Trust & Security — Riwaq Data Processing

Trust, Security & Data Processing

This page separates what we can verify about bayyinahtech.com today from how Riwaq customer data is handled under written agreements. It is intended for boards, lenders, and security reviewers.

Last reviewed: 2026-06-05 · Entity: Bayyinahtech LLC · Apex, North Carolina, United States

Company & product scope

  • Legal entity: Bayyinahtech LLC (brand: Bayyinah Tech)
  • Product: Riwaq — mosque & Islamic nonprofit operations software in active development
  • Public demo: https://riwaq-demo.bayyinahtech.com/
  • Product stage: Riwaq is under active development by Bayyinahtech LLC. A demo environment is available; production deployments and customer agreements define specific features, SLAs, and data-handling commitments for each masjid.

A. Marketing website (bayyinahtech.com) — verified practices

This WordPress marketing site is operated by Bayyinahtech LLC. As implemented in our site code on production:

  • HTTPS: Production traffic is served over HTTPS on bayyinahtech.com.
  • Contact form: Collects name, email, organization, and message; uses a CSRF nonce, honeypot, and short IP rate limit before email delivery.
  • Cookie consent: Non-essential analytics cookies are blocked until opt-in on production; Google Consent Mode v2 defaults deny analytics storage first; Global Privacy Control (GPC) is honored in our consent script.
  • Google Analytics 4: Loaded on production only after analytics consent; configured with IP anonymization in our tagging snippet.
  • No sale of personal information: We do not sell contact-form or analytics data for cross-context behavioral advertising.

Details: Privacy Policy · use Cookie Settings in the footer.

B. Riwaq product & customer data — agreement-based

Riwaq is not yet described here as a independently audited, generally available production SaaS with fixed SLAs. When a masjid subscribes, binding data-protection and security commitments are defined in that customer’s written agreement (order form / MSA / statement of work), not solely by this marketing page.

Typical topics covered in customer agreements and diligence packets (request current copies):

  • Roles (customer as controller, Bayyinahtech LLC as processor/service provider where applicable)
  • Categories of personal data processed in Riwaq (as configured by the customer)
  • Confidentiality, subprocessors, export/deletion at termination, and cooperation with customer inquiries
  • Security measures applicable to that deployment

Request current customer terms or a diligence packet: atif.jaffery@bayyinahtech.com

Design priorities for Riwaq (roadmap — not a warranty)

Our engineering direction for Riwaq includes tenant-scoped data, role-based access, encryption in transit, and audit-friendly workflows for Zakat and program operations. Specific implementations, certifications (e.g., SOC 2), backup RPO/RTO, and production regions are confirmed in customer agreements and security reviews — not implied by this list.

Compliance notes

  • GDPR / UK: Cookie consent on this site is opt-in on production; Riwaq customer terms address processor obligations where applicable.
  • CCPA / CPRA: We do not sell personal information from this marketing site; GPC honored in our cookie banner script.
  • Each masjid remains responsible for lawful collection and use of community data it enters into Riwaq.

Contact

Security, privacy, or diligence questions: atif.jaffery@bayyinahtech.com

Related: Terms of Service · About · FAQ