← Back to Ummity

Privacy Policy

Last updated: 11 June 2026

Ummity (“Ummity”, “we”, “us”) is a platform that lets local Muslim communities run their events, classes, announcements, group chats, marketplace, local businesses, and prayer information in one place. This policy explains what information we collect, how we use it, who can see it, and the choices and rights you have. It applies to our web app and mobile apps (together, the “Service”), operated by UAIT LLC (“the Operator”).

Who is responsible for your data

The Operator is the data controller for your account and platform-wide data. Each community you join is run by its own administrators, who act as controllers for the content and moderation within their community. If you have questions, contact us at privacy@ashrafnet.com or write to 9 Gatsby Lane, Berlin, NJ 08009.

Information we collect

You provide directly:

  • Account: your email address, name, and a password (stored only as a salted hash — we never store your password in plain text). You may add an optional profile photo, gender, neighborhood, locale, and a home location.
  • If you sign in with Google or Apple (where enabled): the basic profile and email that provider shares with us.
  • Content you create: events and RSVPs, event check-ins, marketplace listings and photos, business listings and reviews, chat messages and any image or voice-note attachments, polls and your votes, news and comments, and community updates.
  • Reports: if you report content or a member, the reason you submit and what you reported.
  • Prayer settings: a location (latitude/longitude or place) you set so we can calculate prayer times for you.
  • Communications: messages you send us for support.

Collected automatically as you use the Service:

  • Activity signal: a coarse “last active” timestamp per community (updated at most about once an hour) so a community can see how many members are active. This is a timestamp only — we do not keep a log of which screens you viewed or what you did.
  • Technical data: your IP address and request metadata used for security, rate-limiting, and abuse prevention; a per-request identifier for diagnostics; and an audit record of sensitive actions (for example, approvals or moderation actions).

How we use your information

  • To provide the Service — create your account, run your communities, deliver chat, events, marketplace, news, and prayer times.
  • To verify your email, sign you in, and keep your session secure (access and refresh tokens, magic links, password resets).
  • To send transactional emails you’d expect — verification, password reset, invitations, and account notices.
  • To keep communities safe — review reports, take moderation actions, and maintain an append-only moderation record.
  • To produce aggregate community analytics (counts such as weekly-active members, RSVP-to-check-in rates, and growth). These are counts shown to community admins; they are not a roster of who did what, and we do not sell them.
  • To protect the Service against fraud, spam, and abuse.

Legal bases (where applicable, e.g. GDPR/UK GDPR)

Where required, we rely on: performance of our agreement with you (to run your account and the Service); our legitimate interests (security, abuse prevention, and aggregate analytics, balanced against your rights); your consent (for optional things such as setting a home or prayer location, or where we ask for it); and compliance with legal obligations.

Sensitive information. Because Ummity serves Muslim communities, your use of the Service can reveal religious affiliation, which is “special category” data in some jurisdictions. We process it only to provide the Service you’ve chosen to use; by creating an account and joining a community, you ask us to do so. You can leave a community or delete your account at any time.

What other people can see

  • Within a community: your name and profile photo, and content you post (messages, listings, RSVPs, comments, polls) are visible to other members of that community, according to each space’s settings.
  • Community staff: admins and moderators of a community can review reported content and, for oversight, read messages within their own community. Suspensions and bans are limited to the specific community — being removed from one community does not affect your membership in another.
  • Across communities: your data is kept separate per community. A moderator or admin of one community cannot see another community’s reports, members, or analytics.
  • Anonymous polls hide voter identities even from admins; admins-only poll results stay hidden from members until the poll closes.

When we share information

We do not sell your personal information. We share it only:

  • With service providers who process data on our behalf under contract, including: cloud hosting and database (e.g. Railway), object storage for images and voice notes (e.g. Cloudflare R2), transactional email (e.g. Resend), prayer-time calculation (e.g. the Aladhan API, which receives a location to return times), and sign-in providers you choose (Google, Apple).
  • With your community, as described above, when you post content or join.
  • For legal reasons — to comply with the law, enforce our terms, or protect the rights and safety of users and the public.
  • In a business transfer — if the Service is involved in a merger, acquisition, or asset sale, with notice where required.

Data retention

We keep your information for as long as your account is active and as needed to provide the Service. When you delete content it is removed or tombstoned; some records (such as moderation audit entries and security logs) are kept for a limited period for safety and legal reasons. When you delete your account, we delete or anonymize your personal data within a reasonable period, except where we must retain it by law.

How we protect your information

Passwords are hashed, traffic is encrypted in transit, sessions use short-lived tokens with rotation, access is restricted by role and scoped to each community, and we apply rate-limiting and abuse controls. No system is perfectly secure, but we work to protect your data and to limit who can access it.

Your rights and choices

  • Access & correction — view and edit your profile in Settings.
  • Deletion — delete content you’ve posted, leave communities, or request account deletion.
  • Portability — request a copy of your personal data.
  • Objection & restriction — object to certain processing based on legitimate interests.
  • Withdraw consent — for example, remove your home or prayer location at any time.
  • Depending on where you live, you may also have the right to lodge a complaint with your data-protection authority.

To exercise any of these, contact privacy@ashrafnet.com. We may need to verify your identity first.

Children and youth

Some communities run youth spaces. The Service is not intended for children under 14. If you believe a child has given us personal data without the required consent, contact us and we will take appropriate action. Community administrators are responsible for supervising any youth spaces they create. See our Child Safety Standards for how we handle child sexual abuse and exploitation (CSAE).

International data transfers

We and our service providers may process your information in countries other than yours. Where we transfer personal data across borders, we use appropriate safeguards (such as standard contractual clauses) where required by law.

Changes to this policy

We may update this policy from time to time. We’ll post the new version here and update the “Last updated” date, and we’ll provide additional notice for material changes where required.

Contact us

Questions or requests about your privacy? Email privacy@ashrafnet.com or write to UAIT LLC, 9 Gatsby Lane, Berlin, NJ 08009.

This page is a starting template tailored to how Ummity works; it is not legal advice. The Operator should complete the bracketed details and have it reviewed by qualified counsel before publishing.