retention periods can vary by data category and legal requirements.

We use industry-standard protections appropriate to the nature of this service, including:

• Encrypted connections (HTTPS) between your browser and our site
• Payment card data handled by Stripe under PCI-DSS scope, not stored as full card numbers on our application servers
• Server-only secrets for sensitive integrations; access controls on databases and admin tools
• Verified Stripe webhook signatures so payment events we process are authentic

No method of transmission or storage is completely secure. If you believe your information has been compromised, contact us using the details below.

Depending on where you live, you may have rights to access, correct, delete, or restrict certain personal data, or to object to certain processing. To make a request, email support@islamqa-contribution.org. We will respond in line with applicable law. You may also contact Stripe or your bank for payment-specific questions.

If you are in the United Kingdom or European Economic Area and applicable law applies, you may have the right to lodge a complaint with your local supervisory authority, in addition to contacting us.

Depending on thresholds and requirements that apply to us, residents of certain US states (including California) may have additional rights regarding personal information, such as rights to know, delete, or opt out of certain processing. To exercise rights that may apply, email support@islamqa-contribution.org. We do not sell personal information for money as a traditional data broker sale; we describe analytics and payment processing above.

This site is not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will take appropriate steps.

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the “Last updated” date. Where changes are material, we will provide additional notice if required by law. Continued use of the site after changes means you accept the updated policy.

Questions about this policy: support@islamqa-contribution.org. You can also visit our Support page.