← Back to Home

GDPR Compliance Notice

Effective Date: March 3, 2026  |  Last Updated: March 26, 2026

Products: OurBarakah (ourbarakah.com) & Zaqat (zaqat.org)

Operated by Summer Slice LLC

1. Purpose

This notice summarizes how OurBarakah and Zaqat align operationally with GDPR and UK GDPR requirements for users in applicable jurisdictions.

2. Roles and Scope

  • Summer Slice LLC acts as a data controller for account, usage, and service data processed through the Service.
  • Relevant subprocessors and infrastructure providers are used under contractual confidentiality and security obligations.
  • Financial integration providers (such as Plaid) may act as independent controllers and/or processors according to their own terms.

3. Data Categories Covered

  • Account/profile data (name, email, auth identifiers)
  • Financial metadata and calculation records
  • Security, audit, and operational logs
  • Support and communications records

4. Lawful Bases

We rely on one or more lawful bases:

  • Contractual necessity
  • Legitimate interests (security, fraud prevention, service reliability)
  • Consent (where required)
  • Legal obligation

5. Data Subject Rights Handling

We support rights requests for:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Objection
  • Portability
  • Consent withdrawal (where applicable)

Requests are identity-verified before fulfillment. Complex requests may require additional processing time where permitted by law.

6. International Transfers

When personal data is transferred internationally, we apply contractual and organizational safeguards, including Standard Contractual Clauses (or equivalent mechanisms) where required.

7. Security Controls (High-Level)

  • Encryption in transit
  • Encryption at rest through platform controls
  • Row-level access controls for user-scoped financial data
  • Restricted service-role access for sensitive server-side operations
  • Audit logging for sensitive actions

8. Retention and Deletion

Retention and disposal are governed by our Data Retention and Disposal Policy. Data is retained only as long as necessary for legal, security, and operational purposes.

9. Contact and Requests

For GDPR/UK GDPR requests and privacy inquiries:

Contact: Send us a message