Privacy Policy

Mansour Company, a simplified single-shareholder company (SASU) with a share capital of €1, registered with the Trade and Companies Register (RCS) of Pontoise under number 934 639 436, whose registered office is located at 10 Allée des Chênes, 95670 Marly-la-Ville, France.

Mansour Company is the data controller for personal data collected via the Niyyah application.

You may contact our Data Protection Officer (DPO) at the following email address: [DPO email address] or by mail at: [postal address].

1. Data Collected

We collect and process the following categories of data:

  • Identification data: first name, last name, username, email address, phone number, hashed password.
  • Profile data: date of birth, marital status, number of children, education level, profession, nationality, city of residence, country where the user grew up, origins, height, photo.
  • Sensitive data (within the meaning of Article 9 GDPR): religious practice, wearing of the veil, mosque attended, marriage intention, marriage timeline, willingness to relocate. These data are optional and processed with your explicit consent.
  • Contact data: phone numbers of contacts you voluntarily select. These data are used solely to verify whether your contacts already use the application and, where applicable, to invite them to register.
  • Contact details shared during a meeting request: phone number of the contact designated by the female user to organize the meeting.
  • Conversation and content data: messages sent via the application, likes, reports, blocks.
  • Financial data: transaction identifier, subscription status, subscription dates. We do not store your banking details.
  • Technical data: login identifiers, IP address, device identifier, logs, notification tokens.

2. Purposes and Legal Bases

We process your data for the following purposes:

  • Creation and management of the user account (public profile, matching, messaging): performance of a contract (Art. 6(1)(b) GDPR).
  • Verification of age and identity: performance of a contract and legal obligation.
  • Collection of religious and lifestyle information: explicit consent (Art. 9(2)(a) GDPR).
  • Importing contacts and sending invitations: user consent to access contacts (Art. 82 French Data Protection Act – LIL). Obligation to inform the concerned contacts.
  • Display of profiles and aggregated statistics: legitimate interest of Mansour Company in providing an efficient service, while respecting users’ rights and freedoms.
  • Content moderation and prevention of behavior contrary to religious rules: legitimate interest in ensuring safety and compliance with the platform’s rules.
  • Management of transactions, subscriptions, and customer support: performance of a contract and compliance with accounting obligations.
  • Sending notifications and communications (emails, SMS) related to the service: performance of a contract or legitimate interest.
  • Management of requests to exercise data subject rights: legal obligation (Art. 15–22 GDPR).
  • Transmission of the Trusted Person’s phone number during a meeting request: performance of a contract and prior consent of the Trusted Person; such transmission may only occur after the explicit consent of both the Trusted Person and the account holder.

3. Recipients of the Data

Your data are accessible to authorized internal teams of Mansour Company, to the Trusted Person you have designated, to administrators responsible for moderation, and to Mansour Company’s processors (hosting providers, notification services, email and SMS providers, analytics providers, payment service providers) under contracts compliant with Article 28 GDPR.

Your contacts’ data are used solely for the stated purpose and deleted after comparison.

The phone number shared during a meeting request is transmitted exclusively to the concerned recipient.

4. Data Retention Periods

Account data are retained for the duration of your registration and then archived for 3 years following account deletion.

Sensitive data are retained as long as you have given your consent.

Messages are retained for 12 months after being sent.

Imported contacts are retained only for the time required for analysis and invitations, then deleted.

Phone numbers shared during meeting requests are deleted immediately after the meeting.

Technical logs are retained for 6 months.

Financial data are retained for 10 years.

5. Transfers Outside the European Union

Certain data may be transferred outside the European Union (in particular to our hosting and notification service providers). We ensure that appropriate safeguards are implemented (standard contractual clauses, additional security measures) and conduct transfer impact assessments where required.

6. Security

We implement technical and organizational measures to protect your data, including encrypted communications, password hashing, access control, logging, and regular security testing.

Our processors are subject to the same requirements.

7. Your Rights

You have the rights of access, rectification, erasure, restriction, objection, portability, and withdrawal of consent.

You may exercise these rights by contacting contact@niyyah-mariage.com.

You also have the right to lodge a complaint with the French Data Protection Authority (CNIL).

8. Changes to the Policy

We reserve the right to modify this Privacy Policy. You will be informed of any substantial changes.