Privacy Policy

Last updated: May 2026 · GDPR compliant

1. Who We Are

Halalem is a community-run, non-profit, open-source platform for halal entertainment discovery. We are the data controller for personal data processed through this website.

Contact Information:

• General inquiries: privacy@Halalem.com

• Security issues: security@Halalem.com

• Open source: GitHub Repository

2. Data We Collect

  • Account data: Your name, email address, and username when you register.
  • Activity data: Ratings, reviews, halal votes, content submissions, and aura points you earn.
  • Technical data: IP address, browser type, device information, and timestamps — collected automatically for security, fraud prevention, and threat detection.
  • Security logs: Authentication events, suspicious activity patterns, and security incidents — retained for 90 days for threat analysis and system protection.
  • Cookies: Essential session cookies to keep you logged in and CSRF tokens for security. No advertising or tracking cookies.
  • Content metadata: Information about content you submit including submission timestamps and moderation status.

Privacy by Design: We collect only the minimum data necessary to provide our services and ensure security. All data collection serves a specific, legitimate purpose.

3. How We Use Your Data

  • To provide and maintain your account and user experience
  • To display your reviews, ratings, and content submissions publicly (your username is shown)
  • To calculate and display your aura points and community standing
  • To detect, prevent, and investigate abuse, fraud, and security threats
  • To monitor system integrity and prevent unauthorized access
  • To send you important service notifications and security alerts (not marketing)
  • To comply with legal obligations and respond to legitimate law enforcement requests

✅ Our Privacy Commitment: We never sell your data. We never use your data for advertising. We never track you for commercial purposes. We are ad-free and community-driven by principle.

4. Your GDPR Rights

If you are in the European Economic Area (EEA) or United Kingdom, you have the following rights:

  • Right of access — request a copy of your personal data
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion of your account and data ("right to be forgotten")
  • Right to restriction — ask us to limit how we process your data
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interests

To exercise any of these rights, email privacy@Halalem.com. We will respond within 30 days.

5. Data Retention

We keep your account data as long as your account is active. If you delete your account, we remove your personal data within 30 days. Some anonymised activity data (aggregated ratings) may be retained indefinitely as it no longer identifies you.

6. Security & Data Protection

We prioritize your security and implement enterprise-grade protection measures compliant with OWASP Top 10 security standards:

🔒 Core Security Features:

  • Password hashing with bcrypt (industry standard)
  • HTTPS encryption for all data transmission
  • CSRF protection on all forms and sensitive operations
  • Rate limiting to prevent brute force attacks
  • Input validation and sanitization against injection attacks
  • Session security and fixation prevention

🛡️ Advanced Security Monitoring:

  • Real-time Attack Detection: Automatic detection of SQL injection, XSS, and other malicious attempts
  • Security Event Logging: Comprehensive logging of authentication, authorization, and suspicious activities
  • Integrity Monitoring: Regular verification of application and dependency integrity
  • Vulnerability Scanning: Automated detection of known security vulnerabilities
  • Brute Force Protection: Automatic blocking of repeated failed login attempts

📊 Security Logging & Monitoring:

For security purposes, we automatically log:

  • Authentication events (successful/failed logins)
  • High-value transactions (content moderation, account changes)
  • Suspicious activity patterns and attack attempts
  • System errors and security exceptions

Data retention: Security logs are retained for 90 days for threat analysis and then automatically deleted. IP addresses in logs are anonymized after 30 days.

However, no system is 100% secure. Please use a strong, unique password for your account and report any suspicious activity to security@Halalem.com.

7. Cookies

We use only essential cookies: a session cookie to keep you logged in and a CSRF token cookie for security. These are strictly necessary and cannot be disabled without breaking login functionality. We do not use Google Analytics, Facebook Pixel, or any third-party tracking.

8. Third Parties

We do not share your personal data with third parties except where legally required (e.g. court order). Donation processing through Buy Me a Coffee or PayPal is handled by those third parties under their own privacy policies — we do not receive or store your payment details.

9. Transparency & Open Source

Full Transparency: Halalem is completely open source. You can inspect our code, security implementations, and privacy practices on GitHub.

  • All security measures are publicly auditable
  • No hidden tracking or data collection
  • Community contributions and oversight welcomed
  • Security vulnerabilities can be reported via GitHub or email

Repository: github.com/putbullet/halalem

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Significant changes will be announced on the platform. The "Last updated" date at the top shows when this policy was last modified.