Privacy Policy

Effective date: Upon public launch

This policy explains what personal data Al-Umrah (“we”, “our”, “us”) collects when you use the Al-Umrah service, why we collect it, with whom we share it, and the rights you have over your information. We operate the service on behalf of Dot & Drape LLC.

What we collect and why

We collect only the information necessary to provide the service. Below is a plain-language description of each category.

Account information (authenticated users only)

When you create an account, authentication is handled by Clerk. Clerk provides us with your email address and a stable user identifier. We store that identifier in our database so we can associate your conversation history with your account. We do not store your password — Clerk manages credentials on our behalf.

Chat messages and answers

Questions you submit and the answers generated in response are stored in our database. This is necessary to provide conversation memory within a session and to display your history across sessions. Storing your questions also allows us to improve the quality of the corpus and answer generation over time.

Usage counts

We record the number of messages you have sent within the current billing window (30 days for the free plan; 24 hours for premium). This is required to enforce plan limits and to display your remaining quota.

Browser fingerprint (guest users only)

If you use the service without creating an account, we derive a fingerprint from your browser's characteristics and store a hashed identifier. We use this solely to enforce the guest message limit (3 messages lifetime). We do not use fingerprinting for tracking or advertising purposes.

IP address (rate limiting)

Your IP address is used to enforce rate limits and protect the service from abuse. We do not log IP addresses to a persistent store beyond what standard server infrastructure retains in access logs. Standard server log retention is 30 days.

Third-party processors

We share limited personal data with the following categories of third-party service providers (“processors”) who act on our instructions. We are responsible for ensuring each processor provides adequate data protection guarantees.

  • Authentication — Clerk, Inc.

    Manages sign-up, sign-in, and session tokens. Receives your email address and any social-login profile data you choose to share. Clerk's privacy policy is available at clerk.com.

  • Large-language-model inference — Microsoft Corporation (Azure OpenAI Service) and OpenRouter, Inc.

    Your question text (and relevant conversation history) is sent to a third-party LLM inference provider to generate an answer. The providers we currently use include services routed via OpenRouter and Microsoft Azure OpenAI. Your questions may be processed on their servers. We do not knowingly send identifiable personal information (such as your name or email) in LLM prompts — only the text of your question and necessary conversation context.

  • Cloud hosting — Amazon Web Services, Inc. (AWS)

    Our database, application server, and file storage run on AWS infrastructure. AWS processes data on our behalf under a data processing agreement. Data is stored in the us-east-1 region.

  • Payment processing — Clerk Billing

    Premium plan subscriptions are managed through Clerk Billing. Payment card data is handled by Clerk's payment provider; we do not store card numbers on our servers.

We do not sell your personal data. We do not share your data with advertisers or data brokers.

Data retention

We retain your account data and conversation history for as long as your account is active. You may request deletion at any time, after which it is permanently removed (see “Your rights” below).

Guest usage records (hashed fingerprint + message count) are deleted after 90 days.

Server access logs (including IP addresses) are retained for 30 days and then automatically purged.

Your rights

Depending on your jurisdiction you may have rights to access, correct, export, or delete the personal data we hold about you. To exercise any of these rights, or to ask a question about your data, please contact us at contact@ai-umrah.com.

We will respond to verifiable requests within 45 days.

Cookies and local storage

We use browser cookies and local storage solely for session management (keeping you signed in via Clerk) and to persist UI preferences (such as theme). We do not use third-party tracking cookies or advertising cookies.

Children

The service is not directed at children under the age of 16 and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to this policy

We may update this policy from time to time. If we make material changes we will notify you by email (to the address associated with your account) or by displaying a notice on the service before the change takes effect. Continued use of the service after the effective date of a revised policy constitutes your acceptance.

Contact

Questions or concerns about this policy can be directed to:

Dot & Drape LLC
contact@ai-umrah.com