1. Who we are
Maktub is a product owned and operated by Zerophia (zerophia.com), the data controller, based in the Netherlands. We are an online-only service and do not operate a public physical address.
For any privacy question or to exercise your rights, contact us at info@getmaktub.app.
2. The data we collect
Waitlist: When you join the waitlist, we collect:
- Email address — stored in our database and email system to contact you about your waitlist place.
- Gender (optional) — stored to understand demand; you may leave this blank.
- Any referral code — stored alongside your email address as a signal for measuring interest.
App (once available): When you create an account and use the app, we additionally collect:
- Profile information — photos, a voice note, age, gender, education, profession, city, and any other biographical details you choose to provide.
- Match preferences — the characteristics you are looking for in a match.
- Wali Mode details — the name and contact details of any guardian you designate, provided with their consent.
- Activity data — interactions within the app such as profiles viewed, salaams sent, and matches made.
- Communications — messages you exchange with other users through the app.
- Account data — email address, account creation date, and any subscription information.
Our web server generates standard access logs (IP address, timestamp, pages visited), kept for up to 30 days for security and troubleshooting and not used for profiling. We also receive limited, aggregated, non-identifying analytics from our cookieless analytics provider. We do not knowingly collect data from anyone under 18.
3. Special category data
Maktub is a service for Muslims seeking marriage. By joining the waitlist or using the app you reveal information that relates to your religious beliefs, which is special category data under Article 9 of the GDPR. Profile photos may also reveal your ethnicity or physical characteristics that are similarly sensitive. We only process special category data on the basis of your explicit consent, which you give by ticking the consent box on the waitlist form or, in the app, by creating a profile. You can withdraw this consent at any time (see section 10).
4. Why we use your data and our lawful basis
- To operate the waitlist and contact you about your place and our launch — lawful basis: your consent (Article 6(1)(a)) and explicit consent (Article 9(2)(a)) for religious-context data.
- To operate the app, including account management, displaying your profile to potential matches, and enabling in-app messaging — lawful basis: performance of a contract (Article 6(1)(b)) for non-sensitive data; explicit consent (Article 9(2)(a)) for special category data such as religious identity and profile photos.
- To provide and improve matching suggestions — basis: performance of a contract and your consent.
- To keep the Service secure and meet legal obligations — basis: our legitimate interests and legal obligations.
5. Automated processing and matching
The app uses your profile information and preferences to suggest potential matches. This involves automated processing of your personal data. The matching feature does not make solely automated decisions with legal or similarly significant effects — suggestions are presented for you to act on, and you remain in full control of whether and how to engage with them. You have the right to request human review of any decision that affects you significantly by contacting us at info@getmaktub.app.
6. Who we share it with
We do not sell your personal data. We share it only when necessary with carefully selected service providers that process data on our behalf to help us operate, secure, and improve the Service. These providers may support functions such as:
- Hosting, computing, and storage — to deliver the Service and securely store account information and user-provided media.
- Security and abuse prevention — to detect bots, fraud, spam, and other malicious activity. This may involve processing technical information such as your IP address and browser or device signals.
- Email communications — to send confirmations, service messages, and waitlist updates using information such as your name, email address, and referral code.
- Analytics — to understand how the Service is used through aggregated or non-identifying usage data.
We require our service providers to protect personal data, use it only for the services they provide to us, and comply with applicable data-protection law. We may also disclose data where required by law, to protect our rights or the safety of others, or in connection with a business reorganisation, subject to appropriate safeguards.
Your app profile is visible to other registered users as intended by the Service. We do not share your data with advertisers or unrelated third parties.
7. International transfers
We aim to process and store personal data within the European Economic Area (EEA). Some service providers may process data in countries outside the EEA. Where an international transfer occurs, we use safeguards required by applicable data-protection law, such as an adequacy decision or the European Commission’s Standard Contractual Clauses, together with additional measures where appropriate.
9. Security of your data
We apply technical and organisational measures appropriate to the sensitivity of marriage-related and religious-context data, including in-app messages, in line with Article 32 GDPR. These include:
- Encryption in transit — connections to the Service use TLS (HTTPS).
- Encryption at rest — data stored with our hosting and storage providers is encrypted at the infrastructure level within the European Economic Area (EEA) where possible.
- Access control — app features require authentication. Messages are available only between users who have a mutual match. Administrative access to production data is limited to authorised personnel on a need-to-know basis.
- Messages — text you send through the app is stored on our systems so we can deliver it to your match, enforce our Terms, respond to abuse reports, and comply with valid legal requests. We do not use end-to-end encryption: authorised staff can access message content where necessary to operate the Service safely. We do not sell your messages or use their content for advertising. Message sending is rate-limited to reduce spam and abuse.
- Media — profile photos and voice notes are stored in access-controlled object storage with unguessable identifiers. Chat attachments use separate, authenticated storage paths.
- Monitoring and testing — we use security headers, rate limiting, input validation, and periodic review of our controls.
- Processors — service providers that store or process data on our behalf are bound by data-processing agreements and must implement appropriate safeguards.
No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we work to reduce risk and review our measures regularly. A summary of our Data Protection Impact Assessment for special-category data and messaging is available on request at info@getmaktub.app.
10. Personal data breaches
A personal data breach means a security incident that leads to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
If we become aware of a breach that is likely to result in a high risk to your rights and freedoms, we will inform you without undue delay in clear language, describing:
- what happened, in general terms;
- the categories of data affected (for example messages, profile photos, or email address);
- likely consequences and steps we are taking;
- measures you can take to protect yourself, where appropriate;
- how to contact us for more information.
We will also notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of becoming aware of a breach where required by law. Not every incident is reported to users — we assess each case individually. If you believe your account or data has been compromised, contact us immediately at info@getmaktub.app.
11. How long we keep it
Waitlist data is kept until you ask us to delete it, or until 12 months after we decide not to proceed with the product or you have been onboarded — whichever comes first.
App account data is kept for as long as your account is active. When you close your account, your profile, media, and message history will be deleted from our active systems within 30 days. Server logs are retained for up to 30 days regardless of account status.
12. Your rights
Under the GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased;
- restrict or object to our processing;
- data portability;
- withdraw consent at any time (this does not affect processing done before withdrawal);
- not be subject to solely automated decisions with significant effects (see section 5).
To exercise any of these rights, email info@getmaktub.app. You can also unsubscribe from our emails at any time using the link in any email we send. We aim to respond within one month.
13. Complaints
If you are unhappy with how we handle your data you can complain to our lead supervisory authority, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl. We’d appreciate the chance to address your concern first.
14. Changes to this policy
We may update this policy from time to time. We will change the “last updated” date above and, for significant changes, notify you by email.