Privacy Policy

1. Introduction

Rafiq ("we", "our", "us") is an Islamic personal finance application. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use the Rafiq mobile application.

2. Information We Collect

Account Information

• Email address — for account creation and authentication
• Name — for personalization
• Date of birth — optional, for retirement zakat calculations
• Phone number — optional, for account recovery

Financial Information

• Account balances and transactions — when you link bank accounts via Plaid or enter data manually
• Investment holdings — stock symbols, share counts, and purchase prices you enter
• Zakat, khums, and giving records — calculations and donation history you create
• Budget and spending data — categories and amounts you enter

Technical Information

• Device identifier — for Firebase Analytics (anonymized)
• Crash data — via Firebase Crashlytics, to fix bugs

3. How We Use Your Information

We use your information solely to:

• Provide Islamic finance calculations (zakat, khums, halal screening, tatheer)
• Display your financial dashboard and net worth
• Power the Ask Rafiq AI assistant with your financial context
• Send notifications you opt into (zakat reminders, budget alerts, price alerts)
• Improve app stability via crash reports

4. Third-Party Services

Rafiq uses the following third-party services to provide functionality:

Firebase (Google)

Authentication, data storage (Firestore), crash reporting (Crashlytics), push notifications (Cloud Messaging), and serverless functions. Data is encrypted in transit via TLS and at rest. Firebase Privacy Policy.

Plaid

Bank account linking and transaction syncing. When you connect a bank account, Plaid securely retrieves your account information. Plaid access tokens are stored exclusively on our server and are never present on your device. Plaid Privacy Policy.

Every.org

Charitable donation processing. When you donate through Rafiq, you are redirected to Every.org's secure payment page. Rafiq does not process or store payment card information. Every.org Privacy Policy.

Anthropic (Claude AI)

Powers the Ask Rafiq AI assistant. Your financial context is sent to Anthropic's API via our secure Cloud Function proxy to generate personalized responses. Conversations are stored in your Firestore account. Anthropic Privacy Policy.

Alpaca Markets & Financial Modeling Prep

Real-time stock prices and AAOIFI halal screening data. Only stock symbols are sent to these services, never your personal or financial information.

5. Data Storage and Security

• All data is stored in Google Firebase Firestore, encrypted in transit (TLS) and at rest.
• Plaid access tokens are stored server-side only, inaccessible from client devices.
• Biometric authentication (Face ID / Touch ID) and PIN codes are processed locally on your device and never transmitted to our servers.
• We do not use advertising SDKs or sell your data to third parties.

6. Your Rights

Account Deletion

You can delete your account at any time from Settings within the app. Account deletion permanently removes all your data from our systems, including:

• All financial records (accounts, transactions, budgets, zakat/khums records, giving history)
• Plaid connections and stored access tokens
• Ask Rafiq conversation history
• Your Firebase Authentication account

This process is compliant with GDPR, CCPA, and PIPEDA requirements.

Data Access and Portability

You can export your financial data in CSV or JSON format from the app's Settings screen.

Notification Control

You can enable or disable all notification types (zakat reminders, budget alerts, price alerts, dividend alerts) from Settings within the app.

7. Children's Privacy

Rafiq is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us to have it removed.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app or via email. Continued use of Rafiq after changes constitutes acceptance of the updated policy.

9. Contact Us

For privacy-related questions or data requests, contact us at:

Email: salam@rafiq.money

Effective Date: February 10, 2026