Privacy Policy

Last updated: 21 May 2026

1. Who we are

Salam.life is a global online community for Muslims and anyone else who wishes to take part in respectful conversation around faith, culture, family and daily life. The service is operated by IT RESOURCE (AITI RESURS), LLP, BIN 230240046213, with its registered office at 73 Mezhdunarodnaya Street, Apt. 3, Turksib District, Almaty 050037, Kazakhstan ("Salam.life", "we", "us" or "our"). We are the data controller for the personal data processed through the salam.life website and through the Salam.life mobile applications distributed via the Apple App Store and Google Play (together, the "Service").

You can reach us at any time at info@salam.life. This same address is the single point of contact for users under Article 12 of the EU Digital Services Act and for Member State authorities, the European Commission and the European Board for Digital Services under Article 11 of that Regulation. Communications may be sent in English.

This Policy explains, in plain language, what personal data we collect, why we collect it, how we use it, who we share it with, how long we keep it, how we protect it, and the rights you have over it. It is written to satisfy Articles 12 to 14 GDPR, the equivalent provisions of the UK GDPR, the notice-at-collection requirement under the CCPA as amended, the App Store and Google Play disclosure rules and the disclosure requirements of the Digital Services Act and the EU AI Act.

We make this Policy available in several languages for your convenience. In the event of any inconsistency between versions, the English text prevails.

2. The Service in plain terms, and what that means for your data

Salam.life is a social network. You create an account, choose a public handle and display name, optionally add a short biography and avatar, and share posts, comments, votes, follows and blocks with other members of the community. The feed is organised into two gender-separated streams, /brothers and /sisters, so that members who prefer that arrangement can take part comfortably; this is the only reason we ask you to indicate gender when you register. We do not ask for your religion. Members are free to mention faith, practice, school of thought or anything else they wish inside their bio or posts, but there is no structured "religion" field in your profile.

Because the Service is openly marketed to the worldwide Muslim community, we understand that the very act of using Salam.life may be perceived by some people as revealing a religious affiliation. We have therefore deliberately designed the platform to minimise the personal data we hold about you: we do not profile you on the basis of inferred beliefs, we do not target advertising at you, we do not sell or share your data with advertising networks or data brokers, we do not maintain a separate "religion" attribute about you in our systems, and we do not allow third-party advertising or cross-site tracking technologies in our website or apps.

3. The personal data we collect

We collect only what we need to run the Service.

Account data. When you register, we ask for your email address, a password (which we store only as a salted cryptographic hash and never in plain text), a public handle, a display name, your gender (male or female, used only to route your participation to the /brothers or /sisters stream), your country expressed as a two-letter ISO code, and your preferred interface language. You may optionally add a profile picture and a short biography.

Content you publish. Posts, comments, upvotes, downvotes, follows, blocks, content you report, and any images you choose to attach to a post are stored on our infrastructure and are, by their nature, visible to other members in accordance with the feature you used to publish them. Reports you submit about other members or their content are stored as part of our moderation record.

Technical data. When you use the Service we automatically receive and log technical information that is generated by the basic operation of the internet and our applications: your IP address, the date and time of your requests, the URLs and endpoints you accessed, the user-agent string of your browser or app, the session token associated with your login, and the time and method of your most recent sign-in. We use this data to operate the Service, secure accounts, prevent fraud and abuse, debug issues and meet our legal record-keeping obligations.

Communications. If you contact us at info@salam.life, we keep the message and our reply for as long as we need it to resolve your enquiry and to demonstrate that we handled it properly. We send only transactional emails — account verification, password reset and security notices — and no marketing email. The Service currently sends no push notifications.

We do not require or solicit any of the special categories of personal data described in Article 9 GDPR — such as data revealing racial or ethnic origin, religious or philosophical beliefs, political opinions, trade-union membership, genetic or biometric data, health data, or data concerning sex life or sexual orientation — and we do not maintain structured profile fields for any of those categories. Members may, of course, choose to mention any topic, including their faith or beliefs, in the free text of their bio, posts or comments; in that case we process the content of those publications only to operate the Service, as further described in section 5.

We do not collect biometric identifiers, precise location data, contacts, calendar or motion data, or data from connected accessories. Our mobile apps do not request access to the camera, the microphone, location, contacts, the calendar, health data, motion sensors, Bluetooth devices or biometric sensors. The only optional device permission the app requests is access to your photo library, and only at the moment you choose to attach a picture to a post.

4. Why we use your data, and on what legal basis

For users in the European Economic Area, the United Kingdom and other jurisdictions whose data protection laws are modelled on the GDPR, we rely on the following legal bases.

We process the data needed to create your account, authenticate you, run the gender-segregated feed, deliver content you have chosen to share with other members and provide the social-network features of the Service on the basis of performance of a contract with you (Article 6(1)(b) GDPR): without this processing, we cannot provide the Service you have asked for.

We process technical data, session information and moderation records on the basis of our legitimate interests (Article 6(1)(f) GDPR) in operating a safe, available and lawful platform, in keeping records of moderation decisions so that we can review them, in preventing fraud, spam, harassment and abuse, in defending and exercising legal claims, and in maintaining the security and integrity of our infrastructure. We have considered the impact of this processing on you and we believe that, taken together with our minimisation, retention and access controls, these interests are not overridden by your interests or fundamental rights.

We process the data we need to comply with our legal obligations on the basis of Article 6(1)(c) GDPR. This includes responding to lawful requests from competent authorities, keeping tax and accounting records where required, complying with the obligations that apply to online platforms under the Digital Services Act, and reporting suspected child sexual abuse material to the National Center for Missing & Exploited Children (NCMEC) as required of electronic-service providers under 18 U.S.C. § 2258A.

Where we ever rely on your consent — for example if you choose to opt in to a future optional feature — we will make that clear at the moment we ask, and you will be able to withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

For users covered by the UK GDPR, the same legal bases apply under the equivalent provisions of UK law. For users in other jurisdictions we rely on the equivalent lawful grounds available under local law, including, where applicable, performance of a contract, legitimate interests of the controller, compliance with a legal obligation and consent.

5. A note on gender and on the religious context of the platform

We collect a binary gender indicator (male or female) at registration because the feed itself is structured as two parallel streams and we need this single attribute to route your activity to the appropriate stream. Gender, in this sense and in the absence of any health or sexual-orientation data, is treated by us as ordinary personal data and used for that one operational purpose. We do not infer your sexual orientation from this attribute, we do not share it with third parties for any purpose other than running the Service, and we do not use it for profiling or advertising.

We are aware that the Service is marketed primarily to Muslim users and that some members will, in their bio or posts, voluntarily share information about their religious or philosophical beliefs. Any such information is information you have chosen to publish, and we treat it accordingly: we do not enrich your profile with religious attributes, we do not build inferred religious profiles of you, we do not use the content of your posts to categorise you by belief, and we do not share post content with advertising networks. We process the content you publish only to make the Service work as you have asked it to.

6. AI-assisted features ("Post with AI")

Salam.life offers an optional Post with AI feature that helps you draft, translate or refine your own posts and comments. When you use it, the text you type as a prompt is sent over a secure connection to a third-party model provider for one-time inference; the provider returns suggested text, and you then decide whether to edit it, publish it as your own post or discard it. We do not train our own AI models on your content, and your prompts are not retained by us beyond the time needed to deliver the response unless you choose to publish the resulting content as a post or comment, in which case the published content is stored as ordinary user-generated content.

We are mindful of the transparency obligations introduced by the EU AI Act (Regulation (EU) 2024/1689), and in particular by Article 50, which becomes applicable on 2 August 2026. Because you remain the author and editor of anything you publish through Post with AI — the feature exists to assist you, not to publish on your behalf — you exercise editorial responsibility over the final content. We will continue to monitor the Commission's guidance and Codes of Practice on transparency for AI-generated content and will update this Policy and the in-app experience as needed to reflect any further obligations that apply to the way the feature is used.

7. Cookies and similar technologies

The Salam.life website uses two categories of cookies and equivalent local-storage items.

Strictly necessary cookies, which are essential to deliver the Service in the form you have requested: an authentication cookie that keeps you signed in, a language-preference cookie that remembers the interface language you have chosen, and a theme cookie that remembers whether you prefer light or dark mode. These cookies are set automatically and do not require your consent.

Analytics cookies, set by Google Analytics (provided by Google LLC). We use Google Analytics to understand aggregate website traffic — how many people visit, which pages are popular, where visitors come from and how the Service performs technically. We have configured Google Analytics so that IP addresses are anonymised before processing, we do not link analytics data to your account, and we do not enable Google Signals or any advertising-related features. We ask for your consent before placing analytics cookies on your device, through a cookie banner shown on your first visit to salam.life. You can change your choice at any time by reopening the cookie settings on the website. Refusing analytics cookies does not affect your ability to use the Service.

We do not use cookies for advertising, profiling, cross-site tracking or behavioural-advertising audience-building. We do not embed Facebook Pixel, advertising SDKs or similar third-party advertising technologies.

The Salam.life mobile apps do not use any third-party analytics or advertising SDKs and do not access the device's advertising identifier (IDFA on iOS or AAID on Android). In Apple's App Privacy framework we declare the mobile apps as "Data Not Used to Track You", in the sense Apple gives to "tracking" in its App Tracking Transparency guidance, and in Google Play's Data safety section we likewise declare that we do not share data collected by the mobile apps with third parties for advertising, marketing or analytics purposes.

8. Who we share your data with

We share personal data only with the carefully chosen service providers we need in order to run the Service, and only to the extent each provider needs the data to do its job. They act as our processors under written agreements that bind them to use the data only on our instructions, to protect it with appropriate security measures, and to delete or return it when their service ends.

The current categories of sub-processors are:

  • a cloud infrastructure provider hosting our servers and databases in the European Union;
  • an image storage and content-delivery provider that stores and serves the avatars and images you upload;
  • a transactional email provider that delivers verification, password-reset and security messages on our behalf;
  • a website analytics provider (Google LLC, operating Google Analytics), used only to measure aggregate traffic and performance of the salam.life website;
  • a third-party AI model provider, accessed for inference only, used to power the Post with AI feature; and
  • Apple Inc. and Google LLC, which distribute our mobile apps through their respective app stores and process basic data necessary for that distribution.

If you choose to sign in to the web version of the Service using your Google account, Google LLC also acts as a sign-in provider; in that case Google shares with us only the basic identity information required to create or log you into your Salam.life account.

We do not sell your personal data and we do not share it for cross-context behavioural advertising. We do not disclose it to anyone other than the providers described above unless we are legally required to do so — for example by a valid court order, a binding legal request from a competent authority, or in connection with reports we are required to make to NCMEC under U.S. federal law in cases of suspected online child sexual exploitation.

If we are ever involved in a reorganisation, merger or sale of all or part of our business, personal data may be transferred to the relevant successor entity; in that case we will ensure that the successor is bound by terms at least as protective as those in this Policy and that you are informed.

9. International data transfers

Our infrastructure is located in the European Union, so your personal data is stored on servers in the EU regardless of where you live. Our team, however, operates the Service from outside the European Economic Area, including from our registered offices in Kazakhstan, which means that our personnel — together with some of our service providers — may access personal data hosted in the European Union from a third country. Where personal data is transferred outside the European Economic Area or the United Kingdom to a country that has not been recognised as offering an adequate level of data protection, we rely on the appropriate safeguards permitted by Article 46 GDPR (and the equivalent provisions of the UK GDPR), in particular the Standard Contractual Clauses adopted by the European Commission in Implementing Decision (EU) 2021/914 of 4 June 2021 and, for transfers from the United Kingdom, the corresponding international data transfer mechanisms recognised by the UK's Information Commissioner. We put in place appropriate technical and organisational measures to maintain an essentially equivalent level of protection.

10. How long we keep your data

We keep your personal data only for as long as we have a legitimate need for it.

We keep your account profile and the content you have published for as long as your account is open. When you delete your account, we delete the underlying data from our production systems within seven days and from our backups within thirty days, except for the limited categories described below. Server logs that contain technical and security information are retained for up to ninety days and then deleted or aggregated beyond recognition. Moderation records — including reports about content or members and the decisions we took in response — are retained for up to twenty-four months so that we can detect repeat behaviour and comply with our obligations under the Digital Services Act. We do not retain inputs sent to the third-party model provider for the Post with AI feature beyond the time needed to deliver the response, unless you choose to publish the resulting content as a post or comment, in which case the published content is stored as ordinary user-generated content and follows the retention rules above. Records that we are legally required to retain (for example, tax records, records of reports made to law-enforcement authorities and information that is the subject of a preservation request) are kept for the period required by the applicable law and then deleted.

11. Your rights

If you are located in the European Economic Area or the United Kingdom, you have the following rights in relation to your personal data, exercisable at any time by writing to info@salam.life or by using the controls inside the app and the website: the right to be informed about how your data is processed (which this Policy is designed to satisfy); the right of access to your data; the right to rectification of inaccurate or incomplete data; the right to erasure of your data ("right to be forgotten"); the right to restriction of processing; the right to data portability for the data you have provided to us and which we process by automated means on the basis of your consent or of a contract with you; the right to object to processing based on our legitimate interests; the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you (we do not make such decisions about you); and, where we have asked for your consent, the right to withdraw it at any time.

If you are a California resident, you also have, under the California Consumer Privacy Act as amended by the California Privacy Rights Act, the right to know what personal information we have collected about you, the categories of sources, the business or commercial purposes for which we use it and the categories of recipients with whom we have disclosed it; the right to access that personal information, including information collected more than twelve months before your request; the right to correct inaccurate personal information; the right to delete personal information; the right to opt out of the sale or sharing of personal information (we do not sell or share personal information in the sense the CCPA gives to those terms, including for cross-context behavioural advertising); the right to limit the use and disclosure of sensitive personal information; and the right not to be discriminated against for exercising your CCPA rights. The categories of personal information we collect are described in section 3, the purposes are described in section 4 and the recipients are described in section 8; all of those categories are collected from you directly or generated by your use of the Service. The only category of "sensitive personal information" as defined by the CCPA that we collect is your account log-in credentials (email and salted password hash), which we use only to authenticate you to the Service, as permitted by section 7027(m) of the CCPA regulations; we do not use or disclose any sensitive personal information for purposes that would trigger a right to limit it.

We acknowledge that residents of Brazil (under the LGPD, Law No. 13,709/2018), Indonesia (under the Personal Data Protection Law, UU PDP 27/2022), Turkey (under the KVKK, Law No. 6698), Malaysia (under the PDPA 2010), the Kingdom of Saudi Arabia (under the PDPL), the United Arab Emirates (under Federal Decree-Law No. 45 of 2021), Pakistan (under the PDPA) and the People's Republic of China (under the PIPL), among others, are granted analogous rights by their domestic data-protection laws. We will give effect to those rights to the extent the relevant law applies to our processing, and you can reach us in the usual way at info@salam.life.

To exercise any of these rights, write to info@salam.life. We will respond within the time limits set by the applicable law (one month under the GDPR and UK GDPR, extendable by two further months for complex requests; forty-five days under the CCPA, extendable by another forty-five days). We may need to ask you for information that allows us to confirm your identity before we act on your request, in order to protect your data from being disclosed to someone else.

If you are in the EEA you also have the right to lodge a complaint with the data protection supervisory authority of your country of residence, work or alleged infringement. If you are in the United Kingdom, you may complain to the Information Commissioner's Office (ico.org.uk). We would, however, appreciate the opportunity to address your concerns ourselves first.

12. Account deletion

You can delete your Salam.life account at any time from inside the app, under Settings → Delete account, and from the website at salam.life. You may also send a deletion request to info@salam.life from the email address associated with the account. Deleting your account permanently removes your profile, your published posts and comments, your votes, follows and blocks from our production systems within seven days; backups are purged on the rolling schedule described in section 10. Information that we are required by law to retain, and the limited moderation records described in section 10, are kept for the periods set out in those sections and then deleted.

13. Security

We protect personal data with security practices proportionate to the scale and nature of the Service, including encryption of data in transit, hashing of passwords using a modern salted algorithm, network and application-level access controls and the principle of least privilege for access to production systems. No method of transmission or storage is perfectly secure, but we work continuously to keep the risk of a security incident as low as reasonably possible.

14. Children

The Service is for users aged 16 and older. We do not knowingly create accounts for, or knowingly collect personal data from, anyone under that age. Within the United States, in accordance with the Children's Online Privacy Protection Act (15 U.S.C. §§ 6501–6506) and its implementing rule (16 C.F.R. Part 312), we additionally affirm that we do not knowingly collect personal information from any child under 13. If you believe that a person under our minimum age has provided us with personal data, please contact us at info@salam.life and we will take steps to delete that data and close any associated account.

15. Reporting and content moderation

You can report content or accounts that you believe violate our rules or applicable law through the in-app Report function on each post, comment and profile, or by writing to info@salam.life. We act on credible reports within a reasonable time and may remove content, suspend accounts or take other appropriate measures where we conclude that our rules or applicable law have been breached.

Where we become aware of facts or circumstances suggesting the presence of child sexual abuse material or other offences described in 18 U.S.C. § 2258A on the Service, we report them to the CyberTipline of the National Center for Missing & Exploited Children (NCMEC), as required of electronic-service providers, and we cooperate with competent authorities in accordance with the applicable laws.

Notices alleging that content on Salam.life infringes copyright or other intellectual-property rights, including notices that follow the form of the U.S. Digital Millennium Copyright Act, can be sent to info@salam.life, which is our official channel for such notices.

For users in the European Union, info@salam.life also serves as our single point of contact for users and for communications from Member State authorities, the European Commission and the European Board for Digital Services in relation to the EU Digital Services Act. Communications may be sent in English.

16. Changes to this Policy

We may update this Policy from time to time to reflect changes in the Service, in our practices or in the law. If we make material changes, we will notify you by an appropriate means before they take effect, for example through an in-app notice or by email. The "Last updated" date at the top of this Policy always reflects the latest revision.

17. How to contact us

For any question, request or complaint relating to this Policy or to your personal data, please write to:

IT RESOURCE (AITI RESURS), LLP 73 Mezhdunarodnaya Street, Apt. 3, Turksib District, Almaty 050037, Kazakhstan Email: info@salam.life

We aim to respond to every enquiry in a timely manner, in the language in which it was sent where we are able to, and in any event in English.