Privacy Policy

Haya ("we", "us", "our") is a halal Muslim marriage platform operated by Haya Ltd. Our registered address is in the United Kingdom. We are the data controller for the personal information you provide when using haya.app.

For any privacy-related queries, contact us at privacy@haya.app.

Account data: name, email address, date of birth, gender, and password (stored as a secure hash — we never store your plaintext password).

Profile data: photos, bio, city, country, ethnicity, sect, prayer level, marital status, education, occupation, and other fields you choose to complete.

Usage data: pages visited, features used, interests sent and received, messages exchanged, and device/browser information.

Payment data: Stripe handles all payment processing. We store your subscription tier and status but never your card details.

Verification data: selfie and government ID photos uploaded for identity verification. These are reviewed by our team and stored securely.

To provide the matchmaking service: showing your profile to compatible members, delivering AI compatibility scores, and facilitating introductions.

To improve the platform: analysing usage patterns to improve features and fix bugs.

To communicate with you: sending match notifications, product updates, and transactional emails (e.g. email verification, password reset).

To keep the platform safe: detecting fraud, enforcing community standards, and reviewing verification documents.

We do not sell your data to third parties. We do not use your data for advertising outside of Haya.

Other members: your profile (excluding email, phone, and private fields) is visible to other members based on your privacy settings.

Service providers: we share data with Cloudflare (infrastructure), Stripe (payments), Resend (email), and OpenAI (AI features). All are bound by data processing agreements.

Legal obligations: we may disclose data if required by law or to protect the safety of our users.

Your data is retained for as long as your account is active. If you delete your account, we begin a 30-day deletion process after which your personal data is permanently removed.

Verification documents are deleted immediately after review.

Anonymised, aggregated data may be retained for analytics purposes.

You have the right to: access your data, correct inaccurate data, delete your data ("right to be forgotten"), restrict processing, data portability, and object to processing.

To exercise any of these rights, email privacy@haya.app. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We use strictly necessary cookies for session management and authentication. We do not use advertising or tracking cookies.

You can clear cookies in your browser settings at any time, though this will log you out.

We use industry-standard security measures: all data is encrypted in transit (TLS 1.3), passwords are hashed using PBKDF2 with 100,000 iterations, and sensitive data is stored in encrypted databases.

Despite these measures, no system is 100% secure. Please use a strong, unique password and enable any available account security features.

We may update this policy from time to time. Material changes will be communicated via email or an in-app notification. Continued use of Haya after the update constitutes acceptance.