Overview
Sahab Zakat (“we,” “our,” “us”) is a product of Sahab Solutions. We built this service with privacy as a core principle. Your financial data is encrypted end-to-end using per-user keys — we cannot read it even if we wanted to.
Information We Collect
Account Information
When you create an account, we collect your name, email address, and a hashed password. If you sign in with Google, we receive your name and email from Google. We never store your Google password.
Financial Data
Asset values, debt amounts, payment recipients, payment amounts, and notes are all encrypted with AES-256-GCM using a key derived from your account. Plaintext values are never stored in our database. We cannot access, read, or share your financial data.
Usage Data
We use Google Analytics to collect anonymous usage statistics (pages visited, session duration, device type). This data contains no personal or financial information. You can opt out by using a browser extension that blocks Google Analytics.
How We Use Your Information
- Provide and maintain the zakat calculation and payment tracking service
- Send transactional emails (verification, password reset, zakat reminders)
- Improve the product based on anonymous usage patterns
We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not serve ads.
Data Encryption
All financial data is encrypted at rest using AES-256-GCM with per-user encryption keys. No master decryption key exists. Even our database administrators cannot read your financial data. Plaintext fields (asset amounts, totals, etc.) are zeroed out after encryption.
Third-Party Services
- MongoDB Atlas — Database hosting. Data is encrypted at rest and in transit. Your financial data is additionally encrypted by us before storage.
- Resend — Transactional email delivery. Receives only your email address and the email content.
- GoldAPI.io — Live gold and silver prices. No personal data is sent.
- Google Analytics — Anonymous usage statistics. No personal or financial data is shared.
- Google OAuth — Optional sign-in method. We receive only your name and email.
Data Retention & Deletion
Your data is retained for as long as your account is active. You can export all your data or permanently delete your account and all associated data at any time from the Settings page. Deletion is immediate and irreversible.
Cookies
We use a single session cookie for authentication. We do not use advertising cookies or cross-site tracking cookies. Google Analytics may set its own cookies for anonymous usage tracking.
Children
Sahab Zakat is not directed to children under 13. We do not knowingly collect personal information from children.
Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the service after changes constitutes acceptance.
Contact
Questions about this policy? Contact us at support@sahabproducts.com.