Skip to main content
DRAFT — This policy is under legal review (2026-04-25). Published for development purposes; will be replaced before public launch.
← Back to ChatIslam

Privacy Policy

Last updated: April 25, 2026

1. Who We Are

ChatIslam is operated by Ummat, an Islamic technology organization (501(c)(3) application pending). We operate chatislam.org, an AI-powered Islamic question-and-answer and dawah platform.

Data controller: Ummat — [email protected]

2. What We Collect

Data you provide:

  • Account information: email address and display name when you create an account.
  • Conversation content: questions and messages you submit to ChatIslam. These are used to generate AI responses and may be reviewed for quality and safety.
  • Feedback: ratings or corrections you submit on AI responses.

Data collected automatically:

  • Usage data: features used, session duration, error reports.
  • Device information: device type, OS version, browser type and version.
  • IP address: rate limiting and geographic routing. Not stored beyond 30 days.

We do not sell your data. We do not build advertising profiles. Your conversations are not used to train third-party AI models without your explicit opt-in.

3. AI Conversation Handling

How we handle your conversations:

  • Active retention: Conversation history is retained for 30 days to allow you to continue previous conversations and access your history.
  • Anonymization: After 30 days, conversations are anonymized (personal identifiers removed) and retained for up to 12 months for quality improvement.
  • Deletion: You can delete your conversation history at any time from your account settings. Deletion is permanent.
  • AI training opt-out: We do not use your identified conversations to fine-tune AI models. Anonymous aggregate data may be used to improve response quality. You can opt out in account settings.
  • Third-party AI: Your conversation text is sent to Anthropic (Claude API) for response generation. Anthropic’s data processing is covered by a Data Processing Agreement (DPA) and Standard Contractual Clauses.

4. How We Use It

  • Generate AI responses to your Islamic questions.
  • Maintain your conversation history (30-day active window).
  • Improve the accuracy and quality of responses.
  • Send transactional emails (account verification, password reset).
  • Detect and prevent abuse and harmful content.
  • Comply with applicable law.

GDPR lawful basis: contract performance, legitimate interests (safety, quality), legal obligation.

5. Who We Share With

VendorPurposeCountry / Safeguard
Hetzner Online GmbHServer hostingGermany (EU)
Vercel Inc.Web hostingUSA/EU — SCCs
Cloudflare Inc.CDN, DNSUSA/EU — SCCs
Anthropic PBCAI inference (conversation responses)USA — SCCs + DPA
Elastic Email Inc.Transactional emailUSA/EU — SCCs

Full sub-processor list: ummat.pro/legal/sub-processors

6. Your Rights

  • Access — request a copy of all data we hold about you, including conversation history.
  • Correct — ask us to fix inaccurate data.
  • Delete — delete your account, conversation history, and all associated data.
  • Port — receive your data in machine-readable format.
  • Restrict / Object — limit or object to certain processing.

GDPR / UK-GDPR: Articles 15–22 apply. Response within 30 days. CCPA/CPRA: we do not sell your data.

Email: [email protected]

7. Children

ChatIslam is not directed at children under 13 (US) or under 16 (EU). We do not knowingly collect data from minors below these ages. Contact [email protected] if you believe a child has provided data without parental consent.

8. Retention

  • Account data: until deletion + 30-day grace period.
  • Active conversation history: 30 days.
  • Anonymized conversation data: up to 12 months.
  • Server logs (incl. IP): 30 days.
  • Anonymized analytics: up to 24 months.

9. International Transfers

Our servers are in Falkenstein, Germany (EU) via Hetzner. Your conversation data is sent to Anthropic (USA) for AI processing, covered by Standard Contractual Clauses (EU 2021/914, Module 2) and a Data Processing Agreement.

10. Security

TLS 1.3 for all data in transit. Encryption at rest for sensitive fields. Conversation data is isolated per user via role-based access control. Security disclosures: [email protected]

11. Contact

Privacy: [email protected]
Security: [email protected]

Ummat (501(c)(3) application pending) — United States

Recent Updates (2026-04-25)

The following changes reflect P3 platform decisions that took effect April 2026:

  • Analytics — PostHog removed: PostHog is no longer used on any Ummeco product (decision D-P3-21). ChatIslam does not use third-party analytics. Error monitoring uses Sentry (session replay is disabled for ChatIslam given the sensitivity of Islamic queries).
  • AI routing — current state: ChatIslam continues to route conversations directly to the Anthropic Claude API (Sonnet 4.x, USA). Migration to a self-hosted AI routing layer (nself-ai, Track A6) is planned for a future release. This policy will be updated when that migration ships. Until then, Anthropic remains the sole external AI processor.
  • Anthropic Data Processing Agreement: We have a Data Processing Agreement (DPA) with Anthropic Inc. covering GDPR Article 28 obligations for conversation data processed on our behalf. We do not use the API zero-retention tier; conversations are processed subject to Anthropic's standard API data usage policy. To opt out of model training, contact [email protected].
Terms of ServiceCookie Policy