This Privacy Policy explains how Tawasol Software and Website Design (“Oolfa”, “we”, “us”, or “our”) collects, uses, shares, and protects your information when you use:

  • The Oolfa Muslim marriage mobile applications on Android and iOS, and
  • Our websites, including oolfa.com and related support and help pages

(together, the “Service”).

Oolfa is a global Muslim marriage app for adult Muslims (18+) and is not intended as a casual dating or general social networking service.

Please read this Privacy Policy carefully before using our Service. By creating an account, installing or using the Oolfa app, or accessing our websites, you agree to the collection and use of information in accordance with this Privacy Policy.

We are committed to:

  • Being transparent about what we collect and why
  • Only using your personal data for clear, legitimate purposes
  • Giving you meaningful choices and controls over your information
  • Protecting your data with appropriate security measures

1. Interpretation and Definitions

1.1 Interpretation

Words whose initial letter is capitalized have meanings defined in this section. The following definitions have the same meaning whether they appear in singular or plural.

1.2 Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for you to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.
  • Application means the Oolfa mobile app provided by the Company and downloaded by you on any electronic device.
  • Business (for the purpose of the CCPA/CPRA) refers to the Company as the legal entity that collects Consumers’ personal information and determines the purposes and means of the processing of Consumers’ personal information and that does business in the State of California.
  • Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Tawasol Software and Website Design, Qortoba Castle building flat # 3013B, University City Road, Muwailih commercial, Sharjah, UAE.
  • Consumer (for the purpose of the CCPA/CPRA) means a natural person who is a California resident.
  • Cookies are small files placed on your computer, mobile device, or any other device by a website, containing details of your browsing history on that website, among other uses.
  • Country refers to the United Arab Emirates.
  • Data Controller (for the purposes of the GDPR) means the legal person who, alone or jointly with others, determines the purposes and means of processing personal data. Under European data protection law, including the General Data Protection Regulation (“GDPR”), we act as a “controller” when we decide how and why to process your personal data.
  • Device means any device that can access the Service, such as a computer, cellphone, or digital tablet.
  • Do Not Track (DNT) is a browser setting that sends a signal indicating a user’s preference not to be tracked across websites. Websites are generally required only to disclose how they respond to DNT; most are not legally required to honour it.
  • Facebook Fan Page means the public profile “OolfaApp” created by the Company on the Facebook social network.
  • Personal Data means any information that relates to an identified or identifiable individual.
    • For the purposes of the GDPR, Personal Data includes information such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity.
    • For the purposes of the CCPA/CPRA, Personal Data (personal information) includes any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.
  • Special Category Data means the categories of personal data that receive extra protection under the GDPR, including data revealing religious or philosophical beliefs and data concerning a natural person’s sex life or sexual orientation.
  • Sensitive Personal Information (for the purposes of the CPRA) means certain categories of personal information that are considered more sensitive, such as precise geolocation and information revealing religious or philosophical beliefs.
  • Sale (for the purpose of the CCPA/CPRA) means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a Consumer’s personal information to another business or a third party for monetary or other valuable consideration.
  • Service refers to the Application, the Website, or both.
  • Service Provider means any natural or legal person who processes data on behalf of the Company to facilitate the Service, provide the Service, perform related services, or assist the Company in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are “processors.”
  • Third-party Social Media Service refers to any website or social network through which a User can log in or create an account to use the Service (for example, Google or Facebook).
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Website refers to Oolfa and its related domains and support pages.
  • You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under the GDPR, You may be referred to as the Data Subject or the User.

2. Collecting and Using Your Personal Data

2.1 Types of Data Collected

2.1.1 Account and Profile Data

When you create an Account and profile on Oolfa, you provide us with certain information that is necessary for the Service to work as a Muslim marriage platform.

Account and basic profile information (needed to use the Service)
To create an account and use the core features, we typically require:

  • Email address
  • Name or display name
  • Gender
  • Date of birth
  • Country or countries of origin
  • Islamic branch (for example, Sunni, Shia, or “new to Islam”)
  • At least one profile image or album images
  • Job title (if you choose to list it)
  • Bio or personal description

Without this information, we may not be able to create your Account or provide you with core aspects of the Service (for example, showing your profile to others, or confirming that you meet our age requirement).

Additional profile information (optional but improves matching and filtering)
You can choose to provide additional information to help other members understand you better and to improve how your filters and search results work. This may include, but is not limited to:

  • Hobbies and interests
  • Education level
  • Languages spoken
  • Marital status
  • Parental status
  • Desire for children / whether you want children
  • Desire or openness to relocation
  • Body type / physical fitness
  • Diet (for example, vegetarian, vegan, or only halal food)
  • Height
  • Eye colour
  • Hair colour
  • Muslim background (for example, born Muslim, reverted, or new to Islam)
  • Whether you pray
  • Whether you read or memorize Quran
  • Whether you have performed Hajj and/or Umrah
  • Whether you drink alcohol
  • Whether you eat non-halal food
  • Whether you fast
  • Whether you smoke

You decide which of these optional fields to complete. Not completing certain details may limit how precisely we can apply your filters and sort profiles you see, and how easily other users can find your profile using their filters.

Photos and visibility

  • You can upload profile and album images to your account.
  • By default, photos shown to other members inside Oolfa are blurred. Other members see only blurred versions of your photos unless there is a mutual match between you and that member.
  • When there is a mutual match, your photos and the other member’s photos become visible to each of you in unblurred form within the app.
  • Internally, we may view unblurred photos where necessary for safety, moderation, and legal compliance (for example, when a report is made against a photo or account).

You can delete or replace your photos at any time from within the app. When you delete a photo, it will no longer be visible to other members; we may retain a copy for a limited period where necessary for legal, fraud-prevention, or safety reasons.

2.1.2 Special Category / Sensitive Personal Data

Because Oolfa is a Muslim marriage app, some of the information you give us is considered Special Category Data under the GDPR and/or Sensitive Personal Information under the CCPA/CPRA. In particular, this includes:

  • Information that reveals your religious beliefs or background, such as:
    • Islamic branch
    • Muslim background
  • Information about your religious practice, such as:
    • Whether you pray
    • Whether you read Quran
    • Whether you fast
    • Whether you have performed Hajj and/or Umrah
    • Whether you avoid non-halal food
  • Certain lifestyle and family-related preferences that can reveal or relate to your family life or sex life, such as:
    • Marital status
    • Parental status
    • Desire for children / whether you want children
  • In some jurisdictions, your precise location (for example, GPS coordinates) may also be considered “sensitive” personal information.

We collect and use this information to:

  • Provide a Muslim-focused marriage service
  • Help you find potential spouses whose values, beliefs, and lifestyle are compatible with yours
  • Apply your filters and preferences in our search, ranking, and discovery features

You do not have to provide these special / sensitive fields, but many of Oolfa’s compatibility and religious-preference features may not work as intended without them.

For users in the EEA and UK, we process this Special Category Data only where you give us explicit consent (for example, by choosing to complete these fields in your profile and using the Service), in addition to the other legal bases described in Section 4 (GDPR Privacy).

Where laws such as the CCPA/CPRA apply, this information is treated as sensitive personal information and we do not use or disclose it for purposes beyond those reasonably necessary to provide the Service, maintain security, and comply with the law.

2.1.3 Usage Data and Device Information

Usage Data is collected automatically when you use the Service.

Usage Data may include information such as:

  • Your Device’s Internet Protocol (IP) address
  • Browser type and version (for web access)
  • The pages or screens of our Service that you visit, the time and date of your visit, and the time spent on those pages
  • Clicks, taps, and other interactions within the app
  • Crash reports, performance and diagnostic data

We also collect device and technical information, which may include:

  • Device type and model (for example, iPhone model or Android device model)
  • Operating system and version
  • App version installed on your Device
  • Device language and time-zone settings
  • Mobile network information (for example, carrier name)
  • A device identifier or instance ID generated by our systems or by our analytics providers
  • The push notification token assigned to your Device, which we use to deliver push notifications to you through Apple or Google’s push services

We do not use your push notification token to identify you across other apps or services outside Oolfa.

2.1.4 Information from Other Members

Other members may provide information about you as they use our services, for example when they:

  • Like or share your profile
  • Send you a message or voice note
  • Submit a safety or abuse report involving you

We store and process this information to:

  • Maintain the safety and integrity of the Service
  • Resolve disputes and investigate possible violations
  • Enforce our Terms of Use and community guidelines

Where necessary to investigate a report, our support and safety teams may access relevant parts of your profile and recent messages or media that relate to that report.

2.1.5 Information from Third-Party Social Media Services

You can create an account and log in to the Service via certain Third-Party Social Media Services, such as:

  • Google
  • Facebook

If you choose to register or log in via one of these services, we may receive information associated with that account, such as:

  • Your name
  • Your email address
  • Your profile picture
  • Your contact list (if you choose to share it)
  • Any other information you choose to share with us through those services

By connecting these accounts, you give the Company permission to use, share, and store this information in accordance with this Privacy Policy and the permissions and settings available in the Third-Party Social Media Service.

2.1.6 Information Collected While Using the Application

With your permission, we may collect certain information from your Device to provide app features and improve your experience. This may include:

Location data (GPS and approximate location)

  • Precise location data from your Device, such as GPS coordinates (latitude and longitude)
  • Derived or approximate location information, such as city, region, and country

We use this information to:

  • Show you profiles that are near your chosen location
  • Allow you to adjust your search location and distance
  • Keep your Account and the Service secure and help detect suspicious activity

Camera and photo library

We request access to your camera and photo library so you can:

  • Upload profile and album images
  • Update or replace existing images

Location information and media may be uploaded to the Company’s servers and/or to a Service Provider’s servers, or stored on your Device.

You can restrict or withdraw access to location services, camera, and photo library at any time through your Device settings. However, if you disable some of these permissions, certain features of the Service (for example, location-based search or photo uploads) may not function properly.

2.1.7 When You Contact Customer Support

If you contact our Customer Support team, we may receive:

  • Your email address
  • Your IP address
  • Any information you send us (screenshots, message IDs, device details, etc.)

We keep records of our communications with you, including any complaints that we receive from or about you, for up to one (1) year from their creation (or longer where required for legal reasons).

2.1.8 Cookies and Similar Technologies

We use cookies and similar technologies (such as SDKs, local storage, and device identifiers) on our website and in our mobile apps to help operate Oolfa, improve our services, and remember your choices.

On the website, cookies are used for purposes such as:

  • Strictly necessary cookies – to provide core functions like secure login, session management, and remembering your cookie preferences.
  • Preference cookies – to remember choices like language and basic display settings.
  • Analytics cookies – to help us understand how visitors use our site so we can improve performance and user experience.

In our Android and iOS apps, we use similar technologies (for example, analytics SDKs and push-notification tokens) to understand app usage and deliver features like notifications.

Where required by law (for example, in the EU/EEA and UK), we will ask for your consent before using non-essential cookies or similar technologies, and you can withdraw that consent at any time. You can manage your preferences:

  • Via our cookie banner or cookie settings on the website,
  • Through your browser cookie settings, and
  • Through your device or app settings (for example, for notifications, advertising identifiers, or location permissions).

For more detailed information about the types of cookies and similar technologies we use, the purposes we use them for, and how you can control them, please see our Cookies & Similar Technologies Policy.

2.2 Use of Your Personal Data

We use personal data for the following purposes:

  • To provide and maintain our Service
    Including creating and managing your Account, showing you other members’ profiles, enabling “likes” and matches, and supporting conversations between members.
  • To manage your Account
    To manage your registration as a user of the Service. The data you provide allows you to access different functionalities as a registered user.
  • To match, filter and rank profiles
    To help you discover compatible members, we use information such as your profile, filters, activity, and location to decide which profiles to display to you and in what order (for example, by distance, recent activity, and profile boosts). Oolfa does not automatically recommend or propose a spouse for you; you always decide whom to contact or match with.
  • To provide privacy and visibility features
    To operate features such as default blurred photos, Incognito Mode, and profile sharing controls so you can manage how visible your profile is and to whom.
  • For the performance of a contract
    To develop, comply with, and perform the contract for the services you have requested (for example, providing access to Oolfa and paid features like subscriptions and boosts).
  • To contact you
    To contact you by email, telephone calls, SMS, in-app messages, or push notifications regarding updates, security alerts, account-related messages, and other information related to the Service.
  • To send marketing communications (where allowed)
    To provide you with news, offers, and information about features and services similar to those you already use, unless you opt out of such communications. You can unsubscribe from marketing emails at any time.
  • To manage your requests
    To respond to and manage your requests to us (such as support tickets and data-rights requests).
  • To maintain safety, security, and integrity
    To resolve disputes, troubleshoot problems, investigate fraud, abuse, and harmful behaviour, protect other Users and third parties from harm, and enforce our Terms of Use and other policies. This includes responding to user reports submitted in-app (such as profile reports and chat-level reports, including the reason selected and the details you provide), and may involve limited human review of reported profiles, photos, and relevant recent messages or media where necessary to investigate and take enforcement action.
    We have zero tolerance for Child Sexual Abuse and Exploitation (CSAE) and Child Sexual Abuse Material (CSAM). Where we become aware of content or behaviour involving CSAE/CSAM or underage use, we may investigate, take enforcement actions (including account restriction or termination), and preserve relevant records as appropriate for safety and legal compliance.
    For more information about our child safety approach, please see our Child Safety Standards page.
  • For analytics and service improvement
    To perform data analysis, identify usage trends, test features, and improve our Service, products, marketing, and user experience.
  • For business transfers
    To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, where user personal data is part of the transferred assets.
  • For legal reasons
    To comply with legal obligations, respond to legal requests, and protect our legal rights.

We do not use your Special Category / Sensitive Personal Information for purposes incompatible with providing the Service (such as unrelated third-party advertising).

2.3 Sharing of Your Personal Data

We may share your personal information in the following situations:

  • With Service Providers
    We may share your personal information with Service Providers to host and maintain data, monitor and analyze use of our Service, provide customer support, send communications, process payments, and carry out security operations. These Service Providers are bound by contractual obligations to keep your data confidential and to use it only for our instructions.
  • For business transfers
    We may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company, subject to appropriate safeguards.
  • With Affiliates
    We may share your information with our Affiliates, in which case we will require those affiliates to honour this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
  • With business partners
    We may share your information with our business partners (for example, for payment, infrastructure, or analytics) to offer you certain products, services, or promotions, always under contracts that limit their use of the data.
  • With other members
    When you share personal information or otherwise interact with other members (for example, via your profile, chats, likes, or matches), that information is visible to those members. Members can also use their own devices to capture or share information from within the app (for example, screenshots or using the built-in sharing functionality). We cannot control what other users do with information once it has been shared or made visible to them. If someone submits a report involving you, we may share with the reporting user limited information about the outcome of that report (for example, that appropriate action has been taken), where this is appropriate and does not compromise your rights.
  • With sharing functionality
    You may share other members’ profiles, and they may share yours, with people outside our services using the sharing functionality provided by the app or your device’s operating system.
  • With your consent
    We may disclose your personal information for any other purpose with your explicit consent.

2.4 Retention of Your Personal Data

The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (for example, to comply with tax, accounting, or regulatory obligations, or to resolve disputes).

We apply different retention periods depending on the type of data:

2.4.1. Interactions Between Users

  • Chat messages between users (text, images, audio):
    Messages exchanged between users inside the app are deleted when they are 30 days old.
  • Visitor records:
    Records of which members have visited your profile (“visitors records”) are deleted when they are 30 days old.
  • Likes:
    Likes that do not result in a match are deleted 120 days after they are created. If a like converts into a match, it is retained as part of the match history and then follows the same retention rules as other interactions and account data.
  • Reports between users:
    Safety, abuse, or other in-app reports related to a user are retained for 360 days from the date of the report, unless we need to keep them longer to comply with legal obligations or to handle an ongoing investigation or dispute.

2.4.2. Customer Support Communications

  • Support messages (text and images):
    Messages, attachments, and related records that you send to our customer support team are retained for 60 days from creation. We keep these records so we can respond to follow-ups, understand previous issues, and meet our legal and compliance obligations.

2.4.3. Inactive and Banned Accounts

  • Inactive accounts:
    If your account is inactive (no login or use of the Service) for 10 years or more, your profile records and interactions between users (for example, matches and related history that may still exist at that time) are deleted. Certain settings and filters (such as search preferences or account configuration) are deleted after 15 years of inactivity.
  • Banned accounts:
    Banned accounts are treated as inactive accounts for retention purposes and follow the same deletion timelines described above. In limited cases, we may retain minimal information (for example, email address, device identifiers, and a record of the ban) for longer than these periods if needed to prevent ban evasion, protect other users, or comply with legal requirements.

2.4.4. Account Deletion by You

When you choose to delete your account from within the app:

  • Your profile (including profile information and photos), settings, filters, boosts, and support records are marked for deletion and will normally be deleted after approximately one (1) month. We keep this short grace period for legal, security, fraud-prevention, and chargeback reasons.
  • All interactions related to your account (such as chat messages, likes, matches, and visitors records) and reports received by your account are deleted immediately from our active systems once your deletion request is processed, subject to:
    • The standard technical delay needed to complete deletion operations safely, and
    • Any minimal data we may need to retain where we are legally required to do so or where it is strictly necessary to protect the safety of users and the integrity of the Service (for example, to comply with law enforcement requests or to maintain a record of prior breaches of our Terms of Use).

During the deletion grace period, your profile is not visible to other users and cannot be contacted. After the applicable deletion periods expire, we delete or irreversibly anonymise your personal data, except for data we are legally obliged or permitted to retain.

2.4.5. Usage Data and Technical Logs

The Company may retain Usage Data (such as device logs and technical diagnostics) for a shorter period, except where this data is used to strengthen the security of the Service, improve functionality, or where we are legally obligated to retain it for longer. In such cases, we will keep it only for as long as necessary for those purposes and, where possible, will aggregate or anonymise it.

2.5 Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. This means your information may be transferred to — and maintained on — computers outside your state, province, country, or other governmental jurisdiction, where the data protection laws may differ from those of your jurisdiction.

We use reputable hosting and cloud services, and we encrypt information in transit and at rest where technically feasible, to protect your data as it moves between regions and providers.

Where required by law (for example, for users in the EEA or UK), we rely on:

  • Adequacy decisions by the European Commission or UK government, and/or
  • Standard Contractual Clauses (SCCs) or similar contractual safeguards

to ensure that your personal data receives a level of protection that is essentially equivalent to that in your home jurisdiction.

Your consent to this Privacy Policy, followed by your submission of such information, represents your agreement to this transfer.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, and no transfer of your Personal Data will take place to an organization or a country unless adequate controls are in place.

2.6 Disclosure of Your Personal Data

2.6.1 Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred as part of that transaction. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy.

2.6.2 Law Enforcement

Under certain circumstances, the Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (for example, a court or government agency).

Child safety reporting

Where required by law and jurisdiction, and when we have confirmed CSAM, we may report it to the National Center for Missing & Exploited Children (NCMEC) CyberTipline and/or the relevant competent authority, and we may disclose information as necessary to comply with legal obligations or valid legal process.

The Company may disclose your Personal Data in the good-faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

2.7 Security of Your Personal Data

The security of your Personal Data is important to us. We use a combination of technical, organizational, and contractual safeguards, which may include:

  • Encryption of data in transit and at rest, where technically feasible
  • Access controls limiting who within our organization can access particular data
  • Logging and monitoring of access to production systems
  • Regular security updates and patches

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your Personal Data, we cannot guarantee its absolute security.

3. Detailed Information on the Processing of Your Personal Data

The Service Providers we use may have access to your Personal Data. These third-party vendors collect, store, use, process, and transfer information about your activity on our Service in accordance with their own privacy policies and our instructions.

3.1 Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service.

3.1.1 Google Analytics

We use Google Analytics and related tools to understand how users interact with our Website and, in some cases, our apps. Google Analytics collects information such as the pages you visit, your IP address, browser type, and other Usage Data.

We configure Google Analytics to act as a “service provider” / “processor” where possible and rely on Google’s contractual commitments to process data only on our behalf. You can opt out of Google Analytics by:

  • Installing the Google Analytics opt-out browser add-on, or
  • Adjusting your device’s advertising settings and relevant Google account settings

For more information about Google’s data practices and choices, please see Google’s Privacy Policy and “How Google uses data when you use our partners’ sites or apps.”

3.1.2 Firebase

Firebase is an analytics and app-performance service provided by Google. We use Firebase to understand app usage, crashes, and performance so we can improve Oolfa.

You may be able to opt out of certain Firebase features through your mobile device settings (such as advertising settings) or by following Google’s instructions in its Privacy Policy. For more details, see Privacy and Security in Firebase.

3.2 Payments

We may provide paid subscriptions and services within the Service. In that case, we may use third-party services for payment processing (for example, Apple and Google in-app payments).

We do not store or collect your payment card details. That information is provided directly to our third-party payment processors (such as Apple and Google), whose use of your personal information is governed by their privacy policies and platform rules. These payment processors are responsible for complying with applicable payment-card security standards.

3.3 Usage, Performance, and Miscellaneous

We may use other third-party Service Providers to improve our Service, for example:

  • Google Places – to return information about places using HTTP requests, such as to help standardize location data you enter. Google Places may collect information from you and your Device for security and abuse-prevention purposes.

For details on how these providers handle data, please refer to their respective privacy policies.

4. GDPR Privacy

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or another jurisdiction that applies GDPR-style data protection obligations, the following additional information applies.

We may process your Personal Data under the following legal bases:

  • Consent – You have given your consent for processing Personal Data for one or more specific purposes (for example, for Special Category Data relating to your religious beliefs and practice).
  • Performance of a contract – Processing is necessary to perform our agreement with you (for example, to provide the Oolfa Service) or to take steps at your request before entering into such a contract.
  • Legal obligations – Processing is necessary to comply with legal obligations (for example, tax, accounting, or regulatory obligations).
  • Vital interests – Processing is necessary to protect your vital interests or those of another person.
  • Legitimate interests – Processing is necessary for our legitimate interests (or those of a third party) and does not override your interests or fundamental rights and freedoms.

Where we rely on legitimate interests, these typically include:

  • Operating and improving the Service
  • Keeping the Service safe and secure
  • Preventing fraud and misuse
  • Protecting our legal rights

4.2 Your Rights under the GDPR

Subject to certain exceptions, you have the following rights:

  • Right of access – To request a copy of the Personal Data we hold about you.
  • Right to rectification – To request correction of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) – To request deletion of your Personal Data where there is no good reason for us to continue processing it.
  • Right to restrict processing – To request we limit the processing of your data in certain circumstances.
  • Right to data portability – To request that we provide your data in a structured, commonly used, machine-readable format, and to transmit that data to another controller where technically feasible.
  • Right to object – To object to our processing where we rely on legitimate interests (including profiling based on those interests) or where we process your data for direct marketing.
  • Right to withdraw consent – Where we rely on your consent, you may withdraw it at any time. This will not affect the lawfulness of any processing carried out before withdrawal.

You can exercise many of these rights directly from within your account settings (for example, updating profile data or deleting your account). If you cannot perform these actions yourself, please contact us using the details in Section 13.

You also have the right to lodge a complaint with your local data protection authority if you believe our processing of your Personal Data violates applicable law. A list of EU data protection authorities is available here. If you are in the United Kingdom, you can contact the Information Commissioner’s Office (ICO).

5. Facebook Fan Page

5.1 Data Controller for the Facebook Fan Page

The Company is the Data Controller of your Personal Data collected while using the Service. As the operator of the Facebook Fan Page “OolfaApp,” we and Meta Platforms (Facebook) act as joint controllers for certain insights and analytics data relating to that page.

We have entered into agreements with Facebook that define responsibilities for compliance with the GDPR in relation to the Facebook Fan Page.

For more information about how Facebook manages Personal Data, please see Facebook’s Privacy Policy and related documentation made available by Meta.

5.2 Facebook Insights

We use the Facebook Insights function in connection with the operation of the Facebook Fan Page to obtain anonymized statistical data about our users (for example, aggregated data on likes, reach, and engagement).

For this purpose, Facebook typically places a Cookie on the device of the user visiting our Facebook Fan Page. Facebook receives, records, and processes the information stored in the Cookie, in particular when the user visits Facebook services, services provided by other members of the Facebook Fan Page, and services by other companies that use Facebook services.

6. CCPA/CPRA Privacy – California Residents

This section supplements the information in this Privacy Policy and applies solely to California residents, in accordance with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

It describes your rights and how we collect, use, and share personal information as a “business” under California law.

6.1 Categories of Personal Information Collected

The categories of personal information we may have collected from California residents in the last twelve (12) months correspond broadly to:

  • Category A – Identifiers (for example, name, email address, IP address, account name)
  • Category B – Customer Records information (for example, contact details)
  • Category C – Protected classification characteristics (for example, religion, marital status, age)
  • Category D – Commercial information (for example, records of purchases of subscriptions)
  • Category F – Internet or similar network activity (for example, usage data)
  • Category G – Geolocation data (for example, approximate location)

We do not collect biometric information, non-public education records, or other categories we have listed as “No” in your original policy.

6.2 Sources of Personal Information

We collect personal information from:

  • You directly (for example, when you create an account, fill in your profile, or contact support)
  • Your use of the Service (for example, through cookies and Usage Data)
  • Third-party Service Providers (for example, analytics, payment processors)
  • Other members (for example, safety reports)

6.3 Use of Personal Information for Business or Commercial Purposes

We use the categories of personal information listed above for the business and commercial purposes described in Section 2.2 (Use of Your Personal Data).

6.4 Disclosure of Personal Information for Business Purposes

In the preceding twelve (12) months, we may have disclosed the categories of personal information listed in Section 6.1 to:

  • Service Providers
  • Payment processors
  • Our affiliates
  • Business partners
  • Third parties you or your agents direct us to disclose information to (for example, when sharing profiles)

Any such disclosure is subject to a written contract that restricts the recipient’s use of the personal information to specified purposes and requires confidentiality.

6.5 Sale or Sharing of Personal Information

We do not sell the personal information of our users as “sell” is defined under the CCPA/CPRA, and we do not share personal information for cross-context behavioural advertising or targeted advertising purposes.

Some of our analytics and service providers may process personal information, but they do so as our “service providers” or “contractors” under written agreements and are not permitted to use this information for their own marketing or for other services.

If our practices change, we will update this Privacy Policy and, where required, provide you with appropriate notice and choices.

6.6 Your Rights under the CCPA/CPRA

California residents have the following rights (subject to certain exceptions):

  • Right to know – To request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, purposes, and categories of third parties to whom we disclose it.
  • Right to delete – To request that we delete personal information we have collected from you, subject to certain exceptions (for example, where we must retain the information to comply with law or complete a transaction).
  • Right to correct – To request that we correct inaccurate personal information.
  • Right to opt out of sale or sharing – To direct us not to sell or share your personal information (we currently do not sell or share as explained above).
  • Right to limit the use and disclosure of Sensitive Personal Information – To limit our use and disclosure of Sensitive Personal Information to certain purposes allowed by law (we already limit such use as described in Section 2.1.2).
  • Right to non-discrimination – We will not discriminate against you for exercising your CCPA/CPRA rights.

You can also control interest-based advertising on your browser using third-party tools such as the Network Advertising Initiative (NAI) opt-out platform, the Digital Advertising Alliance (DAA) WebChoices tool, and, in Europe, YourOnlineChoices.

6.7 Exercising Your CCPA/CPRA Rights

If you are a California resident, you can exercise these rights by contacting us using the details in Section 13 and specifying that your request relates to “CCPA/CPRA rights.”

We may need to verify your identity before fulfilling your request (for example, by asking you to log into your account or provide certain information). You may also authorize an agent registered with the California Secretary of State to act on your behalf.

We aim to respond to verifiable consumer requests within 45 days. Where reasonably necessary, we may extend this period once by up to an additional 45 days and will inform you of the extension and reasons.

7. “Do Not Track” (DNT)

Some browsers include a “Do Not Track” (DNT) feature that sends a signal to websites indicating that you do not wish to be tracked across different sites and online services. There is currently no widely accepted standard for how to respond to DNT signals, and most laws (including CalOPPA) require only that websites disclose whether they honor DNT, not that they must honour it.

Our Service does not currently respond to DNT signals. However, you can still exercise other choices regarding tracking, such as:

  • Managing cookies via your browser settings
  • Using browser privacy features or extensions
  • Opting out of certain analytics or advertising features as described in this Privacy Policy

8. Children’s Privacy

Our Service is intended only for adults aged 18 or over. We do not knowingly collect personally identifiable information from anyone under 18.

If you are a parent or guardian and believe that your child under 18 has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from anyone under 18, we will take steps to remove that information from our servers.

We design our Service with this age restriction to help ensure compliance with laws that protect children’s online privacy, such as the U.S. Children’s Online Privacy Protection Act (COPPA), which regulates the collection of personal information from children under 13.

If you believe a user is under 18 or engaging in child endangerment, please report the account in-app and see our Child Safety Standards page for additional information.

9. Your California “Shine the Light” Rights

Under California Civil Code Section 1798.83 (“Shine the Light” law), California residents who have an established business relationship with us can request once a year information regarding our sharing of certain Personal Data with third parties for their direct marketing purposes.

We do not disclose Personal Data to third parties for their own direct marketing purposes without your consent. If you are a California resident and would like to make such a request or confirm this, please contact us using the details in Section 13.

10. California Privacy Rights for Minor Users

California Business and Professions Code Section 22581 allows California residents under the age of 18 who are registered users of online sites, services, or applications to request removal of content or information they have publicly posted.

Because our Service is not intended for users under 18, accounts for younger users should not exist. However, if you believe a minor has posted content and wishes to request its removal, and you are in California, you can contact us using the contact information in Section 13.

Please note that your request does not guarantee complete removal of content (for example, if it has been copied, shared, or stored by others), and that the law may not require removal in certain circumstances.

Our Service may contain links to other websites that we do not operate. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Post the new Privacy Policy on this page, and
  • Update the “Current as of” date at the top

Where changes are material, we will also:

  • Notify you via email and/or an in-app notice, where appropriate, before the change becomes effective.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page (or, where required, on the date specified in the notice).

13. Contact Us

If you have any questions, requests, or complaints about this Privacy Policy or our data practices, you can contact us:

  • By email:
    info@oolfa.com
  • Through our Help page:
    By submitting a request via the Contact Us form available on Our Help page on the Website.
  • From within the Application:
    By using the in-app support (for example, from the Messages section inside the Oolfa App).

We will use reasonable efforts to review and respond to Your request within a reasonable time, in accordance with applicable law.