Privacy Policy

Your financial data is sensitive. Here's exactly how we handle it.

Your Data Stays in Your Browser

All portfolio data you enter (cash amounts, holdings, share counts, debts, valuables) is stored in your browser's sessionStorage— it is automatically cleared when you close the tab. We do not store your portfolio data on our servers.

Optional: Remember My Data

If you enable “Remember my data” in the calculator sidebar, your portfolio data is encrypted using AES-256-GCM(the same standard used by banks and password managers) and saved to your browser's localStorage. This allows your data to persist across tab closures and browser restarts.

  • The encryption key is generated and stored entirely in your browser — it never leaves your device and cannot be read by JavaScript (non-extractable CryptoKey).
  • Your data is automatically deleted after 30 days.
  • You can delete it immediately at any time using the “Forget my data” button.
  • This feature is off by default — you must explicitly opt in.

Save Codes & Encrypted Export

You can export your data as a save code— a compressed text string you copy to your clipboard. Save codes can optionally be encrypted with a passphrase you choose (using AES-256-GCM with PBKDF2 key derivation at 600,000 iterations). The encrypted save code is safe to paste into a notes app or messaging service. Without the passphrase, the data cannot be read.

You can also export and import your data as a JSON filefor year-over-year re-use. Exported files contain only your input data — calculation results are recomputed fresh since prices and ratios change.

What the API Receives

When you calculate your zakat, the following data is sent to our server-side API for processing:

  • Ticker symbols (e.g., AAPL, VTI)
  • Share counts and prices per share
  • Cash and debt amounts (aggregate numbers only)
  • Calculation preferences (nisab method, jewelry treatment)

This data is used only to compute your zakat obligation and is not stored, logged, or associated with any identity. API requests are processed and discarded.

What We Don't Collect

  • No names, phone numbers, or mailing addresses
  • No account creation, login, or passwords
  • No cookies, tracking pixels, or advertising networks
  • No cookies, persistent identifiers, advertising networks, or browser fingerprinting
  • No portfolio data stored on our servers (with or without “Remember my data”)

Feedback

If you choose to submit feedback, we collect your message and the category you selected. Feedback is anonymous by default. If you optionally provide your email address (to receive a response), that email is stored alongside your message.

To help us reproduce and fix bugs, each feedback submission also includes the page you submitted from, which stage of the calculator you were at, how many items you had entered, your anonymous session ID, and a deduplication hash. No portfolio amounts, holdings, or financial figures are included.

We do not share feedback data with third parties.

Early Access Waitlist

If you join our early access list, we store your email addressand referral source so we can contact you when we're ready. That's it. We will never send more than one email per month, and you can unsubscribe at any time by contacting us. We do not share your email with third parties.

Your email is the sole piece of personal information we store, and only because the purpose of the waitlist is to contact you.

Data Sharing & Cross-Site Transfer

SeeMyZakat.com and intentional-capital.com are operated by the same company (Intentional Capital) but maintain separate data boundaries. No data flows between them without your explicit action.

If you choose to share your zakat results with Intentional Capital (via the “Analyze my portfolio” button on the results page), the following happens:

  • Member names are replaced with generic labels (“Member 1”, “Member 2”) — real names are never transmitted
  • The snapshot is encrypted at rest (AES-256-GCM) on our server
  • It is automatically deleted after 15 minutes or upon first retrieval, whichever comes first
  • Only financial aggregates are shared — no email, IP address, session identifiers, or browser data crosses between sites

Minimal, Privacy-Respecting Analytics

We use Vercel Analytics to understand aggregate usage patterns (page views, referrer, browser, country). This data is anonymous, cookie-free, and cannot be tied to individual users. We also use Vercel Speed Insights to monitor page performance (load times, Web Vitals).

We use Sentry for error monitoring and diagnostics. Sentry captures error messages, page URLs, and performance metrics when something goes wrong. For a small percentage of sessions, Sentry records page interactions (clicks, navigation) to help us reproduce and fix bugs. All text in these recordings is masked, so your financial data, portfolio amounts, and holdings are never visible.

To count distinct users affected by an error, Sentry assigns a random, anonymous session ID to your browser tab. This ID is generated fresh each time you open the page, is never linked to your identity, and is automatically discarded when you close the tab. It is not shared with any third party beyond Sentry.

Discovery Cache

When you enter a ticker symbol that isn't in our pre-computed database, our system automatically looks it up from SEC filings or Yahoo Finance. The resulting financial ratio (not your personal data) is cached so that future users benefit from faster lookups. This cache contains only ticker-level financial data (e.g., “AAPL has a zakatable ratio of 12.3%”) and is not linked to any individual user.

Third-Party Services

  • Vercel — Hosts our application and provides anonymous analytics and performance monitoring
  • Upstash — Stores waitlist emails, anonymous feedback, rate limit counters, and encrypted transfer tokens
  • Yahoo Finance — Provides stock prices (queried server-side with ticker symbols only)
  • SEC EDGAR — Provides regulatory filing data for ratio calculations
  • EDINET — Japanese regulatory filing data for ratio calculations
  • UK Companies House — UK regulatory filing data
  • ACRA — Singapore regulatory filing data
  • Sentry — Error monitoring and diagnostics. Receives technical data (error messages, page URLs, performance metrics, sampled session recordings) when something goes wrong. Does not receive your portfolio data, holdings, or financial amounts.

None of these services receive your personal information or portfolio composition. They only receive individual ticker symbol lookups (market data sources), anonymous usage metrics (Vercel), or technical error reports (Sentry).

Data Retention

  • Portfolio data (sessionStorage) — Cleared when you close the tab
  • Remembered data (localStorage) — Auto-deleted after 30 days, or immediately via “Forget my data”
  • Transfer snapshots — 15 minutes or first retrieval, encrypted at rest
  • Ticker cache — 5 minutes (Vercel Blob) to 7 days (Redis)
  • Rate limit counters — 60 seconds
  • Waitlist email — Until you request deletion
  • Feedback messages — Until reviewed and purged by our team
  • Error reports (Sentry) — Per Sentry's retention policy
  • Page views (Vercel Analytics) — Aggregate only, no individual data

Data Deletion

Browser data:Use the “Forget my data” button in the calculator sidebar, or clear your browser's site data. This permanently deletes all locally stored data including the encryption key.

Server-side data: To request deletion of your waitlist email or any feedback submissions, contact us via our feedback form with the subject “Data Deletion Request.” We will delete all matching entries within 7 business days.

Data already in anonymized or aggregated form (Vercel Analytics, Sentry error reports) cannot be individually deleted as it contains no personal information.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA/CPRA):

  • Right to Know— You may request what personal information we collect, use, and disclose. For this site, this is limited to: email address (if you joined the waitlist) and feedback messages (if you submitted feedback with your email).
  • Right to Delete— You may request deletion of your personal information. See the “Data Deletion” section above for the procedure.
  • Right to Opt-Out of Sale— We do not sell, rent, or share your personal information with third parties for their marketing purposes. We have never sold personal information.
  • Right to Non-Discrimination— We will not discriminate against you for exercising your privacy rights.

Categories of Personal Information

CategoryCollected?PurposeSold?
Identifiers (email)Only if you join waitlistContact when product launchesNo
Internet activity (page views)Aggregated onlyUsage patternsNo
Financial informationNo — stays in your browserN/ANo

Third-Party Service Providers

The following are service providers that process data on our behalf under contract. None use your data for their own marketing purposes:

  • Vercel — Hosting and analytics
  • Upstash — Data storage
  • Sentry — Error monitoring (technical data only, no PII)

Public data sources (Yahoo Finance, SEC EDGAR, EDINET, UK Companies House, ACRA) receive only ticker symbols. No personal information is transmitted to these services.

Contact

Questions about this privacy policy? Send us a message

Last updated: March 5, 2026