Privacy Policy

Last updated: April 2026

Your data belongs to you. Here's exactly what we do with it — and what we never do.

What We DoStore your email to match donationsProcess payments through StripeShow your donation history in your dashboardSend notifications you opted intoUse cookies to keep you logged in

What We Never DoSell your data to anyoneStore your card details on our serversShare your data with mosques you haven't donated toSend marketing emails without your consentTrack you across other websites

Your mosque sees your donation. Stripe processes your payment. Masjidbox connects them. Nobody else sees anything.

We collect your name, email, and payment information (via Stripe). Address only if you use Gift Aid or tax receipts.

We collect: your name and email at registration, password (hashed, never stored in plain text), payment method information (processed and stored by Stripe — we never see your full card number), and optionally your address if you use fiscal features like Gift Aid or tax receipts. We also store your donation history and subscription preferences.

We use your data to match donations, display your dashboard, generate tax receipts, and send notifications.

Your email is used to match donations made through Masjidbox-powered mosques to your account. Your payment card fingerprint (a non-reversible identifier) is used to discover additional donations. Your profile information is used to generate tax receipts and Gift Aid declarations. Notification preferences control what emails you receive.

We share data with Stripe (payments), your mosques (donation records), and use a few tools to improve the service.

Stripe processes all payment transactions and stores your payment method details under their PCI DSS compliance. Your mosques receive your donation records for their financial reporting. We also use: Crisp for live chat support, Sentry for error monitoring (anonymous crash reports), OpenPanel for self-hosted anonymous usage analytics (no cookies, no personal data), and Microsoft Clarity for session recordings and heatmaps (only with your consent). We do not share, sell, or provide your personal data to any advertising network or data broker.

We use session cookies to keep you logged in. Analytics cookies (Microsoft Clarity) are only set with your consent.

We use a session cookie to maintain your login state and a preference cookie for your language setting. If you accept analytics cookies, Microsoft Clarity may set first-party cookies to record session replays and heatmaps. You can accept or decline this from the cookie banner, and change your preference at any time. No cross-site tracking is performed.

You can export all your data, delete your account, and opt out of emails — all self-service from your dashboard.

Under GDPR and applicable data protection laws, you have the right to: access all personal data we hold about you (data export), rectify inaccurate data (profile editing), erase your data (account closure with anonymisation), restrict processing, and object to processing. All of these can be exercised directly from your dashboard without contacting us.

Your account data is deleted when you close your account. Anonymised donation records are kept for mosque reporting.

When you close your account, your personal data (name, email, address, payment methods) is permanently deleted. Donation records are anonymised (personal identifiers removed) and retained for the mosques' financial record-keeping obligations (minimum 7 years per UK financial regulations). Anonymised records cannot be traced back to you.

All data is encrypted in transit (TLS) and at rest. Passwords are hashed. Payments are PCI DSS compliant via Stripe.

We use TLS 1.2+ encryption for all data in transit. Passwords are hashed using bcrypt. Payment processing is handled by Stripe, which maintains PCI DSS Level 1 compliance. Two-factor authentication is required for all sensitive account actions. We conduct regular security reviews and follow industry best practices.

For any privacy questions, contact us at privacy@masjidbox.com.

If you have any questions about this Privacy Policy, your personal data, or your rights, please contact our data protection team at privacy@masjidbox.com. We aim to respond to all privacy-related enquiries within 30 days.

Questions about your data? Contact privacy@masjidbox.com