Privacy Policy — Al Rihla

How we collect, use, and protect your information in the Al Rihla mobile application.
Effective date: 25 June 2026 Last updated: 25 June 2026

This Privacy Policy describes how KCF ("we", "us", "our") collects, uses, and shares information when you use the Al Rihla mobile application ("the App"). By using the App you agree to this Policy. If you do not agree, please do not use the App.


1. Information we collect

We collect only what's needed to operate the App and provide its features.

You provide directly

  • Account: first name, last name, email, phone number, country code.
  • Membership (KCF): full name, date of birth, address, country/zone/sector/unit, organization, blood group, education and employment details, mosque info, marital status, dependants, profile photo, ID card photos. This is provided when you register for membership.
  • Profile photo: stored on your device (locally) and optionally uploaded to our servers when you complete your membership profile.

Collected automatically

  • Device information: OS, device model, app version, language, time zone.
  • Push notification token (FCM) issued by Google Firebase / Apple APNs.
  • Coarse location (for prayer-time calculation) — only when you grant permission.
  • Diagnostic logs and crash reports.

We do not collect

  • Precise GPS unless you enable it.
  • Contacts, SMS, call logs, browsing history.
  • Photos other than the ones you explicitly pick for your profile or ID.

2. How we use your information

  • Create and manage your account; verify your identity via email OTP.
  • Issue and display your KCF membership card.
  • Send push notifications you've opted in to (prayer times, events, announcements).
  • Calculate accurate prayer times for your location.
  • Provide customer support over email and WhatsApp.
  • Detect, prevent, and respond to security incidents and abuse.
  • Comply with legal obligations.

We do not use your information for advertising or sell it to third parties.

3. Legal basis (GDPR / similar laws)

Where applicable, we process your data on these bases:

  • Performance of contract — to provide the App and membership services you request.
  • Consent — for location, push notifications, and optional profile photo upload. You can withdraw consent at any time.
  • Legitimate interest — to keep the App secure, prevent fraud, and improve features.
  • Legal obligation — when required to comply with applicable law.

4. Sharing of information

We share data only with:

  • Service providers that help us run the App — cloud hosting, push delivery (Google Firebase / Apple APNs), email/OTP delivery, analytics, crash reporting. These providers are bound by contractual obligations to protect your data.
  • Authorities when required by law (e.g. valid court order or regulatory request).
  • Successor entity in case of merger, acquisition, or asset sale — your data continues to be governed by this Policy or a successor with equivalent protections.

We do not sell or rent your personal information.

5. Storage, security, and retention

  • Data is stored on secured cloud infrastructure. Transit is encrypted via TLS.
  • Access is limited to authorised personnel on a need-to-know basis.
  • We retain account and membership data for as long as your account is active, and for a reasonable period after deletion to satisfy legal/audit obligations (typically up to [N] months).
  • You can request earlier deletion via the App's App appearance → Delete account option, or by writing to store@code51.in.

6. Your rights

You can:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data via the Edit Profile screen.
  • Delete your account using App appearance → Delete account.
  • Withdraw consent for push notifications and location anytime from your device settings.
  • Export your data — contact us at store@code51.in.
  • Lodge a complaint with your local data-protection authority.

We respond to verified requests within 30 days.

7. Children's privacy

The App is not directed to children under 13 (or the age of digital consent in your jurisdiction). We do not knowingly collect data from such children. If you believe a child has provided us data, contact us at store@code51.in and we will delete it.

8. Push notifications

We use Google Firebase Cloud Messaging (Android) and Apple Push Notification service (iOS) to send notifications. Your device's FCM/APNs token is stored on our servers so we can target notifications to your device. You can disable notifications anytime from your device's system settings.

9. Location data

Location is used solely to compute prayer times. It is processed on-device or transiently on our servers — we do not store a history of your locations. You can revoke location permission at any time in your device settings; the App will fall back to manual location entry.

10. Third-party services we use

11. International transfers

Your data may be processed in countries other than your own (e.g. where our cloud providers operate). When we transfer data outside your region, we rely on appropriate safeguards such as Standard Contractual Clauses where required.

12. Changes to this Policy

We may update this Policy from time to time. When we make material changes we will notify you in-app and update the "Last updated" date. Continued use of the App after changes constitutes acceptance.

13. Contact us

Questions, complaints, or requests: