This policy describes what Rafiq Labs Inc. ("Rafiq," "we," "us") collects, why we collect it, how we use it, and what rights you have. It applies to rafiq.money, our iOS app, and any related services we operate. If you just want the one-paragraph version, read this:
We collect only what we need to make Rafiq work for you. We encrypt it, we don't sell it, we don't share it with advertisers, and you can take it back or delete it at any time.
1 · What we collect
Information you give us
- Account information. Your name, email, password hash, and the madhab you follow.
- Profile details. Country, preferred currency, hawl start date, and any household settings you configure.
- Financial inputs. Asset holdings, liabilities, and transactions you either type in or import from a linked institution.
- Communications. Messages you send us through support, feedback, or email.
Information collected automatically
- Usage data. Which screens you visit, features you use, and general interaction patterns — used to improve the product.
- Device information. Device type, OS version, app version, and a device identifier used for security.
- Diagnostics. Crash reports and performance metrics, scrubbed of personally identifying content.
Information from third parties
If you link a bank, brokerage, or crypto account through a data-aggregation partner (such as Plaid or MX), we receive account balances, holdings, and transaction history for the accounts you authorize. You control which accounts are linked, and you can unlink at any time.
2 · How we use it
We use the information we collect to:
- Calculate your zakat, khums, and net worth according to the madhab you select.
- Run halal screens on your portfolio and explain the results.
- Provide AI-assisted answers through our companion feature — with your financial context as input, processed securely and not used to train third-party models.
- Send you reminders and summaries you've asked for (hawl alerts, monthly statements, goal progress).
- Detect and prevent fraud, abuse, or unauthorized access to your account.
- Improve Rafiq through aggregated, anonymized analytics — never by selling or exposing your individual data.
3 · Who we share it with
We share your information only in these specific cases, and never otherwise:
- Service providers who help us operate Rafiq (cloud hosting, data aggregation, email delivery). These partners are contractually bound to use your data only for the services they provide to us.
- Charity partners when you pay zakat or make a donation through the app. We share the amount and any message you include — not your full profile.
- Legal requirements when we are required to by valid legal process. We will attempt to notify you when we are legally permitted to do so.
- A corporate transaction (merger, acquisition, sale of assets). We will notify you before your data is transferred, and your choices will be preserved.
We do not sell your personal information. We do not share it with advertisers. We do not license it to data brokers. We do not build behavioral profiles for third parties. None of that will change.
4 · How long we keep it
We keep your information as long as your account is active, and for up to 7 years afterward to comply with tax, audit, and regulatory requirements — after which it is permanently deleted. You can request earlier deletion at any time (see Your Rights below).
5 · How we secure it
- Encryption. TLS 1.3 in transit. AES-256 at rest. Sensitive fields are encrypted with per-user keys.
- Access control. Production systems follow least-privilege. Engineer access to user data requires a documented business reason and is audited.
- Infrastructure. Rafiq runs on SOC 2 Type II-compliant cloud infrastructure. We conduct regular penetration testing and third-party security reviews.
- Disclosure. If we experience a security incident that materially affects your data, we will notify you within 72 hours.
6 · Your rights and choices
Regardless of where you live, you have these rights with respect to your Rafiq data:
- Access — request a copy of all information we hold about you.
- Correct — fix anything that's inaccurate.
- Delete — remove your account and associated data.
- Export — download your data in a portable format (CSV / JSON).
- Restrict — limit how we process your information for optional features.
- Object — opt out of any processing that isn't strictly necessary for the service.
Residents of California, the EU, the UK, and other jurisdictions have additional rights under local law, including the right to lodge a complaint with a regulator. To exercise any right, email privacy@rafiq.money from the address associated with your account.
7 · Children's privacy
Rafiq is not directed at children under 16, and we do not knowingly collect information from them. If you believe a child has provided us information, please contact us and we will delete it.
8 · Changes to this policy
When we make material changes, we will email you and update the "Last updated" date at the top of this page. For non-material changes, we update the page and note them in our public changelog.
Questions, concerns, or requests — we want to hear them.