top of page

Privacy Policy

Last Updated: 1 February 2026   |   Effective Date: 1 February 2026

​

Applies to: Hayafi iOS App, Hayafi Android App, hayafi.app website

Welcome to Hayafi

Hayafi is a UK-based halal Muslim marriage platform built to help sincere individuals find meaningful, Islam-guided connections. We take your privacy seriously — not just because the law requires it, but because trust is the foundation of everything we do.

 

This Privacy Policy explains in full detail what personal data we collect about you, why we collect it, how we use it, who we share it with, how long we keep it, and what rights you have under the UK GDPR and the Data Protection Act 2018. Please read it carefully before using the Hayafi app or website.

​

Important: Hayafi does not serve advertisements. Hayafi does not sell your personal data to advertisers, data brokers, or any third party. Hayafi does not currently offer paid subscriptions — no payment data is collected at this time.

Content

1.  Who We Are

2.  Where This Privacy Policy Applies

3.  Data We Collect

4.  Why and How We Use Your Data

5.  How We Share Your Data

6.  Third-Party Services and SDKs

7.  Cross-Border Data Transfers

8.  Your Rights

9.  How Long We Retain Your Data

10.  Children's Privacy

11.  Security

12.  Wali / Guardian Feature

13.  Selfie Verification and Biometric Data

14.  Cookies and Similar Technologies

15.  Changes to This Privacy Policy

16.  How to Contact Us

2. Where This Privacy Policy Applies

This Privacy Policy applies to all services operated by Hayafi Ltd, including:

  • The Hayafi mobile application available on iOS (Apple App Store) and Android (Google Play Store)

  • The Hayafi website accessible at hayafi.app and any subdomains

  • Any related communications, support services, or features provided by Hayafi

This policy applies to all users of the Hayafi service regardless of their country or region of residence, though your specific legal rights may differ depending on where you are located (see Section 8 for full details of your rights).

If a specific Hayafi feature requires a separate or supplementary privacy notice, that notice will be presented to you at the relevant time and will form part of this Privacy Policy.

3. Data We Collect

We collect only the data that is necessary to operate our platform, keep it safe, and provide you with a meaningful experience. Below is a comprehensive breakdown of all personal data we collect, organised by type.

3.1  Data You Provide to Us

3.2  Data Collected Automatically

3.3  Data We Do NOT Collect

For complete transparency, the following types of data are not collected by Hayafi:

  • Payment card numbers, banking details, or financial information (no paid features exist at present)

  • Advertising identifiers or tracking data for third-party advertising purposes

  • Behavioural tracking data for data brokers or third-party profiling

  • Continuous GPS location tracking

  • Audio or video content from calls

  • Biometric templates or facial geometry data (see Section 13)

4. Why and How We Use Your Data

We process your personal data only where we have a clear and lawful basis to do so. Under UK GDPR, the legal bases we rely on are:

  • Contractual necessity — processing required to provide the service you signed up for and to perform our obligations to you under our Terms of Service

  • Legitimate interests — processing that serves our genuine business interests or the safety of our members (e.g. preventing fraud, improving the platform), where this is balanced against your rights and does not override them

  • Consent — where you have freely given, specific, informed, and unambiguous consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.

  • Legal obligation — where processing is required to comply with a UK or applicable legal requirement

  • Substantial public interest — certain processing related to fraud prevention, safety, and crime detection

 

The following table sets out every purpose for which we process your data, the data categories used, and the legal basis relied upon:

We will never use your data for purposes that are incompatible with those described above without first informing you and, where required, obtaining your consent.

5. How We Share Your Data

We do not sell your personal data. We do not share your data with advertisers, data brokers, or any commercial third party for their own marketing purposes. We share your data only in the specific circumstances described in this section.

Hayafi does not engage in cross-contextual behavioural advertising, sell personal data to data brokers, or share data with any advertising networks.

6. Third-Party Services and SDKs

To operate the Hayafi app, we use a number of third-party software development kits (SDKs) and services. The following table provides full transparency about each one, what data they access, and why they are used. We review these integrations regularly and update this section when changes are made.

6.1  Essential SDKs (Required for Core App Functionality)

6.2  Optional SDKs (Activated Only When You Use Specific Features)

All other Flutter packages used in the Hayafi app are UI-only components (e.g. layout, animations, icons) that do not collect, transmit, or process any personal data.

7. Cross-Border Data Transfers

Hayafi is a UK-based service. However, some of the third-party service providers we use operate infrastructure outside the United Kingdom. When your personal data is transferred outside the UK to a country not recognised by the UK Government as providing an adequate level of data protection, we ensure appropriate safeguards are in place.

 

The transfer mechanisms we rely on include:

  • UK International Data Transfer Agreements (IDTAs) — the UK equivalent of EU Standard Contractual Clauses, which contractually bind service providers to protect your data to UK GDPR standards

  • UK adequacy regulations — where the UK Government has determined that a particular country ensures an adequate level of data protection

 

The primary international transfers that may occur are:

If you would like more information about the specific safeguards in place for any of these transfers, please contact us at hello@hayafi.app.

8. Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have a range of important rights regarding your personal data. These rights are described in full below, along with guidance on how to exercise each one. We will respond to all valid rights requests within one calendar month of receipt, as required by law.

To protect your privacy and security, we may ask you to verify your identity before we can respond to a rights request. We will not charge a fee for handling your request unless it is manifestly unfounded or excessive, in which case we will inform you before proceeding.

 

We aim to respond to all requests within one month. If your request is complex or we receive a high volume of requests, we may extend this period by a further two months, but we will inform you within the first month if this is the case.

9. How Long We Retain Your Data

We retain your personal data only for as long as is necessary to fulfil the purposes described in this Privacy Policy, to comply with our legal obligations, and to resolve any disputes or enforce our agreements. The following table sets out our specific data retention periods:

When data is no longer required to be retained, we securely delete or anonymise it so that it can no longer be attributed to you.

You may close your account at any time through the app settings. Upon account closure, your profile will immediately become invisible to other members. Retained data following closure is limited to what is described in the table above.

​

10. Children's Privacy

Hayafi is a marriage platform intended exclusively for adults. Our service is strictly restricted to individuals who are 18 years of age or older.

 

We do not knowingly collect, process, or store personal data from anyone under the age of 18. Users are required to confirm their age during registration, and accounts that are found or suspected to belong to minors will be suspended and their data deleted immediately.

 

If you believe that a person under the age of 18 has registered on Hayafi, or if you are a parent or guardian who believes your child's data has been collected, please contact us immediately at hello@hayafi.app. We will investigate and take prompt action including deletion of all data related to the account.

 

If you suspect a member may be under 18 while using the app, please use the in-app reporting feature to flag the account for our moderation team to review.

11. Security

Protecting your personal data is a core responsibility that we take seriously. We implement appropriate technical and organisational security measures designed to protect your data against accidental or unlawful access, destruction, loss, alteration, disclosure, or other unauthorised processing.

 

Our security measures include:

  • Encryption of data in transit using industry-standard TLS (Transport Layer Security) protocols

  • Encryption of data at rest on our servers and cloud storage infrastructure

  • Role-based access controls, ensuring that only authorised Hayafi personnel can access personal data, and only to the extent necessary for their job function

  • Regular monitoring of systems for suspicious activity, intrusion attempts, and anomalous behaviour

  • Secure, password-protected infrastructure hosted on reputable cloud providers

  • Contractual obligations placed on all third-party data processors requiring them to maintain equivalent security standards

 

Despite these precautions, no system or method of transmitting data over the internet can be guaranteed to be 100% secure. We cannot provide an absolute guarantee of security, but we are committed to maintaining the highest practical standards and responding promptly to any security incidents.

 

We encourage you to:

  • Use a strong, unique password for your Hayafi account

  • Keep your login credentials confidential and not share them with anyone

  • Log out of the app when using shared or public devices

  • Be cautious about the personal information you choose to share in chat conversations with other members

 

If you suspect that your account has been compromised or that there has been unauthorised access to your data, please contact us immediately at hello@hayafi.app.

12. Wali / Guardian Feature

Hayafi offers an optional Wali (guardian) supervision feature, which is designed to support halal-intentioned use of the platform in line with Islamic values. This section provides full details of how this feature works and how data is processed in connection with it.

12.1  How the Feature Works

  • You may voluntarily nominate a Wali (guardian) by providing their name, email address, and phone number in your app settings

  • Once enabled, your nominated Wali will receive weekly transcripts of the chat conversations you engage in or are engaged in through the Hayafi app

  • You will always be informed when a Wali is active on your account and monitoring your conversations

  • The Wali feature is entirely optional — it is not required for registration or general use of the app

12.2  Wali Contact Sharing in Proposals

  • The proposals feature allows you to share your Wali's contact details with a potential match as part of the proposal process

  • You may also request another user's Wali or guardian contact details from within the chat interface

  • Wali contact details belonging to another user will only be shared with you if that user manually approves your request — this sharing never happens automatically

12.3  Data Processing for the Wali Feature

The legal basis for processing data through the Wali feature is your explicit consent. You activate this feature voluntarily, and you may disable it or withdraw consent at any time through your app settings. Disabling the feature will stop future transcripts from being sent to your Wali.

Third parties (including your Wali) who receive chat transcripts through this feature receive only the content of those conversations and are not given access to any other personal data on your Hayafi profile.

​

13. Selfie Verification and Biometric Data

Hayafi requires all new users to complete a selfie verification step as part of the account creation process. This section explains exactly how this works and what data is and is not collected.

13.1  Mandatory Selfie Verification

  • When you create your account, you are asked to submit a selfie photograph

  • This selfie is used solely to confirm that you are a real person and that your profile photo genuinely represents your appearance

  • The selfie is stored securely and is deleted 15 days after your verification has been completed

  • Hayafi does not create, store, or retain any biometric templates, facial geometry data, or facial recognition hashes. The verification process is a visual comparison — it does not involve automated biometric identification technology 

13.2  Optional ID Verification (Verified ID Badge)

  • You may optionally choose to submit a copy of a government-issued identity document (such as a passport or driving licence) to obtain a 'Verified ID' badge displayed on your profile

  • This is entirely voluntary and your account will function normally without it

  • ID documents submitted for this purpose are reviewed to confirm identity and are deleted immediately upon completion of the verification check. Hayafi does not retain copies of your identity documents.

13.3  No Biometric Data Collection

  • Hayafi confirms the following regarding biometric data:

  • We do not use facial recognition technology

  • We do not create or store biometric identifiers derived from your selfie or photographs

  • We do not extract, process, or retain facial geometry or face mapping data

  • Selfie images are used solely for the manual visual verification process described above and are deleted within 15 days

14. Cookies and Similar Technologies

The Hayafi mobile app does not use browser cookies, as it is a native mobile application. However, the Hayafi website (hayafi.app) may use cookies and similar tracking technologies. This section explains our use of these technologies.

14.1  What Are Cookies?

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work efficiently, to remember your preferences, and to provide information to the website operator.

14.2  Types of Cookies We May Use on hayafi.app

Hayafi does not use advertising or marketing cookies on its website. We do not serve third-party advertising through our website or app.

For detailed information about the specific cookies used on hayafi.app and how to manage them, please refer to our separate Cookie Policy, available on the website.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, the introduction of new features, or updates to applicable law. We are committed to transparency and will always inform you of material changes before they take effect.

 

When we make a material change to this Privacy Policy, we will:

  • Update the 'Last Updated' date at the top of this document

  • Send you an in-app notification or email notification of the change where required by law or where the change materially affects how your data is processed

  • Give you reasonable notice before the new policy takes effect, during which time you may review the changes

 

For changes that are not material (e.g. minor clarifications or corrections), we will update the policy without separate notification, though the updated date will always reflect the most recent revision.

 

Your continued use of the Hayafi app or website following the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you may close your account at any time.

 

Previous versions of this Privacy Policy are available upon request by contacting hello@hayafi.app.

16. How to Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or about how Hayafi processes your personal data, please get in touch with us using the contact details below. We welcome all enquiries and are committed to addressing them promptly and transparently.

We aim to acknowledge all privacy enquiries within 5 working days and to resolve them fully within one calendar month. For complex Subject Access Requests or rights requests, we may take up to three months in total but will keep you informed of progress throughout.

Copyright © 2025 Hayafi Ltd. All rights reserved.

Registered in England and Wales. Registered Office: 5 Brayford Square, London E1 0SG, United Kingdom.

This document is governed by UK GDPR and the Data Protection Act 2018.

bottom of page