2. Data We Collect

We collect the following categories of personal information to provide the services offered by the Umrah Kameti application:

2.1 Account & Authentication Data

• Email Address — used as your login identifier
• Password — stored securely in hashed form via Firebase Authentication; never stored in plain text
• Full Name — used to identify your account within the app and in Kameti groups
• Profile Photo (optional) — uploaded by the user for identification within groups

2.2 Identity Verification Data

To verify your identity within Kameti groups, you are required to submit one of the following government-issued identification documents:

• CNIC (National Identity Card)
• Driving License
• Passport

This information is collected solely for identity verification purposes and is never shared with third parties or used for any other purpose.

2.3 Financial & Transaction Data

• Monthly contribution amounts
• Payment history
• Payout records
• Pending dues and outstanding balances
• Leader withdraw request records and approval status
• Umrah savings progress

2.4 Group & Membership Data

• Kameti group membership and group names
• Role within each group — Member or Leader
• Turn and slot assignment
• Join date and membership status

2.5 Umrah Planning Data

• Selected Umrah packages and travel date preferences
• Booking status — confirmed, pending, or cancelled

2.6 Technical & Device Data

• Firebase Authentication session tokens
• FCM push notification tokens
• App usage logs via Firebase Analytics
• Device operating system and app version

2.7 Payment & Media Data

• Payment information (processed securely via Stripe or other payment providers; we do not store card details)
• Transaction history and payment records
• Profile photos and user-uploaded media (images/videos used within the app or community features)
• Push notification tokens
• Device information such as device type, OS version, and crash logs

3. How We Use Your Data

We use collected data exclusively for the following purposes:

• Account creation and secure login using email and password authentication
• Identity verification using CNIC, driving license, or passport within Kameti groups
• Tracking and displaying Kameti contribution and payout records
• Sending push notifications for operational events only
• Displaying savings progress toward Umrah goals
• Enabling group Leaders to manage member records within their groups
• Generating exportable financial data reports for users upon request
• Improving app performance and fixing bugs using anonymised analytics data
• Responding to user support requests and account deletion requests

Push Notifications May Be Sent For:

• Verification application status updates
• Leader status updates
• Payment status updates
• Leader withdraw request status updates

We do NOT sell your personal data to third parties.

We do NOT use your data for targeted advertising or ad profiling.

We do NOT share your identity documents or financial data with any external party.

Push notifications are sent only for operational events — not for marketing.

4. Third-Party Services

We use the following third-party services to operate and improve the Umrah Kameti application. These services may collect and process limited user data in accordance with their own privacy policies.

5. Data Sharing & Disclosure

5.1 Within the App

• Group Leaders can view payment statuses, contribution records, and membership details of members within their own Kameti group only.
• Members can view their own data and limited group summary information but cannot view other members’ personal details or identity documents.

5.2 Legal Obligations

We may disclose user data if required to do so by law, court order, or government authority in Pakistan or any applicable jurisdiction.

5.3 What We Never Do

• We never sell personal data to any third party.
• We never share identity document data, financial records, or contact information with advertisers, marketers, or data brokers.
• We never transfer data outside of Firebase/Google’s infrastructure without explicit user consent.

6. Data Retention & Deletion

6.1 Retention Periods

• Account and profile data is retained for as long as your account remains active.
• Payment and financial records are retained for up to 3 years after a Kameti group cycle is completed.
• Analytics and crash data is retained by Firebase for up to 14 months.

6.2 Account Deletion

You may request permanent deletion of your account and associated personal data at any time using one of the following methods:

In-App Deletion

You can delete your account directly from the app by navigating to:
Settings → Delete Account

Email Request

Alternatively, you may request deletion by emailing: support@umrahkameti.com
Subject: Account Deletion Request

Processing Time

• All valid deletion requests are processed within 30 days
• Your personal data will be permanently removed from our systems

Data Retention Exception

Certain data may be retained where required for:

• Legal compliance
• Financial record-keeping
• Dispute resolution

7. Your Rights

• Right to Access: You may request a copy of all personal data we hold about you.
• Right to Correct: You may update or correct inaccurate personal information through the app’s profile settings.
• Right to Delete: You may request full deletion of your account and data as described in Section 6.2.
• Right to Data Portability: You may export your own financial data in a human-readable format directly from within the app.
• Right to Opt Out: You may opt out of Firebase Analytics data collection by adjusting your device’s analytics settings.

Note: The data export feature provides your personal financial records in a readable format only. It does not include other users’ data or internal system records.

To exercise any of these rights, please contact us at support@umrahkameti.com. We will respond to all requests within 30 days.

8. Security Measures

We take the security of your personal, identity, and financial data seriously. The following measures are in place to protect your information:

• All data is transmitted over encrypted HTTPS/TLS connections.
• Passwords are never stored in plain text; Firebase Authentication manages credential storage securely.
• Access to Cloud Firestore is governed by Firebase Security Rules enforcing role-based access control.
• Identity verification documents are stored only in Firestore and are not cached on the device.
• We conduct periodic reviews of Firebase Security Rules.

While we implement industry-standard security measures, no system is completely immune to security breaches. We encourage users to use a strong, unique password and report any suspected unauthorized access immediately.

9. Children’s Privacy

The Umrah Kameti application is not directed at or intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.

If we become aware that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete that information.

If you believe your child has provided us with personal information without your consent, please contact us at support@umrahkameti.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Update the “Last Updated” date at the top of this policy
• Send an in-app push notification informing users of the change
• For significant changes, require users to re-acknowledge the updated policy before continuing to use the app

Your continued use of the Umrah Kameti application after the effective date of any updated policy constitutes your acceptance of the revised terms.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us: