Privacy Policy

Last updated: February 2, 2026

toNikah (“we”, “us”, or “our”) operates tonikah.com, the toNikah web application, and related Android and iOS mobile applications (collectively, the “Platform”).

We respect your privacy, handle personal data responsibly, and align with Islamic principles of trust, modesty, transparency, and protection of dignity. We do not sell personal data, track users across third-party sites/apps for advertising, or use interest-based advertising. Any optional analytics or marketing features are used only with your explicit consent, where required by law.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you use the Platform. It complements our Cookie Policy.

1. Who We Are (Data Controller)
  • Web Hive UG (Germany) – Global platform operator and primary Data Controller
  • Enumeration Technologies Pvt. Ltd. (India) – Payment collection partner for users in India

Contact: privacy@tonikah.com

2. Who This Policy Applies To

This applies to registered users, visitors, and Platform administrators. The Platform is for adults 18+ only. Age is collected based on the date of birth you provide. We may request additional verification where required or if we suspect a minor. We do not knowingly collect data from minors; suspected cases may lead to account suspension.

3. Personal Data We Collect

A. Account & Identity

  • Name, username, email, phone (optional/verified), date of birth (age or age range shown publicly), gender
  • Profile photos (private photos obscured for other users unless you reveal them)
  • Selfie/ID documents (optional for verification badge)

B. Profile & Preferences

  • Location (city/country; precise coordinates if enabled)
  • Nationality/ethnicity, languages, education/profession
  • Religious practice/faith details, marriage intentions, partner preferences
  • Hobbies, bio, appearance

C. Communications

  • Messages/chats, shared media, support requests

D. Technical/Usage

  • IP address, device/browser info, login history, cookies/local storage, push tokens

Public vs Private Information

  • Publicly visible (to other users) Username, age (or age range), city/country, profile basics (e.g., headline, bio summary), photos you set as public
  • Private (not visible to others) Email/phone, precise location coordinates, verification documents, payment info, device/technical logs, private photos
4. Why We Process Personal Data
  • Provide matchmaking, profiles, messaging
  • Verify identity/safety/fraud prevention
  • Process payments/subscriptions
  • Support, legal compliance, service communications
  • Optional marketing (opt-in only)
5. Legal Bases
  • Contract: Core service provision
  • Consent: Optional features (marketing, verification, precise location) and sensitive/special category data (e.g., religious beliefs, biometrics for verification)
  • Legal obligation: Compliance/law enforcement
  • Legitimate interests: Security, fraud prevention (balanced against rights)

We do not make decisions based solely on automated processing that produce legal or similarly significant effects without human involvement.

You can remove or edit sensitive fields at any time. Where you choose not to provide them, core service remains available (except where required for a specific feature).

6. Payments

No card details stored. Processed by third-party providers (Stripe, Razorpay, PayPal, potentially PayU). We retain transaction identifiers/invoices for accounting/legal compliance. Enumeration Technologies Pvt. Ltd. acts as our payment collection partner (and merchant of record where applicable) for Indian users.

7. Storage & Transfers

Primary storage in the EU (e.g., Frankfurt region). India users’ payment records may be processed/stored in India. International transfers use Standard Contractual Clauses (SCCs) or other safeguards for adequate protection.

8. Third Parties

Shared only as necessary with processors bound by law:

  • Google: Login (OAuth), Maps/Places for location features
  • Cloud infrastructure and verification-related services (e.g., SMS delivery, identity checks)
  • Cloudflare: CDN, security, image storage/delivery
  • Firebase: Push notifications
  • Payment processors: Stripe, Razorpay, PayPal, PayU
  • Email delivery services
9. Data Retention

As long as needed for purposes or law. Account data kept until deletion; deleted/anonymized promptly after request (subject to legal holds). Messages retained until you delete them, delete your account, or as needed for safety/legal reasons. Residual copies may remain in backups for a limited period. Inactive accounts may be deleted after prolonged inactivity with notice.

10. Your Rights

Access, correct, delete account/data, withdraw consent (as easy as giving), object/restrict processing, portability (GDPR). We respond within 30 days (or as required by law). EEA/UK users may complain to supervisory authorities. Contact privacy@tonikah.com.

11. Security

Passwords hashed. Data encrypted in transit (TLS) and at rest where appropriate. Secure tokens, access controls, monitoring. No system is 100% secure.

12. Changes

Updates posted here; significant changes notified via Platform/email.

13. Contact

privacy@tonikah.com

toNikah — Operated by Web Hive UG (and Enumeration Technologies Pvt Ltd. for Indian payments)