Skip to content

Privacy Policy

1. How Taahirah values data privacy

At Taahirah, we believe technology and data present a groundbreaking opportunity to encourage Muslim women to take control of their health and faith. The Taahirah website and app give Muslim women the ability to connect with Islam, understand what is happening inside their bodies and minds by offering content such as FAQs, articles, and podcasts, and track health data for deeper self-insight and self-advocacy — powered by data processing.

We fully recognise the responsibility that comes with being the safe keepers of intimate data that people track using Taahirah. Therefore, we strive to achieve the highest standards of privacy and security (ihsan) in our practices. Keeping your data safe is at the core of everything we do, and an ode to our Islamic duties.

Because the digital ecosystem of an app and website can be complex, we are committed to being transparent so that you can truly understand what we do with your data. As an Islam-based health-focused service, we rely on a number of third-party providers, summarised below, to help us deliver and improve Taahirah.

Please read this Privacy Policy in its entirety to understand how we handle your data. We have aimed to make it as clear and comprehensible as possible. If you have any questions, reach out to us at contact@taahirah.health.

2. The types of data we process

We process three main types of data to provide our services through the Taahirah app and website. All of our data is securely stored on servers located in the United Kingdom (UK).

2.1. Account data

To create your Taahirah account, we process certain personal data such as a username, date of birth, and email address.

2.2. Usage data

To provide and improve our services, we process how you interact with our products. This may include:

  • Device data: Details about the device you use to access our services (e.g., device model, name and identifiers, device settings, application identifier, crash information).
  • Browser data: On our website, we may collect information such as browser settings and operating system details.
  • IP address: We collect the IP address provided by your browser or device to deliver content and services. We also use IP addresses to approximate user location for analytics, statistical purposes, and regulatory compliance. We do not collect your precise location.

2.3. Health and Islamic data

As a faith-based health-oriented app, we process health and other sensitive data that you choose to track in the Taahirah app. This might include cycle information (e.g., period length, pain, spotting), Islamic practices (e.g., fasts, prayer) and other sensitive data (e.g., weight, body temperature, hair quality, sexual activity).

You control what health data to track via various methods provided by the app, such as manual entry or by importing data from third-party integrations or devices (e.g., Apple Health or fitness trackers).

We only process the health data that you choose to share.

3. How and why we process your data

Data processing is essential for Taahirah to provide its core services. Whenever you use our services, some personal and non-personal data may be collected, stored, and analysed using our internal systems and third-party tools.

Below is an overview of the purposes for which we process your data and the types of data involved

3.1. To provide our core services to you

To offer Taahirah’s essential health-tracking features and related services, we process:

3.1.1 Health data

When you track health data in the Taahirah app (manually or via integrations), that data is processed to provide our core service as a health-tracking app. This includes your cycle information as well as any other sensitive data you choose to input.

3.1.2. Device data, event data, usage data, IP address

When you use the Taahirah app or visit our website at taahirah.health, we collect information about how you interact with our services for the purpose of maintaining and improving technical performance.

3.1.3 Account data

We process this data when you set up your Taahirah account. This enables you to sign in to the app and allows us to communicate essential information about your account, such as service updates or insights based on your tracked health data. Communications can include in-app messages, reminders, notifications, or emails.

3.2. Essential third-party providers

We use several third-party providers to help us perform core services.

3.2.1. DigitalOcean:

Taahirah uses Digital Ocean as our hosting provider to store data on secure servers, which are encrypted at rest.

[Note: If you or a legal adviser need more information about data security measures with your hosting provider, please consult Digital Ocean’s documentation and Data Processing Agreements.]

3.3. Social logins

When creating a Taahirah account, you have several sign-up options. Alongside signing up with an email address, you may use third-party login services provided by Apple or Google.

3.3.1. Sign in with Apple

If you choose to sign in with Apple, Taahirah exchanges certain data with Apple (e.g., device data, IP address, and any information you provided to Apple when creating your Apple account). Some of this data may be transferred to servers located outside the UK/European Union. It is entirely your choice whether you use “Sign in with Apple” and what information you share with Apple. No health data will ever be shared with Apple for the purpose of using “Sign in with Apple.”

3.3.2. Sign in with Google:

Similarly, if you choose to sign in with Google, Taahirah will exchange some data with Google (e.g., your email address, if that is the information linked to your Google account). This may involve transferring your personal data to Google’s servers located outside the UK/European Union. Again, it is your choice whether you use “Sign in with Google” and what information you provide to Google. No health data will ever be shared with Google for the purpose of using “Sign in with Google.”

3.4. To help advance scientific research

To help advance women’s health and reproductive health studies, we may share de-identified health data you have tracked in the Taahirah app with carefully selected research partners for use in scientific studies.

3.4.1. Purpose of data sharing
By choosing to track your data in Taahirah, you contribute to a larger dataset that may help answer important questions about women’s health and reproductive health—especially for Muslim communities, who are often underrepresented in such research. We collaborate with trusted research partners to break taboos and improve healthcare within these communities.

3.4.2. De-identification process
We only share data directly relevant to a specific research question, and use strict protocols so your data remains anonymous to researchers. Personal identifiers (e.g., name, email address) are erased. Each dataset is assigned a random ID to prevent researchers from re-identifying you.

3.4.2. Participation in scientific studies
If you participate in a study run by a research facility using Taahirah as a tool to collect information, Taahirah will share your personal information with that research facility under the terms of the consent you give them. The research facility will be solely responsible for how it handles your personal data in the study context.

3.4.3. Legal basis
The processing of your health data for scientific research is based on your explicit consent under Art. 9(2)(a) GDPR, as indicated by an optional toggle in your privacy settings. You can withdraw this consent at any time by changing the setting in the app.

3.4.4. Data transfers outside the UK:
We team up with research partners both inside and outside of the UK. Whenever data is transferred outside the UK, we use the safeguards required under the GDPR (see Section 4).

All personal data collected for scientific research is deleted by us once it is no longer needed for the specific purpose for which it was collected.

3.5 To Improve Taahirah features

We process your health data to understand which features in Taahirah are most valuable to our users. By analysing data such as period dates and cycle experiences, we can improve accuracy and develop new algorithms to offer better insights or new features.

3.5.1. Internal processing
This analysis occurs strictly within our internal systems, using data stored on UK servers. Personal identifiers (e.g., your name, email address) are removed to protect your privacy.

3.5.2. Third-party providers
We do not rely on external providers for these analytics.

3.5.3. Legal basis
The processing of your health data for internal analytics is based on your consent under Art. 9(2)(a) GDPR, if you have toggled this option on in your app’s privacy settings. You can toggle it off at any time.

All personal data collected for analytics is deleted when it is no longer required for the specific purpose for which it was collected.

3.6 To technically improve the Taahirah App

To enhance user experience, we analyse certain usage data (e.g., device ID, IP address). This helps us address technical issues and make the app more user-friendly.

3.6.1. Purpose
By continually improving our technical infrastructure, we strive to deliver a better experience for you and the broader Taahirah community.

3.6.2. Third-party providers
We currently do not use any external providers for this internal improvement process.

3.6.3. Legal basis
We process your usage data under our legitimate interests as defined by Art. 6(1)(f) GDPR to improve the app’s performance. If you prefer not to share this data, you can opt out at any time via your Taahirah app privacy settings.

All personal data for technical improvements is deleted when it is no longer needed.

3.7. To provide personalised recommendations

We process certain usage data (how you interact with the app), as well as your tracked health data (e.g., period dates and cycle experiences), to offer personalized insights and recommendations. This may include:

3.7.1. Relevant health and Islamic content
Tips or articles tailored to your experiences.

3.7.2. Product suggestions:
We may occasionally recommend products or services from partners we trust — especially if they align with your current goals (e.g., trying to conceive).

Where relevant, communications may be sent via in-app messages, emails, or push notifications (if you have enabled them on your device). Be assured that your sensitive health data is never sold to advertisers.

3.7.3. Legal basis

For processing account data and usage data for personalized recommendations, we rely on Art. 6(1)(a) GDPR (consent). For processing health data for recommendations, we rely on Art. 9(2)(a) GDPR (explicit consent). You can withdraw your consent at any time by toggling off this preference in your privacy settings.

All personal data used for personalised recommendations is deleted when it is no longer needed for that purpose.

3.9 To improve taahirah.health with website analytics

We collect usage data (e.g., IP address, device data) on our main website, taahirah.health, to understand how users navigate it and to improve overall performance. We may use cookies or other tracking technologies for this purpose.

3.9.1. Cookies
Cookies are small text files that help the website remember your preferences, track performance, and enable us to show relevant content. Some cookies may also support retargeting or analytics provided by third-party tools (e.g., Google Analytics).

Under Art. 6(1)(a) GDPR, we rely on your consent for non-essential cookies. If you are located in the UK, these rules operate alongside the UK’s Privacy and Electronic Communications Regulations (PECR).

You can manage or revoke your cookie preferences at any time in your browser settings. All personal data collected for website analytics is deleted when no longer needed.

3.10 To deliver Taahirah newsletters

If you have signed up for a Taahirah newsletter or have agreed to receive promotional emails, we process certain contact data (e.g., your email address) so we can send you these communications. Examples include:

3.10.1. Newsletters: Updates about our services, articles, or health-related news.

3.10.2. Promotional emails: Occasional offers for third-party products or services that align with Taahirah’s mission.

3.10.3. Third-party providers: We may use a newsletter/email distribution service (e.g., Mailchimp) to manage and send newsletters. If data is transferred outside of the EEA or UK, we ensure compliance with GDPR safeguards (see Section 4).

3.10.4. Legal basis: Art. 6(1)(a) GDPR for sending newsletters based on consent. Art. 6(1)(f) GDPR for sending promotional emails in certain contexts aligned with our legitimate interests. Art. 9(2)(a) GDPR for any cycle review emails that may involve health data.

You can unsubscribe at any time by clicking the “unsubscribe” link at the top and bottom of each email. All data for newsletter services is deleted when it is no longer required for that purpose.

3.11 To gain insights via surveys and interviews

We may occasionally conduct surveys or interviews to obtain user feedback on Taahirah’s performance, usefulness of certain features, or community interests in specific health topics. Any personal information you voluntarily provide is processed solely to gather feedback and insights for improving Taahirah.

Art. 6(1)(a) GDPR for processing personal data provided in surveys or interviews with your consent. Art. 9(2)(a) GDPR if any health data is part of the survey or interview.

We delete any personal data collected for surveys or interviews once it is no longer needed.

4. Data transfer outside the UK

Any personal data collected from you may be transferred to countries outside the UK only if we observe applicable privacy regulations and ensure that your rights remain protected.

We choose our processors carefully and avoid partnering with those located in jurisdictions that do not sufficiently respect privacy or the rule of law. For more information about these safeguards, contact us at contact@taahirah.health.

5. Your data protection rights

We believe privacy — including data privacy — is a fundamental right and Islamic obligation. At Taahirah, we strive to ensure your rights are respected. Our services are designed to collect and process only the data necessary for the purposes outlined in this Privacy Policy.

Here are some key privacy facts:

  1. We collect and process data solely for the reasons described herein.
  2. Our servers and infrastructure are regularly audited and tested for security.
  3. We do not retain your data in an identifiable format for longer than necessary.
  4. Taahirah does not engage in automated decision-making or profiling that produces legal effects concerning you.

As a user of Taahirah, depending on whether you are in the UK or another jurisdiction subject to GDPR (or UK GDPR), you have the right to:

  1. Request information about how Taahirah processes your personal data. You can request this info at contact@taahirah.health.
  2. Request a copy of your personal data in a portable format (data portability).
  3. Correct or update personal data in your account settings, or health data in the app’s tracking categories.
  4. Withdraw consent to ongoing processing at any time by deleting your account, adjusting privacy settings, or unsubscribing from newsletters.
  5. Request the complete deletion of your data from our systems—and from third-party services — by contacting contact@taahirah.health. We will delete your data within one month.
  6. Lodge a complaint with the relevant supervisory authority if you believe Taahirah is violating data protection regulations (e.g., the UK Information Commissioner’s Office.

6. Data security procedures

Protecting your data privacy is at the heart of Taahirah. We apply rigorous security measures to safeguard your data against unauthorized access, misuse, loss, and alteration. Although no method of transmission or electronic storage is 100% secure, we follow industry best practices, including encryption and routine server security assessments.

6.1 How Taahirah secures your personal data

We store your personal profile data separately from your health data and service settings to provide an extra layer of protection.

When you create a Taahirah account password, it is stored using one-way encryption (“hashing” and “salting”), making it unreadable — even to Taahirah staff.

All data transferred between your device and our servers uses HTTPS encryption. This is indicated by the padlock icon in your browser’s URL bar.

6.2 Taahirah’s recommendations for protection data

Your data is private and should remain so. Here are some steps to keep your data secure:

  • Use a unique, strong password for your Taahirah account and consider using a password manager.
  • Set a passcode, Touch ID, or Face ID on your device.
  • Enable remote wipe functionality (e.g., “Find My Device” on Android or “Find My iPhone” on iOS) in case your device is lost or stolen.

7. Cookies on taahirah.health

We use cookies on taahirah.health to analyse performance and improve our website. These may include first-party cookies (from Taahirah) and third-party cookies (e.g., Google Analytics). Cookies are small text files that store information about your preferences, device, or session. Examples of use:

  • Retaining user preferences (e.g., language settings).
  • Analysing user interactions for site performance tracking.
  • Potentially displaying relevant Taahirah content on other platforms (“retargeting”).

You can learn more about the specific cookies and tracking services we use by reviewing our Cookie Policy on taahirah.health. You may disable non-essential cookies at any time via our cookie banner or your browser’s settings.

8. Changes to this Privacy Policy

Taahirah reserves the right to amend this Privacy Policy periodically to reflect changes in the law, our data collection or usage practices, our technology, or our service offerings.

If any amendments materially affect the ways we process your data or your consent, we will notify you (e.g., in-app notification, email).

Refer to the top of this document to see when it was last revised.

Please review this Privacy Policy regularly to stay aware of updates.

9. Responsibility for Taahirah’s data processing

Taahirah is responsible for the processing of your personal data in connection with our services. For further contact details, please refer to our website at taahirah.health.

Taahirah has appointed a data protection officer. If you have questions or concerns related to data protection at Taahirah, please email contact@taahirah.health.

10. Prevailing language of this Privacy Policy

Taahirah is used by people around the world, many of whom access our app in various languages. However, we cannot guarantee 100% accuracy, particularly regarding legal content.

In the event of any discrepancy between the translated version of this Privacy Policy and the English version, the English version shall prevail. The most up-to-date English version of this Privacy Policy is always available on our website at taahirah.health.

Note: This Privacy Policy is provided for informational purposes and does not constitute legal advice. For complete guidance on your legal obligations, please consult a qualified legal professional with expertise in UK data protection law (including UK GDPR and Data Protection Act 2018).