Privacy Policy
This policy explains what information MakeMyDua, a service operated by Nuryx Intelligence Corp. (“Nuryx,” “we,” “us,” or “our”), collects when you use our website and services, how we use it, and the choices you have. Please read it carefully. If you do not agree with this policy, please do not use our services.
1. Who We Are and How to Contact Us
MakeMyDua is a service operated by Nuryx Intelligence Corp., a corporation incorporated in Canada. The service connects people who request a dua (prayer) with Muslims around the world, including pilgrims travelling for Hajj or Umrah, who make the dua and send back a note.
The data controller for purposes of applicable privacy laws is Nuryx Intelligence Corp. If you have any questions about this policy, requests regarding your personal information, or complaints, you can reach our Privacy Officer at privacy@makemydua.com. We can also be reached by post on request to that email address.
2. Information We Collect
2.1 Information you provide to us
- Account information. When you create an account we collect your name, email address, and (if you sign up with a password) a securely hashed password. We never store your password in readable form.
- Profile information. Your role (requester or pilgrim), language preferences, optional Hajj/Umrah travel window, and your selected display theme.
- Dua content. The text of any dua you request and any notes returned by pilgrims who fulfil your request. This content may, by its nature, refer to your health, family, work, finances, relationships, or other sensitive subjects. You decide what to share.
- Reports. If you report a dua or note for inappropriate content, we keep the reason and any details you provide.
- Communications. If you email us, we keep your message and our reply to it.
2.2 Information we collect automatically
- Technical data. IP address, browser type, device and operating system identifiers, language settings, and time-zone.
- Usage data. Pages you visit, features you use, duration of sessions, clicks and form submissions, and errors that occur.
- Approximate location. When you use the service we may derive your approximate location from your IP address.
- Precise location. When you act as a pilgrim, we may ask your browser for your precise location (latitude and longitude) during onboarding and at the moment you make a dua. We use this only to verify that you are physically within a recognised Hajj or Umrah region. You can decline this prompt, but pilgrim verification relies on it.
- Cookies and similar technologies. We use essential cookies to keep you signed in. We also use local storage and analytics cookies as described in Section 9.
2.3 Information from third parties
If you sign in through a third-party identity provider (for example, Google), that provider sends us your name, email address, and a profile photo URL. We do not receive your password from the provider.
3. How We Use Your Information
- To create and operate your account.
- To deliver the core service: routing dua requests to pilgrims, sending notes back to requesters, and verifying pilgrim location.
- To detect, prevent, and respond to fraud, abuse, spam, or content that is harmful, illegal, or violates our Terms of Service. This includes automated content checks on dua text before it is shown to other users.
- To send service emails (for example, sign-in links, completion notes, security alerts). We do not send marketing emails without your separate consent.
- To measure how the service is used, debug problems, and improve features over time.
- To comply with applicable laws, regulations, court orders, and requests from public authorities where legally required.
4. Legal Bases for Processing (EU/UK/EEA Users)
If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the General Data Protection Regulation (GDPR):
- Contract. Processing necessary to provide the service you signed up for.
- Legitimate interests. Processing necessary for security, fraud prevention, service improvement, and limited analytics. We balance these against your rights and freedoms.
- Consent. Where you have given clear opt-in permission, for example for precise geolocation or for any future marketing email.
- Legal obligation. Processing required to comply with the law.
- Explicit consent for special categories. See Section 5 below.
If you are a resident of Canada, we process your personal information in accordance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and any applicable provincial privacy legislation (including Quebec’s Law 25 if you reside in Quebec).
5. Religious Beliefs and Other Sensitive Information
Information about your religious beliefs is treated as a special category of personal data under data protection laws in many regions (including GDPR Article 9). By creating a MakeMyDua account and using the service, you give your explicit consent for us to process your information for the limited purposes of operating the service, consistent with this policy. You may withdraw this consent at any time by deleting your account; doing so will end your ability to use the service. The text you submit as a dua may also reveal sensitive information (such as health, family, or financial concerns). You decide what to write. We treat that text with the same care as any other personal information.
6. How We Share Your Information
We do not sell your personal information. We share it only as follows.
6.1 With other users of the service
- If you are a requester:the text of your dua is shown to other MakeMyDua users so they can make it for you. The notes you send when you make a dua include your first name unless you select the “anonymous” option. Anonymous notes display as “A pilgrim” on a reasonable-effort basis.
- If you are a pilgrim:the notes you write are sent to the requester. Your precise coordinates are never shared with other users; we only share the location label you select (e.g. “Masjid al-Haram”) and a verified-location indicator.
6.2 With service providers acting on our behalf
We rely on a small number of third-party service providers to deliver the service. These include:
- An identity provider, where you choose to sign in with one (currently Google).
- A product analytics provider that helps us measure usage.
- A cloud infrastructure provider that hosts the service, stores data, and routes traffic.
- An email delivery provider that sends sign-in links and completion notes.
- An automated content moderation service that helps screen dua text for safety.
Each provider acts under written agreements that limit them to the purposes we instruct, and require security and confidentiality measures. A current list of the specific subprocessors we use is available on request to privacy@makemydua.com.
6.3 Legal, safety, and corporate transactions
We may disclose information if required by law, court order, or government request; to investigate or prevent fraud, abuse, security incidents, or threats to anyone’s safety; or as part of a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor this policy.
7. International Data Transfers
MakeMyDua may be used from anywhere in the world. To operate the service we may transfer your information across borders, including to countries that do not provide the same level of data protection as your country of residence. Where required, we use appropriate safeguards (such as Standard Contractual Clauses or equivalent mechanisms) for transfers out of the EEA, UK, and Switzerland. By using the service, you acknowledge that your information will be processed in the countries where our service providers operate.
8. Data Retention
We keep your information for as long as your account is active and as needed to provide the service. After you delete your account, we delete or anonymise personal information within a reasonable period, except where we are legally required to keep specific records (for example, to comply with tax, accounting, fraud-prevention, or law enforcement requirements). Aggregated and anonymised statistics that cannot be linked back to you may be retained indefinitely.
9. Cookies and Similar Technologies
We use a small number of cookies and similar technologies. Essential cookies (such as the session cookie that keeps you signed in) are required for the service to work. Analytics cookies and local-storage identifiers help us understand how the service is used. You can clear or block cookies through your browser settings; doing so may break parts of the service, including the ability to remain signed in.
10. Your Rights
Depending on where you live, you may have some or all of the following rights regarding your personal information:
- Access a copy of the information we hold about you.
- Correct information that is inaccurate or incomplete.
- Delete your account and your personal information.
- Object to or restrict certain processing.
- Withdraw consent at any time, where processing is based on consent.
- Receive a portable copy of information you provided to us.
- Lodge a complaint with your local data protection authority. If you are in the EU/UK/EEA you also have this right under GDPR. Canadian residents may file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca). Quebec residents may file with the Commission d’accès à l’information du Québec.
California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, to delete it, to correct it, and to opt out of any “sale” or “sharing” of personal information as those terms are defined under the CCPA. We do not sell your personal information.
To exercise any of these rights, email privacy@makemydua.com. We may need to verify your identity before responding. We will respond within the time required by applicable law.
11. Children’s Privacy
MakeMyDua is not directed to children. We do not knowingly collect personal information from anyone under the age of 13 (or 16 in the EU/UK/EEA, where required by local law). If you believe a child has provided us with personal information, please contact us and we will delete it.
12. Security
We use industry-standard technical and organizational measures to protect your information, including encryption in transit, hashed passwords, and access controls. No system is perfectly secure. We cannot guarantee absolute security and you use the service at your own risk.
13. Changes to This Policy
We may update this policy from time to time. If we make material changes we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, by other means (such as an in-app notice or email). Your continued use of the service after the changes take effect means you accept the updated policy.
14. Contact
Questions, requests, or complaints? Email privacy@makemydua.com.