Privacy Policy
1. How Taahirah Values Data Privacy
At Taahirah Ltd (“Taahirah”, “we”, “us” or “our”), we believe technology and data present a groundbreaking opportunity to encourage Muslim women to take control of their health and faith. Our website (https://taahirah.health/), app (Taahirah.Health) and social media pages (such as Instagram and LinkedIn), (together, our “Platforms”), give Muslim women the ability to connect with Islam, understand what is happening inside their bodies and minds by offering content such as FAQs, articles, and podcasts, and track health data for deeper self-insight and self-advocacy — powered by data processing.
We fully recognise the responsibility that comes with being the safe keepers of the intimate data you choose to track through Taahirah. For the purposes of this Privacy Policy, we refer to this and other information that may identify you as “Personal Data”. We strive to achieve the highest standards of privacy and security (ihsan) in our practices. Keeping your Personal Data safe is at the core of everything we do, and an ode to our Islamic duties.
Because the digital ecosystem of our Platforms can be complex, we are committed to being transparent so that you can truly understand what we do with your data. Please read this Privacy Policy in its entirety to understand how we handle your Personal Data. We have aimed to make it as clear and comprehensible as possible. If you have any questions, reach out to us at contact@taahirah.health.
2. The Types of Data We Process
To provide our Platforms, we process Personal Data from three main sources: the information you share with us, data generated automatically when you use our Platforms, and information we may receive from other sources you choose to connect.
2.1. Information that you share with us
| Identity Data | Such as first and last name, prefix, username, date of birth, gender, contact details (such as email address, telephone number), including for your parent or guardian if you are under 18. |
| Health Data | Such as menstrual cycle information (e.g., period length, pain, spotting) and other sensitive data (e.g., weight, body temperature, hair quality, sexual activity). This information can be manually entered or imported from third-party integrations or devices (e.g., Apple Health or other fitness trackers). |
| Religious Data | Such as religious beliefs and practices (e.g., Islamic school of thought, fasts, prayer, purity and hygiene). |
User Content | Such as information about how you use our Platforms, including reviews about our Platforms and other content that you may create or share with us during our relationship, including posts on our Social Media and comment sections. |
| Preferences | Such as language, interests and other feedback/preferences that you might express during your use of our Platforms. |
| Marketing and Communications Data | Such as your preferences in receiving marketing from us [and our third parties] and your communication preferences. |
2.2. Information recorded automatically as you interact with our Platforms:
| Device Data | The technical data we collect automatically when you visit our website such as the IP address used when you connect to the Internet; other technical information including your login information, browser type and version, time zone setting, language settings, browser plug-in types and versions, device type (e.g., phone, tablet), version, manufacturer and model, operating system and platform, mobile device carrier, radio/network information (e.g., WiFi, 4G/5G); application identifier, crash information, advertising ID and general location information). We do not collect your precise location. |
| Online Activity Data | Pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them. |
2.3. Information received from other sources:
| Social Media | Such as profile pictures, social media account ID, and other public social media profile information, including lists of friends/followers on your social media accounts. |
| Third-Party Logins | When you link, connect, or login to our Platforms with a third-party service, such as Apple or Google, you direct the service to send us information as controlled by that service or as authorised by you via your privacy settings on that service. |
3. How and Why We Process Your Data
Data processing is essential for Taahirah to provide its core services through the Platforms. Without your Personal Data, we may not be able to provide key functionalities. As such, whenever you use our Platforms, some Personal and non-Personal Data may be collected, stored, and analysed using our internal systems and third-party tools.
If you share Personal Data about others with us or our service providers in connection with the Platforms, you should check that you have the authority to do so, such that we may handle that information in line with this Privacy Policy.
3.1. Processing Purposes
Below is an overview of the purposes for which we process your Personal Data and the types of Personal Data involved.
| Processing Purpose | Legal Basis and Examples of Related Activities | Personal Data Used |
| Administering the Platforms | We engage in the following activities on the basis of your explicit consent: Delivering the primary functionality of the Platforms, such as enabling you to record, track and view your health, wellbeing and religious practice information; and generating insights based on the data you choose to share. We engage in the following activities to manage our contractual relationship with you: Providing the Platforms’ functionality to you, such as creating and maintaining your account; verifying your information; responding to your requests, such as when you contact us via email; and changes to our terms, conditions and policies. | Identity Data; Health Data; Religious Data; User Content; Preferences; Marketing and Communications Data; Online Activity Data; Device Data. |
| Scientific and Health Research | We engage in the following activities on the basis of your explicit consent: Analysing and sharing with research partners de-identified health, wellbeing and reproductive health data that you choose to track on the Platforms, for example, sharing your Personal Data with a research facility; contributing to larger datasets for specific research questions; generating insights to advance scientific knowledge; and conducting research in accordance with applicable laws and ethical standards, with safeguards in place to protect your privacy. Where data is fully anonymised, we engage in these activities based on our legitimate interest. | Identity Data; Health Data; Religious Data. |
| Operations and General Business | We engage in the following activities to manage our contractual relationship with you and/or based on our legitimate interest: Managing the Platforms, including troubleshooting and diagnostic testing; monitoring and analysing system performance; testing new features to evaluate their impact; maintaining system logs; hosting data securely; providing technical support; and ensuring the reliability and stability of our Platforms. | Device Data; Online Activity Data. |
| Marketing | Where required under applicable law, we obtain your consent to send you newsletters, promotional emails, push notifications and other communications via the Platforms that we believe may be of interest to you; informing you about new features, updates, articles or other health-related news, offers for third-party products or services and, where relevant, providing information about events or other community activities / initiatives that may be of interest. Where permitted under applicable law, we engage in marketing activities based on our legitimate interest, such as to promote our Platforms; and/or to invite you to take part in research or a survey. | Identity Data; Marketing and Communications Data; User Content; Device Data; Online Activity Data. |
| Personalising our Platforms | Where required under applicable law, we obtain your consent to provide personalised recommendations via our Platforms. This may include: relevant health and Islamic content, and suggestions for products and services from partners we use based on your account and usage data. Where we process your health data to make personalised recommendations, we will obtain your explicit consent. Where permitted under applicable law, we also personalise our Platforms based on our legitimate interest, by personalising our interactions with you and providing you with information and/or offers tailored to your interests, and delivering content via our Platforms that we believe will be relevant and interesting to you. | Identity Data; Marketing and Communications Data; Device Data; Online Activity Data. |
Improving and Developing our Platforms | We engage in the following activities with your consent: Conducting data analysis (for example, monitoring and analysing technical use of the Platforms and using analytics to improve their efficiency), surveys and interviews (for example to obtain user feedback). Where these activities involve the processing of health data that you choose to provide (such as period dates or cycle experiences), we do so with your explicit consent. This enables us to understand which features are most valuable, improve our accuracy, and develop new algorithms to offer better insights and functionality. We engage in the following activities based on our legitimate interests: Developing new features and services; enhancing, repairing, maintaining or modifying our Platforms; and identifying usage trends (for example, understanding which parts of our Platforms are most valuable to users). | Identity Data; Health Data; User Content; Device Data; Online Activity Data. |
| Relationship Building and Engagement | We engage in the following activities to manage our contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest: Facilitating and responding to any social sharing and posts on our Platforms and other user relationship building activities. | Identity Data; Marketing and Communications Data; Device Data; Online Activity Data; User Content. |
| Security and Fraud Prevention | We engage in the following activities to manage our contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest: Monitoring and maintaining the security of our systems and data, including preventing unauthorised access, detecting and preventing fraudulent activity and ensuring that our processes for handling Personal Data operate correctly and securely. | Identity Data; Device Data; Online Activity Data. |
| Legal and Compliance | We engage in the following activities to manage our contractual relationship with you, to comply with a legal obligation and/or based on our legitimate interest: Fulfilling our legal regulatory obligations, including complying with applicable data protection laws and responding to valid requests from public authorities; enforcing our terms and conditions to ensure proper use of the Platforms; protecting the rights, privacy and security of our users; and allowing us to pursue or defend legal claims where necessary. | Personal Data as relevant to the specific situation. |
| Emergency and Incident Response | We engage in the following activities to manage our contractual relationship with you, to protect individuals’ vital interests, to comply with a legal obligation, and/or based on our legitimate interest: Responding and managing digital emergencies or incidents that may affect the security, availability or integrity of the Platforms or your Personal Data; investigating, documenting, and mitigating any such incidents; and, where appropriate, notifying affected users of significant security events or disruptions. | Personal Data as relevant for the specific situation. |
3.2. Sharing of your Personal Data
We rely on a number of trusted third-party providers, to whom we disclose your Personal Data:
| Recipients | Purpose and Activity |
| Hosting Providers | To help administer our Platforms, Taahirah uses hosting providers to store data on secure servers, which are encrypted at rest. |
| Single Sign-On (SSO) Providers | If you choose to sign in with one of our third-party SSO providers, Taahirah exchanges certain data with the relevant SSO provider (e.g., device data, IP address, and any information you provided to the SSO provider when creating your account with them). It is entirely your choice whether you use the SSO option and the information you share with the SSO provider. No health data will ever be shared with the SSO provider for the purpose of using this method of signing in. |
| Health Integration Providers | Taahirah will not exchange any Personal Data with your device’s health data apps without your explicit consent. Taahirah may interact with your device and read and/or write information between the Platforms and your health data app. It is entirely your choice whether and to what extent your Personal Data is exchanged between the Platforms and your health data app by granting or revoking the relevant permissions in the settings of your health data app on your device. Please refer to the relevant health integration provider’s privacy information for further detail. |
| Research Partners | Taahirah may share with carefully selected research partners de-identified health data that you have chosen to track via the Platforms for the purposes of advancing women’s health and reproductive health research. Before sharing your Personal Data, identifying information (such as your name or email address) is removed and a random ID is assigned so that researchers cannot re-identify you (this is the process of de-identification). Where we maintain or use de-identified information, we will continue to maintain and use that information only in a de-identified form and will not attempt to re-identify the information. If you choose to participate in a specific study run by a research facility using Taahirah as a data collection tool, Taahirah will share your Personal Data with that facility strictly in line with the consent you provide. In that context, the research facility will be solely responsible for how it handles your Personal Data. |
| Marketing Providers | Taahirah may work with providers that help deliver and measure marketing content. They may process certain Personal Data, such as usage information or preferences, to improve the Platforms, provide marketing, personalise your experience, and support relationship-building and engagement. These providers process data only as necessary for these purposes and under agreements that require appropriate safeguards. |
| Newsletter and Email Distribution Services | Taahirah uses a newsletter and email distribution service to manage and send newsletters to users who have opted in to receiving such communications. |
We choose our partners carefully because your trust matters to us.
Our Privacy Policy only explains how we handle your Personal Data. It does not cover what happens when you interact with other organisations. For example, if you follow a link from the Platforms to another website or service, their privacy policy will apply – not ours. A link on our Platforms does not mean we endorse that service.
3.3 Users under 18
Our Platforms are intended for users who are 18 years of age or older. When you create a Taahirah account on our Platforms, we ask for your date of birth. If the date of birth shows you are under eighteen (18), you cannot create an account. However, you may join the waitlist by providing a parent or legal guardian’s email address so that they can be notified of when you become eligible to use the Platforms.
Taahirah does not knowingly collect or use Personal Data from individuals under the age of eighteen (18). If we become aware that someone under 18 has provided personal information on our Platforms, we will close the account and securely delete their information. This is to help protect the privacy and safety of young people.
If you are a parent or legal guardian and discover that your child is using our Platforms , please reach out to us via email at contact@taahirah.health.
3.4 Cookies and Similar Technologies
Please read our Cookies Policy to learn how we use information that we and our service providers collect automatically, including through cookies, pixel tags and similar technologies and to understand your choices with respect to such collection and use.
3.5 Email aMarketing Choices
You are always in control of whether and how you receive marketing-related communications. Where required by applicable law, we will ask for your consent before sending you any marketing updates.
If at any point you no longer wish to receive these updates, you can unsubscribe by following the link in any of our emails or by writing to us at contact@taahirah.health. We will action your request as quickly as we can, in accordance with applicable law.
Please note that, even if you choose to stop receiving marketing messages, we may still need to send you important service or account-related updates – but only when it’s necessary.
3.6. Cross-Border Transfers
Your Personal Data may be stored and processed in any country or region where we work with service providers. By using the Platforms, you understand that your Personal Data will be transferred to countries outside of your country or region of residence, including to the United States, which may have data protection rules that are different from those of your country or region.
Some countries outside of the EEA/UK are recognised by the European Commission and/or the UK government as providing an adequate level of data protection according to EEA/UK standards. You can view the EEA’s list of adequate jurisdictions here, and the UK’s list here.
For transfers from the EEA or the UK to countries not considered adequate, we have put in place appropriate safeguards, such as standard contractual clauses approved by the relevant authority to protect your Personal Data. If you would like a copy of these measures, you can contact us at contact@taahirah.health.
3.7 Data Retention
We only keep your Personal Data for as long as it is needed to serve the purposes set out in this Privacy Policy, unless required or permitted by applicable law to hold on to it for longer.
When deciding how long to keep your Personal Data, we consider:
- how long you have had an account with us or continue to use our Platforms;
- any legal requirements that mean we must hold on to certain records; and
- whether we need to keep data for our own legitimate reasons, such as dealing with disputes, protecting your legal rights, or responding to regulators.
4. Your Data Protection Rights
We believe privacy – including data privacy – is a fundamental right and an Islamic obligation. At Taahirah, we strive to ensure your rights are respected. Our Platforms are designed to collect and process only the data necessary for the purposes outlined in this Privacy Policy.
If you would like to request to access/review, correct, update, suppress/delete, object to, restrict or opt out of the processing of Personal Data, withdraw your consent where relied upon for processing (which will not affect the lawfulness of processing prior to the withdrawal), or if you would like to request to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent that these rights are provided to you by applicable law), please feel free to contact us at contact@taahirah.health. We will respond to your request consistent with applicable law.
In your request, please make clear what Personal Data you would like to have changed, whether you would like to have your Personal Data suppressed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Data. For your protection, we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes. Further, certain Personal Data may be exempt from requests pursuant to applicable data protection laws or other laws and regulations.
Depending on your jurisdiction, you may also lodge a complaint with a data protection authority for your country or region, or where an alleged infringement of applicable data protection law occurs. For example, information regarding the UK data protection authority is available here.
5. Data Security Procedures
Protecting your data privacy is at the heart of Taahirah. We seek to use reasonable organisational, technical, and administrative measures to protect Personal Data within our organisation. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.
6. Changes to This Privacy Policy
Taahirah reserves the right to amend this Privacy Policy periodically to reflect changes in the law, our data collection or usage practices, our technology, or our service offerings. If any amendments materially affect the ways we process your Personal Data or your consent, we will notify you (e.g., in-app notification, email).
The “Last Updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Statement on the Platforms.
7. Contacting Us
Taahirah Ltd, located at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ, is responsible for how your Personal Data is collected, used and shared through our Platforms.
If you have any questions about this Privacy Policy or how we handle your information, we’d love to hear from you. You can contact us for any questions or concerns about your privacy rights, via email at contact@taahirah.health.
10. Prevailing Language of This Privacy Policy
Taahirah is used by people around the world, many of whom access our Platforms in various languages. However, we cannot guarantee 100% accuracy, particularly regarding legal content.
In the event of any discrepancy between the translated version of this Privacy Policy and the English version, the English version shall prevail. The most up-to-date English version of this Privacy Policy is always available on our website at taahirah.health.