You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

Privacy Policy Amendment – Effective 27 April 2026

Revised Date: 27 April 2026

Website: https://sahafiun.com
Community Platform: https://ummahevents.org

Who we are

Sahafiun is a company duly registered with the Accounting and Corporate Regulatory Authority (ACRA) of Singapore (UEN: 53508388B). We operate two main digital properties:

  • sahafiun.com – our website and blog.
  • ummahevents.org (“Ummah Events” or “the Platform”) – a public events aggregator for Islamic events, primarily in Singapore.

All data processing described in this Privacy Policy is controlled by Sahafiun, the ACRA‑registered entity. This Amendment clarifies the distinct roles of each property and the analytics tools used on each.

Our ACRA‑registered company

As the legal entity registered in Singapore, Sahafiun is the data controller for all personal data collected via sahafiun.com and ummahevents.org. Sahafiun is responsible for:

  • Determining the purposes and means of processing personal data across both properties.
  • Ensuring compliance with Singapore’s Personal Data Protection Act 2012 (PDPA).
  • Maintaining a data protection framework that seeks to align with applicable international laws, including the General Data Protection Regulation (GDPR) (EU/UK) and the California Consumer Privacy Act (CCPA), where legally required.

Important: When you interact with either sahafiun.com or ummahevents.org, you are engaging with Sahafiun as the controlling entity. Any data‑subject requests or privacy enquiries should be directed to Sahafiun’s Data Protection Officer via the contact details at the end of this Amendment.

sahafiun.com – website and blog

sahafiun.com is our main website and blog. It is a general‑interest site that collects data in the ways described in our main Privacy Policy (comments, cookies, caching, etc.). In particular:

  • Comments on sahafiun.com are checked via Akismet anti‑spam.
  • Cookies are used for commenters, logins and temporary session management.
  • Caching is handled by both QUIC.cloud and Cloudflare.
  • Analytics on sahafiun.com are performed exclusively by Matomo (see the dedicated Matomo section below).

No analytics data from sahafiun.com is ever sent to the Ummah Events PostgreSQL database.

ummahevents.org – Islamic events aggregator

Ummah Events is a public information service that collects, organises and displays Islamic events in Singapore and beyond. User registration is optional for general browsing, but required for:

  • Organisers (to submit, edit or manage event listings)
  • Administrators (platform moderators)

Caching for ummahevents.org: The platform uses Cloudflare for content caching and performance optimisation.

Data Collected on Ummah Events

When you register on ummahevents.org, we collect:

  • Full name
  • Email address
  • Password (hashed and encrypted)
  • Optional: phone number, organisation name, profile picture
  • IP address and timestamp at registration
  • User role (Visitor / Organiser / Administrator)

This information is used solely for account management, event submission verification and communication related to your use of the Platform. You may request to view, export, update or delete your account data at any time via your account settings or by contacting us at [email protected].

Internal PostgreSQL Database for Analytics (Ummah Events only)

Ummah Events uses its own internal PostgreSQL database for analytics. Unlike sahafiun.com, Ummah Events does not use Matomo or any third‑party analytics script.

The PostgreSQL analytics system collects and processes the following information directly from our own database structures:

  • Event searches (what search terms users enter)
  • Clicks on event listings (which events are clicked, from which search results)
  • User account details (if registered: user ID, email, name, role)
  • Location preferences (city, region or country filters applied by the user)
  • Saved events (events that a logged‑in user has bookmarked)
  • Timestamps of searches and clicks

How this data is used:
We use the analytics data stored in PostgreSQL to:

  • Improve event recommendations and search relevance.
  • Understand usage patterns of the Islamic events aggregator.
  • Administer and secure the Platform (e.g., detect unusual query patterns).
  • Generate internal reports on platform engagement (all reports are aggregated and anonymised before publication).

Data ownership and security:
All analytics data stored in the PostgreSQL database remains on servers controlled by Sahafiun (hosted in Singapore). We never sell, rent or license this analytics data to any third party. Access to the raw database is restricted to authorised technical personnel only.

Data retention (PostgreSQL analytics):
Raw analytics logs (e.g., individual search queries tied to a user ID) are retained for a period of 12 months, after which they are automatically and permanently deleted from the database. Aggregated report data (e.g., “total searches for ‘Ramadan’ in 2025”) may be kept indefinitely but does not contain any personally identifiable information and cannot be used to re‑identify individuals.

Your rights regarding PostgreSQL analytics data:
If you are a registered user of Ummah Events, you may request access to, correction of, or deletion of your personal data stored in the PostgreSQL analytics system by emailing us at [email protected]. Note that if you request deletion of your account, all associated analytics data (including search history and saved events) will be deleted in accordance with the retention schedules described above.

Matomo Analytics Privacy Notice (sahafiun.com only)

We use Matomo (formerly Piwik) – an open‑source, privacy‑focused web analytics platform – to understand how visitors interact with sahafiun.com. Matomo is installed on our own servers (on‑premise), meaning we retain full ownership and control of all analytics data collected on the website. No analytics data from sahafiun.com is ever sent to or shared with third parties.

Note for Ummah Events users: This Matomo section applies only to sahafiun.com. Ummah Events does not use Matomo; its analytics are handled by the internal PostgreSQL database described above.

1. What data does Matomo track?

By default, the Matomo JavaScript tracker on sahafiun.com collects the following information:

  • User IP address (see §2 – IP anonymisation)
  • Date and time of the request
  • Title of the page being viewed (Page Title)
  • URL of the page being viewed (Page URL)
  • URL of the page that was viewed prior to the current page (Referrer URL)
  • Screen resolution being used
  • Time in local user’s timezone
  • Files that were clicked and downloaded (Downloads)
  • Links to an outside domain that were clicked (Outlinks)
  • Page generation time (Page speed)
  • Location of the user: country, region, city, approximate latitude and longitude (Geolocation)
  • Main Language of the browser being used (Accept‑Language header)
  • User Agent of the browser being used (User‑Agent header) – from which we detect the browser, operating system, device type (desktop, tablet, mobile, etc.), brand and model using Matomo’s Universal Device Detection library.

In addition, Matomo stores the following information in first‑party cookies:

  • Random unique Visitor ID
  • Time of the first visit for this user
  • Time of the previous visit for this user
  • Number of visits for this user

You can disable tracking cookies via your browser settings. See Matomo’s cookie disabling guide.

2. Data minimisation & privacy protections we have enabled

We have configured Matomo to respect your privacy:

  • IP anonymisation: The last two bytes of your IP address are masked (e.g., 192.168.xxx.xxx) so that the full IP can never be stored or identified. This turns the IP into a truly anonymous identifier.
  • Cookieless tracking: We have disabled persistent tracking cookies. This means that no unique visitor ID is stored in your browser across sessions.
  • No User IDs: We do not set or use custom User IDs.
  • Stripped URL parameters: Any URL parameters that could contain personal data (e.g., ?name=...) are automatically removed.
  • Live features disabled: Real‑Time reports, Visitor Log and Visitor Profile are disabled – only aggregated, anonymous reports are visible to us.

These measures ensure that Matomo processes only pseudonymised data, which is not considered personal data under most privacy regulations (including GDPR, CCPA and PDPA).

3. Optional data that may be collected

We may enable optional Matomo features in the future. If we do, the following additional data could be collected:

  • Custom dimensions and custom variables – these never store personal data (we will only use them for non‑personal, technical dimensions like “page type” or “device category”).
  • Site searches – we may track what users search for on sahafiun.com. However, we do not track searches that could contain personal data (e.g., we exclude names, postcodes, etc.).
  • Heatmaps & Session Recordings – if enabled in the future, these features never record:
    • Any <input>, <select> or password fields.
    • Any element marked with the data-matomo-mask attribute.
    • Keystrokes (keystroke recording is disabled by default).

4. Legal basis for processing (GDPR / ePrivacy / PDPA)

  • For EU visitors: We rely on your explicit consent (Article 6(1)(a) GDPR) for the use of analytics cookies and the collection of data via Matomo. You give this consent by accepting our cookie banner. You may withdraw your consent at any time (see §6 – Opt‑out).
  • For Singapore visitors (PDPA): Analytics processing is based on our legitimate interest to improve our website, as permitted under the PDPA (no consent required for anonymised analytics).
  • ePrivacy Directive (EU): Because Matomo uses cookies (even if only for a session), we obtain your consent before setting any analytics cookies.

5. Data retention (Matomo)

  • Raw analytics logs (containing individual hits) are stored for 3 months, after which they are automatically and permanently deleted.
  • Aggregated report data (e.g., total page views per day) may be kept indefinitely. This aggregated data does not contain any personally identifiable information and cannot be used to identify individual visitors.

This retention period balances the need for meaningful trend analysis with strong privacy protections. For more details, see Matomo’s log data retention recommendation.

6. Your opt‑out rights

You can opt out of Matomo tracking on sahafiun.com at any time. This will place an opt‑out cookie in your browser, telling Matomo not to collect any data from your future visits.

  • One‑click opt‑out: Use the toggle/checkbox below (you may need to refresh the page after clicking).
  • Browser “Do Not Track” (DNT): If your browser sends a DNT signal, Matomo will automatically respect it and not track you.
  • Disabling cookies entirely: If you delete all cookies, the opt‑out cookie will also be deleted – you will need to opt out again.

Important: Opting out does not prevent you from using the website or the community platform. It only stops Matomo from collecting analytics data about your visit.

7. Data security (Matomo)

All data transmitted between your browser and our Matomo server is encrypted using TLS (HTTPS). Access to raw analytics data is restricted to authorised personnel only. Our Matomo instance is hosted on our own secure servers (on‑premise) in a privacy‑compliant region (Singapore).

8. Changes to this Matomo privacy notice

We may update this notice from time to time. If we make material changes, we will notify you by updating the “Effective Date” at the top of this policy and, where appropriate, by posting a notice on our website.

Jurisdiction & Compliance

All digital properties described above – sahafiun.com and ummahevents.org – are operated by Sahafiun from Singapore.

Governing Law:
The primary governing law is the Personal Data Protection Act 2012 (PDPA) of Singapore. Under the PDPA, you have the right to access, correct, withdraw consent (where applicable) and request deletion of your personal data.

International Compliance:
Although Sahafiun is based in Singapore, we make a good‑faith effort to respect applicable international privacy laws where users reside, including:

  • GDPR (EU/UK): Providing data subject rights (access, rectification, erasure, restriction, portability, objection). For EU visitors, explicit consent is obtained for Matomo analytics cookies.
  • CCPA/CPRA (California): Honouring opt‑out requests for “sale” or “sharing” of personal information (to the extent that Matomo or internal database use qualifies under those laws). We do not sell your personal data.
  • Other local laws: Sahafiun will assess legal obligations on a case‑by‑case basis.

Note: Compliance with international laws does not alter the primary legal establishment of Sahafiun in Singapore. For legal disputes not resolved via privacy complaint procedures, Singapore law and the jurisdiction of Singapore courts shall apply.

Where is your data sent?

  • Servers located in Singapore (primary).
  • Backups may be stored in PDPA‑compliant jurisdictions (e.g., AWS Singapore).
  • Matomo data (sahafiun.com only): Stored on our own on‑premise servers in Singapore; never transferred to third parties.
  • PostgreSQL analytics data (Ummah Events only): Stored on our own servers in Singapore; never transferred to third parties.
  • Akismet spam checks (for comments on sahafiun.com) may involve data transfer to Automattic Inc., USA, governed by Automattic’s PDPA‑compliant policies.
  • QUIC.cloud caching (sahafiun.com only): Temporary data may be transferred to QUIC.cloud’s edge servers, governed by QUIC.cloud’s privacy policy.
  • Cloudflare caching (both sahafiun.com and ummahevents.org): Edge caching services are provided by Cloudflare, Inc. Data may pass through Cloudflare’s global network (primarily Singapore edge locations). Cloudflare’s privacy policy applies to their processing.

Who do we share your data with?

  • QUIC.cloud (caching provider, only for sahafiun.com)
  • Cloudflare (caching and performance, used for both sahafiun.com and ummahevents.org)
  • Akismet (spam detection, only for comments on sahafiun.com)
  • Password reset emails – these include your IP address
  • No third‑party marketing or advertising partners
  • Matomo (analytics, only for sahafiun.com – on‑premise, no third‑party sharing)
  • Internal PostgreSQL database (analytics, only for ummahevents.org – no third‑party sharing)

We do not sell your personal data.

How long we retain your data

  • Comments (sahafiun.com): If you leave a comment, the comment and its metadata are retained indefinitely.
  • Registered users (ummahevents.org): For users that register on the Platform, we store the personal information they provide in their user profile. All users can see, edit or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
  • Matomo analytics data (sahafiun.com only): Raw analytics data (logs) are retained for 3 months, after which they are automatically deleted. Aggregated report data may be kept longer for trend analysis but does not contain personally identifiable information.
  • PostgreSQL analytics data (ummahevents.org only): Raw analytics logs (e.g., individual search queries tied to a user ID) are retained for 12 months, after which they are automatically and permanently deleted. Aggregated report data may be kept indefinitely.

What rights do you have over your data?

Under the Personal Data Protection Act 2012 (PDPA) of Singapore, you have the right to:

  • Access your personal data.
  • Correct inaccurate data.
  • Request deletion (subject to legal retention obligations).
  • Withdraw consent (where processing is consent‑based).
  • Data portability (receive your data in structured format).

If you are an EU resident, you also have the rights under GDPR (restriction, objection, etc.). If you are a California resident, you have the right to opt out of “sale” or “sharing” of your personal information (we do not sell your data).

Submit requests to: [email protected] – we will respond within 30 days.

Contact Us

If you have any questions about this privacy policy, your data, or wish to exercise your rights, please contact us at:

  • Email: [email protected]
  • Mail: SAHAFIUN, 60 Paya Lebar Road #11-22 Paya Lebar Square, Singapore 409051

This policy complies with the Personal Data Protection Act 2012 (Singapore) and is reviewed annually.

This Amendment is part of the official Privacy Policy of Sahafiun. In case of any inconsistency between this Amendment and the base Privacy Policy, this Amendment shall control for the matters explicitly covered herein.