Privacy Policy

Umity Solutions Inc. ("Umity", "we", "us", or "our") operates the Umity community platform, including the web application available at app.iswindsor.ca and related services (collectively, the "Platform"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Platform.

By using the Platform, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Platform.

1. Who We Are

Umity Solutions Inc. is a technology company incorporated in Canada, providing a community management platform for faith-based organizations, starting with the Islamic Society of Windsor (ISW).

2. Information We Collect

2.1 Information You Provide Directly

• Account registration: name, email address, phone number
• Membership enrollment: Individual ($50/yr) or Family ($120/yr) details
• Donation transactions: amount, payment method, designated fund (e.g., Zakat, Youth Program, General Donation)
• Event registrations and ticket purchases
• Administrative credentials for Masjid Manager accounts
• Communications you send us (support requests, feedback)

2.2 Information Collected Automatically

• Device and browser type, operating system
• IP address and approximate location (city/region level)
• Usage data: pages visited, features accessed, session duration
• Progressive Web App (PWA) installation data
• Log files and crash/error reports

2.3 Location Information

With your permission, we collect precise location data to provide accurate prayer times (Adhan and Iqama schedules) for your geographic location. You may revoke this permission at any time through your device settings. If location is denied, prayer times default to the masjid's configured schedule.

2.4 Payment and Financial Information

Umity Solutions Inc. is a technology platform facilitator only and is NOT a payment processor or financial institution. All donations and membership fees are processed exclusively by independent third-party Payment Processors (which may include Worldline, Stripe, or similar certified providers).

We do not collect, store, or process your payment card numbers, CVV codes, bank account details, or any other financial credentials. Payment data is transmitted directly to and handled solely by the applicable Payment Processor under their own PCI-DSS compliant systems.

We receive only non-sensitive confirmation data (transaction ID, amount, date, fund designation) for record-keeping purposes. By making a payment through the Platform, you are subject to the Payment Processor's privacy policy and terms of service. Umity accepts no responsibility for the privacy or security practices of any Payment Processor.

2.5 Local Business Interactions

If you interact with local business listings or advertisements on the Platform, we may collect information about your interactions (clicks, views) to support our business sponsorship program.

3. How We Use Your Information

• To create and manage your account and community membership
• To facilitate donations, membership fees, and event registrations (processed by Payment Processors)
• To deliver prayer time notifications, event reminders, and community announcements
• To display localized prayer times based on your location
• To operate and improve the Platform, including Umity Command and Umity Learns
• To enable QR ticket scanning and event management
• To display relevant local business listings and sponsored content
• To respond to customer support inquiries
• To send important service notices, security alerts, and policy updates
• To detect and prevent fraud, abuse, or unauthorized access
• To comply with legal obligations

We do not sell your personal information to third parties. We do not use your information for targeted advertising unrelated to Umity services.

4. Legal Basis for Processing

• Contract performance: processing necessary to provide the Platform services you requested
• Legitimate interests: improving our platform, security, fraud prevention, and analytics
• Consent: where you have given explicit consent (e.g., location access, marketing communications)
• Legal obligation: where we are required to process information under applicable law

5. Sharing Your Information

5.1 Masjid Partners

The mosque or faith community whose platform you use (e.g., Islamic Society of Windsor) has access to member data including names, membership status, event attendance, and donation records - solely for community administration purposes. Masjid administrators are bound by confidentiality obligations under their agreement with Umity.

5.2 Payment Processors

Payment transactions are handled exclusively by independent third-party Payment Processors (e.g., Worldline, Stripe). These processors receive your payment data directly and are governed by their own privacy policies and PCI-DSS compliance frameworks. Umity does not receive or store your financial credentials.

5.3 Service Providers

We work with third-party vendors for: cloud hosting and infrastructure, analytics (aggregated, anonymized data only), and email/SMS notification services. These providers are contractually required to protect your information.

5.4 Legal and Safety Disclosures

We may disclose your information when required by law, court order, or governmental authority, or when necessary to protect the rights, property, or safety of Umity, our users, or the public.

5.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Financial transaction records (donation history, membership records) are retained for a minimum of 7 years to comply with Canadian tax and accounting regulations. Anonymized usage and analytics data may be retained indefinitely.

7. Data Security

We implement industry-standard technical and organizational measures to protect your personal information:

• Encryption of data in transit (TLS/HTTPS)
• Encryption of sensitive data at rest
• Access controls and role-based permissions within Umity Command
• Regular security assessments
• Staff confidentiality obligations

No method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

8. Your Rights

8.1 Canadian Users (PIPEDA)

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to access your information, request corrections, withdraw consent for non-essential processing, and file a complaint with the Office of the Privacy Commissioner of Canada.

8.2 California Users (CCPA/CPRA)

California residents have the right to know what personal information we collect and disclose, request deletion (subject to exceptions), opt out of sale of personal information (we do not sell personal information), correct inaccurate information, and receive non-discriminatory treatment for exercising your rights.

8.3 All Users

• Update or correct account information at any time through the app
• Request access to or deletion of your data by contacting privacy@umitysolutions.com
• Opt out of non-essential communications in your notification settings
• Revoke location permissions through your device/browser settings

We will respond to all verifiable data requests within 30 days.

9. Account Deletion

You may request deletion of your Umity account at any time by contacting privacy@umitysolutions.com or through the app settings. Upon deletion, your profile and non-financial personal data will be permanently deleted. Donation and transaction records will be retained for 7 years as required by law.

10. Children's Privacy

The Platform is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe your child has provided us with personal information, please contact us immediately at privacy@umitysolutions.com. For users between 13 and 18, parental consent is recommended for account creation.

11. Cookies and Tracking

As a Progressive Web App (PWA), the Platform uses:

• Essential cookies: Required for authentication and session management
• Functional cookies: To remember your preferences
• Analytics: Aggregated, non-personally-identifiable usage data

We do not use third-party advertising cookies. You can manage cookie preferences through your browser settings, though disabling essential cookies may affect Platform functionality.

12. Third-Party Links

The Platform may contain links to third-party websites (such as local business websites or charitable organizations). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policy of any third-party site you visit.

13. International Data Transfers

Our servers are located in Canada. If you access the Platform from outside Canada, your information may be transferred to and processed in Canada. By using the Platform, you consent to this transfer. We ensure cross-border transfers comply with applicable Canadian privacy law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and, where appropriate, by in-app notification or email. Your continued use of the Platform after such changes constitutes your acceptance of the updated policy.

15. Contact Us

This Privacy Policy was prepared in accordance with applicable Canadian (PIPEDA), California (CCPA/CPRA), and international privacy standards. It should be reviewed by qualified legal counsel before publication.