1. Who We Are
Umatyn ("we", "us", "our") operates umatyn.com, a curated directory and discovery platform for apps, platforms, and digital tools built for the Muslim community. Our mission is to catalog, verify, and structure every meaningful digital solution serving the Ummah.
For any privacy-related inquiry you can reach us at [email protected].
2. What Data We Collect
We collect only the data necessary to provide and improve our service:
- Account information โ When you sign in with Google, we receive your name, email address, and profile picture from your Google account.
- User activity โ Votes (upvotes on tools), bookmarks (saved tools), reviews (ratings and written feedback), and tool submissions you create on the platform.
- Notification preferences โ Which tools you have subscribed to for update notifications.
- Technical data โ IP address, browser type, and error/crash reports collected automatically for security and service reliability.
3. Why We Collect It
- Providing the service โ Authenticating your identity, displaying your votes, bookmarks, reviews, and managing your submissions.
- Personalization โ Showing your saved tools, personalizing the feed, and sending relevant notifications.
- Security and integrity โ Preventing spam, fake reviews, and abuse of the platform.
- Improvement โ Understanding how the platform is used to make it better for the community.
4. Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:
- Consent โ When you sign in via Google OAuth, you explicitly consent to the collection of your profile information.
- Performance of a contract โ Processing necessary to provide you with the service (e.g., storing your reviews, bookmarks, votes).
- Legitimate interest โ Error monitoring, security, and analytics to maintain and improve the platform, balanced against your fundamental rights.
5. How Long We Keep Your Data
- Active account โ Your data is retained for the lifetime of your account.
- After deletion โ When you delete your account, your personal data is anonymized or deleted within 30 days. Anonymized reviews may be retained to preserve the integrity of tool ratings.
- Audit logs โ Retained for up to 12 months for security and compliance purposes.
6. Third-Party Services
We share data with the following third-party processors, all of which comply with applicable data protection laws:
- Supabase โ Database hosting and backend infrastructure. Your account data, votes, bookmarks, reviews, and submissions are stored on Supabase servers.
- Google โ Authentication provider (Google OAuth). We receive your name, email, and avatar when you sign in.
- Sentry โ Error tracking and monitoring. Technical error data (stack traces, browser info) may be sent to Sentry to help us fix bugs.
- Resend โ Transactional email service. Your email address is shared with Resend only when we need to send you platform notifications.
- Microsoft Clarity โ Optional analytics (heatmaps and session replays) to understand how the site is used and improve it. Only loaded if you explicitly accept the cookie banner. See Microsoft's privacy statement.
We do not sell, rent, or trade your personal data to any third party.
7. Your Rights
Under the GDPR and applicable data protection laws, you have the right to:
- Access โ Request a copy of all personal data we hold about you.
- Rectification โ Ask us to correct any inaccurate or incomplete data.
- Erasure ("Right to be forgotten") โ Request deletion of your personal data.
- Data portability โ Receive your data in a structured, machine-readable format (JSON).
- Withdraw consent โ Withdraw your consent at any time by deleting your account.
- Restriction of processing โ Request that we limit processing of your data in certain circumstances.
- Object โ Object to processing based on legitimate interest.
- Lodge a complaint โ File a complaint with your local data protection authority (e.g., CNIL in France, ICO in the UK).
8. How to Exercise Your Rights
9. Cookies
Essential cookies (always active)
Required for the platform to function. No consent needed under GDPR.
- Supabase authentication session โ Keeps you signed in between visits.
- Locale preference โ Remembers whether you are browsing in English, French, or Arabic.
Analytics cookies (consent required)
Loaded only if you accept the cookie banner. You can refuse and still use the platform fully.
- Microsoft Clarity โ Heatmaps and session replays so we can see where users get stuck and improve the experience. No personal data is captured in the replays (form fields and sensitive content are masked by default).
We do not use any advertising or cross-site tracking cookies. No data is shared with ad networks or data brokers.
To withdraw analytics consent after accepting, clear your browser's site data for umatyn.com โ the banner will reappear and you can choose Refuse.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify users via a prominent notice on the platform. The "Last updated" date at the top of this page indicates when the policy was last revised.
11. Contact
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: