Legal

Privacy Policy

Last updated: April 2026 • Effective: April 2026

NikahRegister.co.za complies with the Protection of Personal Information Act (POPIA), Act 4 of 2013 of South Africa. This policy explains what data we collect, why, and how we protect it.

1. Who We Are

NikahRegister.co.za is operated by SAMNET (South African Muslim Network) and/or the National Nikah Register NPO (when established), a community organisation based in South Africa. SAMNET and/or the National Nikah Register NPO (when established) acts as the responsible party as defined in POPIA in respect of all personal information processed through this service. Contact: info@nikahregister.co.za / 084 333 3979.

2. What Personal Information We Collect

We apply data minimisation principles and collect only the information strictly necessary to register and verify a Nikah. The following categories of personal information are collected:

  • Full names of bride, groom, parents, witnesses, Wali/Wakeel, and Imam
  • SA ID numbers or passport numbers of all parties (stored encrypted at rest — AES-256)
  • Dates of birth derived from SA ID numbers where supplied
  • Contact details — phone numbers and email addresses of parties to the marriage (stored encrypted at rest)
  • Phone numbers and ID numbers of mosque administrators and system users (stored encrypted at rest — AES-256)
  • ID numbers, phone numbers, and contact details of Imams (stored encrypted at rest — AES-256)
  • ID numbers and phone numbers of witnesses and Wali/Wakeel representatives (stored encrypted at rest — AES-256)
  • Date, time, and location (city/venue) of the Nikah ceremony
  • Mahr (dowry) amount and description (amount stored encrypted at rest — AES-256; admin access only)
  • Uploaded supporting documents (Nikah certificate image, civil marriage certificate, antenuptial contract, where provided)
  • Login credentials for system users — passwords stored as bcrypt hash; never stored in plain text
  • Verification request logs — IP address, timestamp, and reference number queried (for security auditing only)

3. Why We Collect This Information

The lawful bases under POPIA s.11 are: legitimate interest (maintaining community Islamic marriage records for the Muslim community of South Africa) and consent (the registering party expressly confirms accuracy and consent at submission). Information is collected for the following specific, defined purposes only:

  • Recording Nikah (Islamic marriage) ceremonies in the SAMNET community register
  • Generating verifiable reference numbers for Nikah certificates
  • Enabling authorised verification of the existence of a registered marriage
  • Generating anonymised statistical and demographic reports on Muslim marriages in South Africa
  • Communicating with registered mosque administrators and Imams about their accounts and records

Personal information will not be used for any purpose not listed above without obtaining fresh consent.

4. Who Can Access Your Data

  • SAMNET administrators — full access for oversight, data correction, and audit
  • Mosque administrators — access restricted to records entered by their own mosque only
  • Officiating Imams — restricted read access to marriages they officiated
  • Verified requesters — existence-only confirmation (yes/no) via the verification module; no personal details disclosed
  • Third parties — we do not sell, rent, share, or otherwise transfer personal data to any third party under any circumstances. We will not do so without the explicit, informed consent of the data subject, except where compelled to by law or a court order

5. Data Security

We implement appropriate technical and organisational security measures to protect personal information against loss, damage, or unauthorised access, as required by POPIA s.19. Our measures include:

  • Encryption in transit: All connections use HTTPS/TLS
  • Encryption at rest: SA ID numbers, passport numbers, contact details, and Mahr amounts are stored using AES-256-CBC encryption with a key held separately from the database
  • Password security: User passwords are stored as bcrypt hashes (cost factor 12) — never in plain text or reversible form
  • Access controls: Strict role-based permissions; each user class sees only the data they are authorised to access
  • Audit logging: All access, creation, modification, and deletion events are logged with timestamp, user ID, and action detail
  • Security reviews: Periodic internal security assessments of application code and hosting environment

In the event of a personal information breach that poses a risk to affected data subjects, SAMNET and/or the National Nikah Register NPO (when established) will notify both the Information Regulator and the affected data subjects as required under POPIA s.22, without undue delay.

6. Data Retention

SAMNET retains personal information only for as long as is necessary for the purpose for which it was collected, consistent with the requirements of POPIA s.14. The following retention schedule applies:

Category of Record Retention Period After Retention Period
Active Nikah marriage records Duration of the marriage + 15 years after termination (divorce or death) Archived for historical and research records; personal identifiers anonymised on request
Terminated marriage records 10 years from date of termination Anonymised (statistical record retained) or deleted on request
Audit logs 7 years Securely deleted
Draft / incomplete capture records not activated within 90 days 90 days from creation Automatically deleted
Verification request logs 3 years Securely deleted
Data subject rights requests and correspondence 5 years Securely deleted
User account credentials and access logs Duration of account + 2 years after deactivation Securely deleted

Where a data subject requests deletion or anonymisation of their personal information before the end of the applicable retention period, SAMNET and/or the National Nikah Register NPO (when established) will conduct a legitimate interest assessment (LIA). Where no compelling, documented legitimate interest can be demonstrated that overrides the data subject's rights, the data will be deleted or anonymised within 30 days of the request. Where a legitimate interest is maintained, the data subject will be informed in writing of the basis and their right to object to the Information Regulator. Active Nikah records held beyond the standard retention period for historical archive purposes will be retained only in anonymised form unless the data subject has provided separate explicit written consent for the retention of identifiable information.

7. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights in respect of your personal information held by SAMNET:

  • Right of Access (s.23): Request a copy of the personal information we hold about you
  • Right to Correction (s.24): Request correction of inaccurate, incomplete, or outdated information
  • Right to Deletion: Request deletion of your personal information, subject to retention obligations and a legitimate interest assessment
  • Right to Anonymisation / Archiving: Where full deletion is not possible, request that your personal information be anonymised (statistical data retained, identifying information removed) or archived (removed from active systems, accessible only to SAMNET administrators for legal compliance)
  • Right to Object (s.11(3)): Object to the processing of your information where SAMNET relies on legitimate interest as the lawful basis
  • Right not to be subject to automated decision-making: SAMNET does not make automated decisions that significantly affect you
  • Right to Complain (s.74): Lodge a complaint with the Information Regulator of South Africa

To exercise any of these rights, submit a written request to our Information Officer at info@nikahregister.co.za or call 084 333 3979. We will acknowledge your request within 5 business days and respond substantively within 30 days.

For access to records under the Promotion of Access to Information Act (PAIA), please refer to our PAIA Manual.

8. Cookies, Analytics and Tracking

8.1 Cookies We Set

NikahRegister.co.za sets only the following cookies. No advertising, marketing, or third-party tracking cookies are ever placed on your device.

Cookie Type Purpose Expires
PHPSESSID Essential Maintains your authenticated login session and holds the CSRF security token that protects form submissions. End of browser session
nr_excl Functional — staff only Set only when a registered system user explicitly requests browser exclusion via the Analytics Exclusions tool. Prevents that browser's visits from being counted in internal traffic analytics. Never set automatically; never set for public visitors. 1 year (or until manually cleared)

Because all cookies placed by NikahRegister.co.za are either strictly essential or set only on the explicit request of authorised staff members, no cookie consent banner or opt-out mechanism is required under South African law (POPIA). Public visitors are never subjected to non-essential cookies of any kind.

8.2 Server-Side Analytics

NikahRegister.co.za operates its own privacy-preserving, server-side traffic analytics. This system records page views and estimates geographic origin (country, province, city) of visits for the purpose of understanding site usage and improving the service. It operates as follows:

  • No tracking cookies are placed on public visitors. Analytics are collected server-side from the HTTP request, not via browser-side scripts or cookies.
  • IP addresses are never stored. Your IP address is used transiently to estimate geographic origin via a third-party geo-IP API (ip-api.com), then immediately discarded. Only a one-way SHA-256 cryptographic hash (salted, non-reversible) is retained to estimate unique visitor counts. It is not possible to recover an IP address from this hash.
  • Geographic data (country, province/region, city) is retrieved from ip-api.com using your IP address and cached for 24 hours. This is the only data point shared with a third party, and it is a one-way lookup — no personal data about you is transmitted to ip-api.com beyond the IP address present in any ordinary HTTP request.
  • No cross-site tracking, no fingerprinting, no profiling. Analytics data is used solely for aggregate traffic reporting by SAMNET administrators. Individual visitor profiles are never created.
  • Analytics data is retained for a maximum of 2 years in aggregate, then deleted.

8.3 Note for Visitors from the European Union

NikahRegister.co.za is currently operated as a South African community service governed by POPIA. It is not at this time directed at, marketed to, or designed for use by residents of the European Union or European Economic Area.

Should the service be extended to EU residents in the future, the following additional obligations under EU law would apply and would be implemented before such expansion:

  • GDPR (General Data Protection Regulation, EU 2016/679): Full compliance including appointment of an EU representative, updated lawful basis assessments, data subject rights enhancements (Art.17 right to erasure, Art.20 data portability), Data Protection Impact Assessments (DPIA) for high-risk processing, and 72-hour breach notification to the relevant EU supervisory authority under Art.33.
  • PECR (Privacy and Electronic Communications Regulations): Applicable to UK-based users post-Brexit. Requires explicit, informed consent before placing any non-essential cookies or using browser storage for tracking purposes. Even essential-cookie-only sites should provide a clear cookie disclosure statement accessible to UK/EU users.
  • ePrivacy Directive (Directive 2002/58/EC, as amended): Governs electronic communications privacy across the EU; would require a compliant cookie consent mechanism even for the server-side analytics described above if EU residents are targeted, as the geo-IP lookup via ip-api.com may constitute personal data processing under GDPR given the broader definition of personal data applied in EU law.

Until such time as EU expansion is formally planned, EU and UK residents who access this site do so on the understanding that it is governed by South African law and the protections described in this policy.

9. Contact the Information Regulator

If you believe we have not handled your personal information correctly, or if your request to exercise your rights has not been adequately addressed, you may lodge a complaint with the Information Regulator of South Africa:

You may also refer to our PAIA Manual for the formal procedure to request access to information held by SAMNET.