Privacy Policy

Last updated: January 2026

1. Introduction

Mezan ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Zakat calculation service at mezan.us (the "Service").

By using our Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account using Google OAuth, we collect:

  • Your name
  • Email address
  • Google account profile picture (if available)
  • Google account ID (for authentication purposes)

2.2 Financial Data

When you connect your financial accounts through Plaid, we access:

  • Account names and types (checking, savings, investment, retirement, etc.)
  • Account balances (current and available)
  • Transaction history (up to 12 months)
  • Investment holdings and their values
  • Account and routing numbers (only as necessary for identification)

Important: We never receive or store your bank login credentials. All authentication with your financial institutions is handled securely by Plaid.

2.3 Zakat Configuration Data

We store your calculation preferences, including:

  • Nisab type preference (Gold or Silver)
  • Stock calculation method
  • Retirement account treatment preferences
  • Hawl (lunar year) start date

2.4 Payment Information

Payment processing is handled by Stripe. We receive:

  • Confirmation of successful payment
  • Subscription tier and expiration date
  • Transaction IDs for record-keeping

We do not store your credit card numbers, CVV, or complete billing details. This information is processed and secured by Stripe in accordance with PCI-DSS standards.

3. How We Use Your Information

We use the collected information to:

  • Provide, operate, and maintain the Service
  • Calculate your Zakat based on your financial data and preferences
  • Process payments and manage your subscription
  • Communicate with you about your account and the Service
  • Respond to your inquiries and support requests
  • Monitor and analyze usage patterns to improve the Service
  • Detect, prevent, and address technical issues or fraud
  • Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal or financial information. We may share data only in the following circumstances:

4.1 Service Providers

  • Plaid Inc. - For secure financial account connections
  • Stripe Inc. - For payment processing
  • Google - For authentication services
  • Google Cloud Platform - For hosting and infrastructure

4.2 Legal Requirements

We may disclose your information if required by law, subpoena, or other legal process, or if we believe disclosure is necessary to:

  • Comply with applicable laws or regulations
  • Protect our rights, privacy, safety, or property
  • Protect against legal liability

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data is transmitted using TLS 1.2+ encryption
  • Encryption at Rest: Stored data is encrypted using AES-256
  • Secure Infrastructure: Our services run on Google Cloud Platform, which maintains SOC 2 Type II and ISO 27001 certifications
  • Immutable Infrastructure: We use a containerized deployment approach where production systems are never patched in place—instead, fresh, secure containers are deployed
  • Restricted Access: Production access is strictly limited to our founding engineering team, with mandatory multi-factor authentication (MFA) on all systems
  • Token Security: Plaid access tokens are encrypted and stored securely
  • Continuous Security Monitoring: Automated vulnerability scanning runs on every code deployment, and we monitor for known security issues in third-party dependencies

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention and Deletion

Our privacy-first approach means we aggressively minimize data retention:

  • Active Subscriptions: Financial data is retained only while your subscription is active
  • Expired Subscriptions: After your subscription expires, you have a 30-day grace period for troubleshooting. After this window, your Plaid access tokens are permanently revoked and all associated financial data is automatically deleted from our production database
  • Backups: Encrypted database backups are retained for a maximum rolling window of 30 days for disaster recovery purposes only. We do not maintain any long-term or "cold storage" archives of your financial data beyond this window
  • Account Data: Basic account information (email, name) may be retained for legal and administrative purposes unless you request full deletion

You may request deletion of your data at any time by contacting us at support@mezan.us. We will process deletion requests within 72 hours. Upon request, we will revoke your bank connection via Plaid, hard-delete your user record from our database, and send you a confirmation email.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Request your data in a portable format
  • Opt-out: Disconnect financial accounts at any time
  • Withdraw Consent: Revoke consent for data processing

To exercise these rights, contact us at support@mezan.us.

8. Cookies and Tracking

We use essential cookies for:

  • Maintaining your authentication session
  • Remembering your preferences
  • Ensuring security of your account

We do not use third-party advertising cookies or trackers. We may use privacy-respecting analytics to improve our Service.

9. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Our Service is hosted in the United States. If you access our Service from outside the US, your information may be transferred to, stored, and processed in the US. By using our Service, you consent to such transfer.

12. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to say no to the sale of personal information (we do not sell your data)
  • Right to access your personal information
  • Right to equal service and price (non-discrimination)

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Mezan

539 W. Commerce St #484

Dallas, TX 75208

United States

Email: contact@mezan.us

Support: support@mezan.us