Yahalaly
Privacy Policy

Privacy Policy

Last updated: July 16, 2026

This policy explains what Yahalaly processes when adults use the matchmaking platform, why it is processed, who may receive it, and the choices available to members. Matching profiles can contain highly personal information, so optional fields should be completed only when you are comfortable using them for discovery and compatibility.

1) Controller and scope

This policy covers Yahalaly account registration, profiles, values answers, preferences, recommendations, photos, matches, messaging, guardian features, support, moderation, security, and service communications.

The data controller is YaHalaly · Legal operator: Firas Mbarek · Broel strasse 20, 50169 Kerpen, Germany · Email: support@yahalaly.com. Privacy contact: privacy@yahalaly.com.

2) Data we process

  • Account data: email address, password hash, self-declared date of birth, gender, matching direction, account status, role, and security settings.
  • Profile and preference data: display name, location, languages, biography, relationship intention, marriage timeline, children, relocation, work style, family involvement, education, occupation, lifestyle, and the optional physical or family fields you choose to provide.
  • Religion-related and potentially sensitive data: practice level, prayer frequency, religion, religious values, Qur'an reading, service attendance, conversion, hijab or niqab choices, ethnicity, and values answers. These fields can reveal religious beliefs or ethnicity and may receive special protection under applicable law.
  • Photos and photo controls: uploaded originals, delivery derivatives, moderation state, chosen visibility, reveal requests, and reveal decisions.
  • Interaction data: recommendations, scores, shared priorities, possible friction, views, likes, saves, passes, matches, blocks, and conversations.
  • Guardian data: invitation email, mode, acceptance state, connection, consent settings, and guardian-group participation.
  • Trust and safety data: profile or photo review, self-attestation statements, reports, report evidence, moderation notes and actions, fraud or abuse signals, and audit records.
  • Technical and communication data: IP address, user agent, session records, timestamps, security logs, transactional email state, delivery failures, support messages, and limited first-party product events.
  • Optional public-site analytics: after an explicit allow choice, daily aggregate counts for a fixed public-page key, a broad source category, and page-view or registration-button-click action. This aggregate does not contain an event or visitor identifier, exact event time, IP address, user agent, raw referrer, query string, device, country, or session.

3) Where data comes from

  • From you when you register, complete a profile, answer questions, upload a photo, interact, contact support, or submit a report.
  • From other members when they interact with or report your account.
  • Automatically from your browser, device, and service activity for authentication, security, reliability, and first-party product operation.
  • For optional public-site analytics, the browser classifies a referrer locally into direct, Google, Bing, other search, social, other external, or internal. Only that category is sent; the raw referrer is not sent to the analytics endpoint.
  • From infrastructure and email providers when they return delivery, bounce, complaint, or security information.

4) Why data is used

  • Create and secure accounts, confirm email control, maintain sessions, and provide requested settings.
  • Display eligible profiles and apply mutual direction, age, location, preference, block, and dealbreaker filters.
  • Calculate and explain compatibility recommendations from values, intention, lifestyle, and profile-completion inputs.
  • Deliver photos according to selected visibility, mutual-match state, and accepted hidden-photo reveal choices.
  • Create matches, messages, notifications, and optional guardian connections or group conversations.
  • Review profiles and photos, receive and investigate reports, enforce rules, prevent abuse, and preserve service integrity.
  • Respond to support and rights requests, deliver essential service emails, debug failures, and meet legal obligations.
  • Measure first-party feature operation and improve reliability without third-party advertising trackers at launch.
  • When you allow it, count public-page views and registration-button clicks in aggregate to understand which content is useful. Do Not Track, Global Privacy Control, and automated-browser signals disable this collection even when the saved choice says allow.

5) Legal bases and sensitive fields

Depending on the processing and your location, Yahalaly relies on performance of the service contract, legitimate interests in account security, safety, fraud prevention and reliable operation, compliance with law, and consent where required.

Optional profile fields can reveal religious belief or ethnicity. Registration records a separate explicit choice for sensitive-data processing before those matchmaking features are used. You then decide which optional fields to provide. Withdrawing consent stops future consent-based use, but does not make earlier lawful processing unlawful; withdrawal may require erasing the account where sensitive matching cannot otherwise continue.

Reports and safety records may contain sensitive information. They are processed where necessary to protect members, establish or defend legal claims, comply with law, or on another basis available under applicable data-protection law.

Optional public-site analytics runs on consent. Declining or withdrawing the choice does not affect account access. Withdrawal stops future collection; existing daily totals cannot be connected back to a person because the aggregate contains no visitor identifier.

6) Matching and profiling

Yahalaly uses structured profile fields, preferences, and values answers to filter and score possible introductions. Values alignment contributes up to 60 points, matching marriage intentions up to 25, and lifestyle or profile context up to 15. The viewer's own importance weights influence the values score, so two people can see different directional context.

Compatibility scoring does not use private message content to predict a relationship and does not make a legal or similarly significant decision. Members choose whether to like, pass, match, reveal a photo, message, involve a guardian, block, or report. A score is not a safety check or marriage prediction.

You can change preferences and values answers, inspect the factors shown with a recommendation, or decline any introduction. More detail is available on the public Matching Methodology page.

7) Who receives data

Yahalaly does not sell personal data and does not use third-party advertising or marketing trackers at launch.

  • Other eligible members receive the profile fields and photo version allowed by your settings and the interaction context.
  • A guardian receives only the access provided by the accepted connection and enabled conversation context; inviting a guardian discloses the invitation email and chosen role.
  • Authorized moderators and support personnel access information when needed for review, assistance, security, or rights requests.
  • Amazon Web Services supports cloud hosting and transactional email delivery in the current deployment. Provider access is limited to operating those services and subject to contractual and legal safeguards.
  • Professional advisers, authorities, courts, or emergency recipients may receive limited data when legally required or necessary to respond to serious harm or establish legal claims.
  • A buyer or successor may receive data in a genuine corporate transaction subject to confidentiality and applicable notice requirements.

8) International transfers

Infrastructure or support processing may involve a country outside your own. Where a restricted international transfer occurs, Yahalaly must use an available legal mechanism such as an adequacy decision, approved contractual clauses, and supplementary safeguards where required. You may ask privacy@yahalaly.com for information about the mechanism relevant to your data.

9) Retention and account closure

Account and profile data, values, preferences, photos, matches, and messages are kept while the account is active because they provide the service. Session and one-time-token records are retained until expiry, revocation, use, and operational cleanup. Reports, moderation actions, email-suppression records, and audit data may be retained longer when reasonably necessary for safety, repeat-abuse prevention, legal compliance, or legal claims.

The in-product erasure control verifies the member's password and, when enabled, two-factor code; removes profile, preferences, values answers, photos and stored photo objects, interactions, messages, sessions, notifications, guardian links, and related account records; and replaces direct account identifiers with a restricted deletion tombstone. Billing events are unlinked from the member account.

When content was already attached to a safety report, a limited evidence snapshot may be preserved for safety review, repeat-abuse prevention, legal obligations, or legal claims. Audit records and the anonymized deletion tombstone may also remain for traceability. These exceptions do not permit continued matchmaking use of erased profile data.

Exact deletion schedules differ by record type and cannot be shortened where preservation is legally required. Yahalaly will publish a more specific operational retention schedule when automated erasure jobs are implemented and verified.

Optional public-site analytics is stored only as daily aggregate counters and is retained for up to 400 days. The consent-choice cookie lasts up to one year unless you replace or delete it sooner.

10) Your rights and controls

Send requests from the registered email to privacy@yahalaly.com. Yahalaly may request proportionate information to confirm the requester is the account holder and will respond within the period required by applicable law. Optional analytics can also be withdrawn immediately through Analytics choices; aggregate counters cannot be retrieved for or linked to an individual.

  • Access: request confirmation and a copy of personal data; an in-product export is also available for core account information.
  • Correction: update editable fields or ask support to correct inaccurate information.
  • Erasure: use the authenticated account-erasure control or request assistance, subject to limited lawful retention exceptions.
  • Restriction or objection: ask to limit processing or object to processing based on legitimate interests where applicable.
  • Portability: request eligible data you provided in a structured format where the law grants this right.
  • Consent: withdraw consent for future consent-based processing without affecting earlier lawful processing.
  • Complaint: contact the competent data-protection supervisory authority in your country or place of work, or where you believe an infringement occurred.

11) Security

Yahalaly uses password hashing, HTTP-only session cookies, CSRF controls, role-based access checks, photo authorization, audit records, and operational monitoring. Access is limited by role and purpose. No online service can promise absolute security, so use a unique password, enable two-factor authentication when available, and report suspicious access promptly.

12) Adults only

Yahalaly is for adults 18+ and does not knowingly offer matchmaking to children. The date of birth entered at registration is self-declared. If you believe a minor has created an account, contact safety@yahalaly.com so the account and related data can be reviewed promptly.

13) Changes and contact

Material changes will receive a new effective date and, where appropriate, an in-product or email notice. Changes do not retroactively create consent where consent is legally required.

For privacy questions, rights requests, or the relevant transfer safeguard, contact privacy@yahalaly.com. For urgent platform misconduct, use the in-app report first and contact safety@yahalaly.com. Yahalaly is not an emergency service.