Privacy Policy

Information about a person's religious beliefs or affiliations is sensitive information under the Privacy Act. By creating a Hussainya account, favouriting Shia Islamic centres, RSVPing to religious programs, or using ibadah tools, you may be disclosing religious affiliation. By using the service you consent to us collecting and handling that information for the purposes set out in this policy. You can withdraw that consent by deleting your account.

You can browse public information in Hussainya, such as centre listings, public programs, and prayer times, without creating an account. Where features require an account (favouriting, RSVPs, ibadah tracking, centre management, push notifications), we need at minimum an email address so we can authenticate you and contact you about your account. You may use a pseudonym for any display name, but a working email is required.

We collect only what is reasonably necessary to run the service:

• Account information: your email address and an encrypted password when you sign up. Authentication is handled by Supabase.
• Profile activity:favourited centres, RSVP'd programs, ibadah tracking entries, and notes you create inside the app.
• Centre manager data: if you manage a centre, we record your role, the centre you manage, and the programs, announcements, and bookings you publish.
• Location (optional): when you grant permission, your approximate location is used on-device to calculate prayer times and Qibla direction. We do not store precise coordinates on our servers.
• Device & usage data: basic logs (IP address, user agent, pages visited, errors) collected by our hosting and DNS providers. Push notification identifiers are managed by OneSignal if you opt in.
• Cookies & local storage: we use essential cookies and browser local storage to keep you signed in, remember theme preferences, and operate the service. We do not use third-party advertising trackers.
• Payment data: for centre subscriptions, payments are processed by Stripe. We never see or store your full card details. We only retain the subscription status returned by Stripe.
• AI interactions: when you use the jurisprudence, duas, or aamal features, your queries are sent to third-party AI providers (Anthropic, Google, OpenAI) to generate responses.

We collect personal information directly from you wherever practicable. Where we collect indirectly (for example, basic device logs from your browser, or subscription status from Stripe), we do so by lawful and fair means and only as needed to operate the service.

• Authenticating you and keeping your account secure.
• Showing centres, programs, and prayer times relevant to you.
• Delivering push notifications you have opted into, such as program reminders and jamaat times.
• Processing and renewing centre subscriptions through Stripe.
• Generating answers from Islamic source material via our AI features.
• Investigating abuse, debugging errors, and improving the app.
• Complying with our legal obligations.

We will only use or disclose your personal information for a secondary purpose if you would reasonably expect it, you have consented, or another exception under APP 6 applies (for example, to prevent a serious threat or where required by law).

We do not sell your information and we do not run third-party advertising. We may occasionally send service-related communications (account, security, or billing notices) and, where you have opted in, push notifications about programs at centres you follow. Every marketing communication includes a simple opt-out, and you can turn off push notifications at any time from your device settings.

We don't sell your data. We share limited information with the processors that make the app work:

• Supabase: authentication and database hosting.
• DigitalOcean: application hosting and infrastructure.
• Cloudflare: DNS, network security, and email routing for our public addresses.
• Stripe: payment processing for centre subscriptions.
• OneSignal: push notification delivery, only if you opt in.
• Anthropic, Google, and OpenAI: model providers for the AI-powered ibadah and jurisprudence features.

We may also disclose information where required or authorised by law, to protect the rights and safety of users, or as part of a business sale or restructure (in which case the recipient will be bound by terms no less protective than this policy).

The processors above may store or process your personal information outside Australia. Personal information is likely to be disclosed to recipients in:

• the United States (DigitalOcean, Cloudflare, Stripe, OneSignal, Anthropic, OpenAI, Google).
• the European Union and the United Kingdom (Stripe, Supabase regional infrastructure).
• Singapore and other Asia-Pacific regions (Supabase, DigitalOcean edge infrastructure).

Before disclosing personal information overseas, we take steps that are reasonable in the circumstances to ensure the recipient does not breach the APPs, including selecting reputable providers and relying on their contractual data-protection commitments. By using Hussainya you acknowledge that, where these steps have been taken, APP 8.1 does not require us to be accountable for an overseas recipient's acts that would breach the APPs.

Information that centre managers publish, such as centre name, address, contact details, programs, and announcements, is intended to be publicly visible inside Hussainya. Don't publish personal information about other people without their consent.

Hussainya is intended for users aged 13 and over. If you are a parent or guardian and believe a child has created an account, contact us and we'll remove it.

We take reasonable steps to keep the personal information we hold accurate, up to date, and complete. You can review and update most of your information from the account screen at any time.

We retain your account data while your account is active. When you delete your account, we destroy or de-identify the personal information we no longer need, subject to records we are required to keep by law (for example, payment and tax records, or records relevant to a legal claim or abuse investigation).

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Safeguards include encrypted connections (HTTPS), hashed passwords, role-based access controls, and reputable cloud providers.

No system is perfectly secure. If we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in line with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act.

You have the right to ask for access to the personal information we hold about you, and to ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant, or misleading.

• Most information can be accessed and corrected directly from the account screen.
• For anything else, email us at the address below. We do not charge a fee for an access or correction request.
• We aim to respond within 30 days. We may need to verify your identity first.
• We may refuse access or correction in the limited circumstances permitted by APP 12 and APP 13 (for example, where giving access would be unlawful or would unreasonably impact someone else's privacy). If we refuse, we will give you written reasons and tell you how to complain.
• If we correct information we have already shared with a third-party processor, we will, on request, take reasonable steps to notify that processor.

• Withdraw push notification or location permissions at any time from your device settings.
• Withdraw consent to our handling of your sensitive information by deleting your account.
• Request deletion of your account and associated personal data by emailing us.

If you think we have breached the APPs or mishandled your personal information, contact us first at support@hussainya.com. Please include enough detail for us to investigate. We will acknowledge your complaint promptly and aim to provide a substantive response within 30 days.

If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner:

• Website: oaic.gov.au
• Phone: 1300 363 992.
• Post: GPO Box 5288, Sydney NSW 2001.

We may update this policy as the service evolves. We'll update the “Last updated” date and, for material changes, notify you in-app or by email.

For privacy questions, requests, or complaints, email support@hussainya.com.