بِسْمِ اللَّهِ الرَّحْمَنِ الرَّحِيمِ

Privacy Policy

📅 Last updated: February 28, 2026 ✅ Effective from: February 28, 2026 🔒 GDPR · CCPA · PDPA Compliant
← Back to Zakah Calculator
🔒

Zero-Knowledge Architecture — Your Data Never Leaves Your Device

The Zakah Calculator performs all computations entirely within your browser. No financial figures, asset values, or personal details are ever transmitted to any server, stored in any database, or shared with any third party. This is an architectural guarantee, not merely a policy promise.

Table of Contents

  1. 01Who We Are
  2. 02What Information We Collect
  3. 03How We Process Your Information
  4. 04Legal Bases for Processing (GDPR)
  5. 05Data Sharing and Disclosure
  6. 06Data Retention
  7. 07Security Measures
  8. 08Your Rights Under GDPR and Applicable Laws
  9. 09Cookies, Tracking, and Analytics
  10. 10Progressive Web App (PWA) and Local Storage
  11. 11Third-Party Data Sources (Metal Prices & Exchange Rates)
  12. 12United States Residents — CCPA
  13. 13Other Regional Rights
  14. 14Children's Privacy
  15. 15Updates to This Policy
  16. 16Contact Us
Section 01

Who We Are

The Zakah Calculator is a free, open-source web application developed and maintained by Samin Yasar under the banner of Samin's Initiatives, based in Dhaka, Bangladesh. It is a not-for-profit public benefit tool created to assist Muslims in calculating their annual Zakah obligation accurately and privately.

For the purposes of applicable data protection law — including the EU General Data Protection Regulation (GDPR) and the UK GDPR — Samin's Initiatives acts as the Data Controller in the limited circumstances where personal data is voluntarily provided (e.g., support requests). In all other contexts involving the calculator itself, no personal data is processed at all.

This Privacy Policy governs the Zakah Calculator web application accessible at all domains and platforms where it is published, including its GitHub Pages deployment, any mirror sites, and its installable PWA form.

Section 02

What Information We Collect

During Normal Use of the Calculator

We collect nothing. Every figure you enter — cash balances, gold and silver weights, investment values, business assets, liabilities — is processed exclusively within your browser using JavaScript. None of this data is sent anywhere. We have no server that receives it, no database that stores it, and no means to access it. This is by design and by architecture.

Automatically Collected Technical Data

If the application is hosted on a platform such as GitHub Pages, that platform's own infrastructure may log standard server request metadata (such as your IP address and the requested resource) as part of routine network operations. This is governed by GitHub's Privacy Statement, not by this policy. Samin's Initiatives does not access, process, or retain any such logs.

Voluntary Support Communications

If you choose to contact us — for example, to report a bug, ask a question, or request a feature — you may provide personal information such as your name or email address. This information is used solely to respond to your enquiry and is not retained beyond the resolution of that communication.

Summary: The Zakah Calculator has been deliberately engineered so that zero financial data ever leaves your device. What you calculate is known only to you.
Section 03

How We Process Your Information

All Zakah Calculations — Fully Local

The entire calculation engine — including asset valuation, nisab comparison, zakah rate application, and breakdown generation — runs as client-side JavaScript in your browser. No data is serialised, transmitted, or logged at any stage of this process.

Currency and Preferences

Your selected currency and language preference are saved to your browser's localStorage solely to restore your settings on your next visit. This data never leaves your device and can be cleared at any time by clearing your browser's site data.

Metal Price and Exchange Rate Fetching

To display live gold and silver prices, the application fetches pre-compiled JSON files hosted in the same repository (updated by an automated GitHub Actions workflow). Your browser makes a standard HTTP request to retrieve these files. The request itself may be logged by the hosting infrastructure (see Section 2), but the request contains no personal or financial data.

Support Communications

Correspondence sent to us via email is processed for the purpose of responding to your enquiry. No automated profiling or decision-making is applied to support communications.

Section 04

Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), the United Kingdom, and other jurisdictions where a lawful basis for data processing is required, we identify the following:

Processing Activity Personal Data Involved Legal Basis (GDPR Art. 6)
Zakah calculation None — all local Not applicable (no personal data processed)
Saving currency/language preference Browser localStorage — device only Not applicable (no personal data processed)
Fetching live metal/FX data None — anonymous HTTP request Not applicable (no personal data processed)
Responding to support emails Name, email address, message content Art. 6(1)(a) — Consent; Art. 6(1)(f) — Legitimate Interests
Legal compliance obligations As required by law Art. 6(1)(c) — Legal obligation
Where we rely on consent as our legal basis, you have the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal. To withdraw consent for support communications, simply contact us at the address in Section 16.
Section 05

Data Sharing and Disclosure

We do not sell, rent, trade, or otherwise share your personal information with any third party for commercial purposes. This is an unconditional commitment.

The limited circumstances under which data may be shared are:

  • Legal obligation: If we receive a valid legal order from a competent authority requiring disclosure, we will comply to the minimum extent required and, where lawfully permitted, notify you.
  • Hosting infrastructure: Standard request logs generated by hosting platforms (e.g., GitHub Pages) are subject to those platforms' own privacy policies. We do not control or receive these logs.
  • No third-party analytics, advertising, or data brokers: We categorically do not use any such services. There are no tracking pixels, advertising SDKs, or data-sharing agreements of any kind.
Section 06

Data Retention

Local Data (Calculator Inputs & Preferences)

Any data stored in your browser's localStorage — including your currency preference, language selection, and cached metal prices — persists until you clear it. You may remove it at any time via your browser settings or by clicking "Reset All Fields" within the application. We have no copy of this data.

Support Communications

Email correspondence is retained only for as long as necessary to address your enquiry, typically no longer than 90 days from resolution, unless a longer retention period is required by applicable law (e.g., to defend against a legal claim).

Hosting Logs

Server-side request logs maintained by hosting infrastructure providers are governed by their respective data retention policies.

Section 07

Security Measures

The most robust security measure we employ is architectural: we do not collect your data. Data that is never transmitted cannot be intercepted, breached, or misused on our end.

For the limited support communications we receive:

  • All email transmission occurs over encrypted channels (TLS).
  • Access to correspondence is strictly limited to the application maintainer.
  • We apply a principle of data minimisation — collecting only what is necessary to respond.

For your locally stored preferences and cached data:

  • Security is governed by your device's operating system and browser security model.
  • We recommend keeping your browser up to date and securing your device with a strong passphrase.

In the unlikely event of a security incident affecting any personal data we hold, we will notify affected individuals and relevant supervisory authorities as required by GDPR Article 33–34 within 72 hours of becoming aware of the breach.

Section 08

Your Rights Under GDPR and Applicable Laws

If you are located in the EEA, the United Kingdom, or another jurisdiction with comparable data protection legislation, you hold the following rights with respect to any personal data we process about you:

Right of Access
Request confirmation of whether we process personal data about you and, if so, a copy of that data (GDPR Art. 15).
Right to Rectification
Request correction of inaccurate personal data we hold about you (GDPR Art. 16).
Right to Erasure
Request deletion of your personal data where there is no compelling reason for its continued processing (GDPR Art. 17).
Right to Restriction
Request that we restrict processing of your personal data in certain circumstances (GDPR Art. 18).
Right to Portability
Receive personal data you have provided to us in a structured, commonly used, machine-readable format (GDPR Art. 20).
Right to Object
Object to processing based on legitimate interests or direct marketing (GDPR Art. 21).
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent, without affecting prior lawful processing.
Right to Lodge a Complaint
Lodge a complaint with a supervisory authority, including the authority in your country of residence or place of work.

To exercise any of these rights, please contact us using the details in Section 16. We will respond to all verified requests within 30 days (extendable by a further two months for complex requests, with notice). We will not charge a fee for reasonable requests.

A practical note: Because the Zakah Calculator processes no personal financial data on our end, most of these rights apply only to the narrow context of support communications. You retain full and direct control over all calculator data through your browser settings.
Section 09

Cookies, Tracking, and Analytics

The Zakah Calculator does not use cookies, tracking pixels, session identifiers, fingerprinting techniques, or any form of analytics.

We do not use:

  • Google Analytics, Plausible, Fathom, or any equivalent analytics service
  • Advertising networks or retargeting pixels
  • Session recording tools (e.g., Hotjar, FullStory)
  • Social media tracking integrations
  • Any third-party scripts that observe user behaviour

The only browser storage used is localStorage for your currency and language preference — a quality-of-life feature that stores data exclusively on your own device and which you may clear at will.

As no cookies or tracking are employed, cookie consent banners or Do-Not-Track signal handling are not applicable to this application.

Section 10

Progressive Web App (PWA) and Local Storage

The Zakah Calculator may be installed as a Progressive Web App on your device, enabling offline use. When installed, the following occurs on your device:

  • Service Worker caching: Application shell files (HTML, CSS, JavaScript, translation files) and the most recently fetched metal price and exchange rate data are cached locally in your browser's Cache Storage API. This enables the app to function without an internet connection.
  • localStorage: Your currency preference, selected language, and cached price timestamps are stored locally.

All PWA-cached content resides exclusively on your device. You may uninstall the PWA, clear site data, or revoke storage permissions at any time through your browser or operating system settings. Doing so will remove all locally cached data.

We have no visibility into, access to, or copies of any data stored on your device by the PWA.

Section 11

Third-Party Data Sources (Metal Prices & Exchange Rates)

To provide indicative live gold and silver prices for nisab calculation, the application retrieves pre-compiled JSON data files that are updated periodically via an automated GitHub Actions workflow. These files are hosted alongside the application and contain only commodity price and currency exchange rate figures — no user data whatsoever.

The underlying price data is sourced from independent third-party market data providers. Samin's Initiatives does not warrant the accuracy, completeness, or timeliness of these figures. All prices are indicative and intended solely for the purpose of Zakah estimation. They should not be relied upon for any financial, investment, or commercial decision.

When your browser fetches these JSON files, it makes a standard anonymous HTTP request. No personal data is included in or returned by this request beyond what hosting infrastructure may log as a matter of routine network operation.

Section 12

United States Residents — CCPA / CPRA

California residents have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). The following table summarises the categories of personal information we collect:

CCPA CategoryExamplesCollected by Us
A. IdentifiersName, email, IP addressOnly if provided in support request
B. Personal recordsFinancial informationNo — all financial data is local only
C. Protected characteristicsReligion, race, genderNo
D. Commercial informationPurchase historyNo
E. Biometric informationFingerprintsNo
F. Internet / network activityBrowsing history, app usageNo
G. GeolocationPhysical locationNo
H. Sensory dataAudio, videoNo
I. Professional informationEmployment detailsNo
J. Education informationStudent recordsNo
K. Inferences / profilesBehavioural profilesNo
L. Sensitive personal informationFinancial data, precise geolocationNo

We do not sell or share personal information for cross-context behavioural advertising. California residents may exercise rights to access, delete, or correct personal information by contacting us at the address in Section 16. We will not discriminate against you for exercising these rights.

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with comparable privacy legislation hold equivalent rights, which we honour on the same basis.

Section 13

Other Regional Rights

We are committed to honouring applicable privacy rights globally. The following regional frameworks are acknowledged:

  • Australia (Privacy Act 1988, APPs): Individuals may request access to or correction of personal information held by us. Complaints may be directed to the Office of the Australian Information Commissioner (OAIC).
  • New Zealand (Privacy Act 2020): Individuals may request access to information we hold. Complaints may be directed to the Office of the New Zealand Privacy Commissioner.
  • South Africa (POPIA): Data subjects may request access, correction, or deletion. Complaints may be directed to the Information Regulator of South Africa.
  • Bangladesh (Digital Security Act / proposed PDPA): We endeavour to comply with applicable Bangladeshi data protection norms and will cooperate with relevant authorities as required.
  • UAE, Saudi Arabia, and GCC jurisdictions: We respect applicable local privacy norms and will cooperate with regulatory authorities as required.

In all cases, your primary protection is structural: your Zakah data never leaves your device.

Section 14

Children's Privacy

The Zakah Calculator is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction, which may be higher — up to 16 in certain EEA member states). We do not knowingly collect personal information from children.

Given that the application collects no personal data during normal use, the risk of inadvertent collection from minors is negligible. However, if you are a parent or guardian and believe a child has submitted a support request containing personal information, please contact us immediately and we will delete it promptly.

Section 15

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last Updated" date at the top of this document will always reflect the most recent revision.

For material changes — those that significantly affect your rights or our data practices — we will provide notice through the application interface or via the project's GitHub repository. We encourage you to review this policy periodically.

Continued use of the Zakah Calculator after a revised policy has been published constitutes your acknowledgement of the updated terms.

Section 16

Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us through any of the following channels. We will endeavour to respond within 5 business days.

Data Controller Samin Yasar
Organisation Samin's Initiatives
Location Dhaka, Bangladesh
Email contact@samin-yasar.dev
GitHub github.com/Samin-yasar

If you are located in the EEA and are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority in your country of residence or place of work. A list of EEA supervisory authorities is available at edpb.europa.eu.