Privacy Policy

Introduction

ShariahLab (“we,” “us,” or “our”) values your trust and is committed to protecting your personal data. This Privacy Policy outlines how we collect, use, store, disclose, and protect your information in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia, applicable global privacy standards, and our Shariah governance principles. This policy applies to all users (“you” or “data subject”) who access our platform, website, mobile application, or any related services provided by ShariahLab.

Scope and Application

This Privacy Policy applies to all personal data processed by ShariahLab, including:
  • Visitors of our website (https://shariahlab.io)
  • Registered users of our ShariahLab platform
  • Clients who utilize our Robo Shariah Adviser
  • Individuals contacting us for customer support or professional consultation
  • Employees, contractors, or interns engaging with our software and systems

Types of Personal Data Collected

We may collect and process the following categories of personal data:
  1. Identification Data:
    • Full name
    • Company name and designation (if applicable)
  2. Contact Information:
    • Email address
    • Telephone number
    • Physical and mailing address
  3. System & Access Data:
    • Login credentials (username, password)
    • User device type and IP address
    • Browser session and activity logs
  4. Usage & Content Data:
    • Search queries on fatwa repository
    • Access frequency and feature usage
    • Feedback, inquiries, or submitted documents
We process your personal data based on the following legal grounds:
  • Consent: Where you have explicitly consented to our processing activities.
  • Contractual Necessity: To perform our contractual obligations to you.
  • Legal Obligation: To comply with applicable laws and regulations.
  • Legitimate Interests: To improve our platform, maintain cybersecurity, and serve our users better.

Purpose of Data Collection

Your data is collected and processed for the following lawful purposes:
  1. To register your account and grant access to ShariahLab services
  2. To deliver AI-powered search results and fatwa references
  3. To respond to support tickets and professional inquiries
  4. To customize the user experience through analytics
  5. To prevent misuse, fraud, and cyber threats
  6. To fulfil compliance obligations under Malaysian law and Shariah guidelines
  7. To send updates, newsletters, and research insights

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance functionality and improve user experience. This includes:
  • Session Cookies: For secure login and navigation
  • Analytical Cookies: To analyze user behavior for service improvement
  • Third-party Cookies: Google Analytics or equivalent tools (if applicable)
You may disable cookies via your browser settings, though this may limit platform functionality.

Data Retention and Disposal

ShariahLab retains personal data only for as long as necessary to fulfill the purposes stated in this policy or as required by law. Upon expiry of retention periods:
  • Digital data is securely deleted from our servers and backups.
  • Physical data (if any) is shredded and disposed of using secure destruction services.
  • Inactive user accounts may be anonymized or deleted after [e.g., 24 months] of inactivity.

Data Disclosure and Third Parties

We do not sell or rent your personal data. However, we may disclose it to:
  • Authorized employees and consultants on a need-to-know basis
  • External IT service providers bound by confidentiality agreements
  • Government or legal authorities where disclosure is required by law
  • Regulators, where applicable
All third parties are contractually obligated to maintain confidentiality and comply with PDPA and ShariahLab’s standards.

International Data Transfers

ShariahLab operates primarily within Malaysia. Where international data transfer is required (e.g., cloud servers or backups), we ensure:
  • Transfers are made to jurisdictions with adequate data protection laws
  • Binding agreements are in place (e.g., standard contractual clauses)

Security Measures

We take appropriate technical and organizational measures to safeguard personal data, including:
  • End-to-end encryption of sensitive transmissions
  • Multi-factor authentication for administrative access
  • Regular penetration testing and vulnerability assessments
  • Role-based access control (RBAC)
  • Real-time audit logging and anomaly detection

Your Rights as Data Subject

As provided under the PDPA and our ethical principles, you have the right to:
  • Access your personal data
  • Correct inaccurate or outdated data
  • Withdraw consent at any time
  • Object to processing for marketing purposes
  • Request deletion or restriction of your data (subject to legal limitations)
  • Lodge complaints with the Personal Data Protection Commissioner (Malaysia)

Amendments and Revisions

We may amend this policy from time to time to reflect legal or technological changes. Users will be notified of any material changes via email or platform notices. The updated policy will take effect upon publication on our website.

Contact Information

For inquiries, complaints, or the exercise of data protection rights, please contact:
Elzar Shariah Solutions Sdn Bhd
Email: [email protected]
Phone: +6011-2067 7990