Last updated: February 20, 2026

Privacy Policy

Learn how Mizaan collects, uses, and protects your personal information.

Introduction

Mizaan Financial Technologies Inc., operating as Mizaan ("we," "us," or "our"), is based in Edmonton, Alberta, Canada. We are committed to protecting your privacy and handling your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Alberta's Personal Information Protection Act (PIPA).

Information We Collect

Account Information

  • Email address
  • Full name (optional)
  • Password (stored securely using industry-standard encryption)
  • Authentication preferences (e.g., two-factor authentication settings)

Financial Information

  • Asset values you input (cash, gold, silver, investments, etc.)
  • Debt information you provide
  • Calculation history and saved calculations
  • Portfolio holdings for Shariah compliance screening
  • Dividend and purification tracking data

Religious Preferences

  • Islamic sect preference (Sunni or Shia)
  • School of jurisprudence (madhab) preference
  • Nisab reference preference (gold or silver)

Payment Information

Payment processing is handled by Stripe. We do not store your credit card numbers or banking details. We receive only confirmation of payments, subscription status, and a tokenized customer ID.

Automatically Collected Information

  • Device type and browser information
  • IP address (for security and fraud prevention)
  • Usage data (features accessed, calculation frequency)
  • Cookies and similar technologies

How We Use Your Information

  • Provide and improve our Zakat calculation services
  • Save and retrieve your calculation history
  • Personalize calculations based on your religious preferences
  • Process payments and manage subscriptions
  • Send important account notifications
  • Send optional service emails (Hawl reminders, Nisab alerts) if you opt in
  • Provide AI-powered explanations of your calculations
  • Analyze usage patterns to improve our service
  • Comply with legal obligations

Use of Google User Data

Mizaan offers "Sign in with Google" as an optional authentication method. When you choose to sign in with Google, we request access to the following information:

  • Email address: Used to create and identify your Mizaan account
  • Basic profile information: Your name (if provided) to personalize your experience

How we use this data: Your Google account information is used solely to authenticate you and provide a seamless login experience. We use your email to save your Zakat calculations, portfolio data, and preferences to your profile.

Limited Use Disclosure: Mizaan's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Data sharing: We do not share your Google user data with any third parties except as necessary to provide our services (e.g., Supabase for authentication and data storage).

Data retention: Your Google-linked account data is retained while your account is active. You can delete your account at any time, which will remove all associated data.

Third-Party Services

We use the following third-party services to operate Mizaan. Each service receives only the minimum data necessary for its function.

AI Explanations (Anthropic Claude & Google Gemini)

When you request AI-powered explanations, your calculation data is processed by one of two third-party AI services:

  • Claude by Anthropic — used for Zakat explanations, custom questions, and advisor chat
  • Gemini by Google — used for Khums explanations and Shariah screening explanations

What is sent: Only your calculation inputs (asset values, sect, madhab) relevant to the explanation. Your name, email, and account details are never sent to these AI services.

Data training: Neither Anthropic nor Google use your data submitted via their APIs to train their AI models.

You are asked for explicit consent before any data is sent to these services for the first time. You can withdraw consent at any time in Settings.

Authentication & Data Storage (Supabase)

Our application uses Supabase as our backend authentication provider and database. When you sign in with Google, the authentication flow redirects through Supabase (supabase.co) to securely handle your session. Your data is stored with enterprise-grade encryption at rest and in transit.

Web Payment Processing (Stripe)

Web subscription payments are processed by Stripe, a PCI Level 1 compliant processor. We never store your credit card numbers. Stripe receives your email and payment details.

iOS In-App Purchases (RevenueCat)

iOS subscriptions are managed through RevenueCat, which interfaces with Apple's App Store payment system. RevenueCat receives your anonymous app user ID and purchase transaction data. Your payment details are handled entirely by Apple.

Email Services (Resend)

Transactional and service emails (Hawl reminders, Nisab alerts, payment confirmations) are sent through Resend. Resend receives your email address solely for delivery purposes.

Push Notifications (Firebase Cloud Messaging)

If you opt in to push notifications, we use Firebase Cloud Messaging (FCM) by Google to deliver them. FCM receives a device token (not your email or name). Firebase Analytics is disabled.

Market Data (MetalpriceAPI & Financial Modeling Prep)

Real-time gold and silver prices are fetched from MetalpriceAPI. Stock financial data for Shariah compliance screening is fetched from Financial Modeling Prep (FMP). These services do not receive any of your personal information — only price and symbol queries.

Cryptocurrency Data (CoinGecko)

Cryptocurrency classification data for Shariah screening is fetched from CoinGecko. No personal information is shared with CoinGecko.

Brokerage Integration (SnapTrade)

If you connect a brokerage account (Concierge tier), the connection is facilitated by SnapTrade. SnapTrade receives an anonymous user ID and securely handles the OAuth connection to your brokerage. We store encrypted connection credentials to sync your holdings.

Analytics (Vercel)

We use Vercel Analytics and Speed Insights to understand aggregate usage patterns and page performance. These collect anonymous, non-identifying metrics (page views, load times). No personal data or financial information is shared with Vercel for analytics purposes.

International Data Transfers

Some of our third-party service providers are located outside of Canada (primarily in the United States). When your data is transferred internationally, it is protected by contractual safeguards including Data Processing Agreements (DPAs) with our key providers.

If you are located in the European Economic Area (EEA), your data is transferred under Standard Contractual Clauses (SCCs) or equivalent mechanisms recognized by the European Commission.

Marketing Communications

We only send marketing emails if you provide express consent during signup. You can withdraw this consent at any time through your account settings or by using the unsubscribe link in any marketing email. Transactional emails (account confirmations, payment receipts, security alerts) do not require marketing consent and will continue to be sent as necessary.

Your Rights

Under Canadian privacy law (PIPEDA/PIPA) and, where applicable, the EU General Data Protection Regulation (GDPR), you have the right to:

  • Access: Request a copy of your personal information
  • Correction: Request that we correct inaccurate information
  • Deletion: Request that we delete your account and data. You can also delete your account directly from the Settings page within the app.
  • Withdrawal: Withdraw consent for optional data processing (e.g., AI explanations, marketing emails)
  • Portability: Request your data in a machine-readable format
  • Restriction: Request that we restrict the processing of your data in certain circumstances

To exercise these rights, contact us at privacy@mizaan.ca. We will respond within 30 days.

Data Retention & Security

  • Account data: Retained while your account is active
  • Calculation history: Retained until you delete it or your account
  • Payment records: Retained for 7 years for tax compliance
  • Usage logs: Automatically deleted after 90 days

We implement encryption, secure password hashing, two-factor authentication, and row-level security.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of Mizaan after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us:

Email: privacy@mizaan.ca
Location: Edmonton, Alberta, Canada