Security measures
All traffic is served over HTTPS/TLS, and data is encrypted at rest with AES-256. Especially sensitive fields (like identity and payment details) are individually encrypted, and uploaded documents are stored with server-side encryption.
Authentication uses the OAuth 2.0 / OpenID Connect standard (Keycloak), with automatic brute-force lockout, and Face ID / fingerprint unlock on mobile. Each portal only admits the roles allowed to use it.
Every organization only ever sees its own applicants, contributions, and disbursements. Access is enforced on every request, so data never crosses between organizations.
Applicants and organizations can complete government-ID + selfie identity verification, so Zakat reaches real, eligible recipients and organizations are who they say they are.
Device and location fraud checks protect sensitive actions such as event check-ins and disbursements, guarding against spoofed locations and tampered devices.
Every pledge, review, decision, and payment is recorded against the application — a complete, tamper-evident trail from request to relief.
Privacy first — always
We collect only what's needed to distribute Zakat responsibly, and we never sell your data. You can delete your account and personal data at any time, directly in the app.
Our practices are documented in plain language, including a Data Processing Addendum for organizations that handle personal data through Zakatable. Read the Privacy Policy and Terms & legal.
- No data sold, everYour information is used only to operate the service.
- Delete anytimeSelf-service account & data deletion built into the app.
- Least-privilege accessStaff and organizations see only what their role requires.
- Encrypted secretsCredentials and keys are held in a secured secret store, never in code.
Continuously reviewed & hardened
Security isn't a one-time checkbox. Zakatable is regularly reviewed for vulnerabilities and hardened as the platform grows. If you're a security researcher and believe you've found an issue, please email [email protected] — we appreciate responsible disclosure.
Security questions or disclosures
Have a question about how we protect your data, or something to report? We're glad to hear from you.