1. Introduction

Welcome to ICF Connect ("the App"), the official membership application of ICF International ("ICF", "we", "us", or "our"). ICF Connect is a private, members-only platform that provides access to organisational resources, spiritual content, community tools, and membership services for ICF members worldwide.

This Privacy Policy explains what personal information we collect, why we collect it, how it is used and protected, and the rights you have over your data. It applies to the ICF Connect mobile application (iOS and Android) and the associated web portal at https://connect.icfonline.org.

By downloading or using ICF Connect, you confirm that you have read and understood this policy. If you do not agree, please do not use the App.


2. Information We Collect

2.1 Information You Provide Directly

When you register or use features of the App, you may provide:

Category Data Collected When Collected
Account & Identity Full name, membership number, mobile number, date of birth, email address, password (hashed) Registration & login
Profile Profile photo, profession, address, city, country Profile setup & editing
Jobs & Career CV / résumé file, education history, work experience, skills, languages spoken, headline, availability status, cover letter, interested industries When you use the Jobs feature (optional)
ICF Care Membership Registration details submitted for ICF Care enrolment; payment status (order reference only — no card data is stored by the App) When you register for ICF Care (optional)
Supporter / Ayyuhannas Third-party contact details you voluntarily enter: name, mobile number, email, address, profession, religion, meeting notes When you use the Ayyuhannas feature (optional)
Janaza (Funeral) Requests Deceased person's name, mobile number, country, place, date of death, relationship, gender, remarks When you submit a Janaza request (optional)
Events Event registration records When you register for an event (optional)
Habits & Spiritual Tracker Habit completion records, Quran recitation progress, Adkar completion, good deeds log When you use tracker features (optional)
Content Interactions Favourited Roula notes, Adkar, Hadith, Quran notes, Salah content; view counts; download counts When you interact with content

2.2 Information Stored Locally on Your Device Only

The following data is stored exclusively on your device and is never transmitted to our servers:

  • Authentication token & User ID — stored in encrypted device storage (SharedPreferences) to keep you logged in.
  • Onboarding status — a single flag to skip the intro screen on subsequent launches.
  • Quran reading bookmark — your personal reading position, stored locally using Hive (offline database).
  • Cached audio files — Islamic content (Adkar, Hadith, Roula notes) downloaded for offline playback, stored in the app's sandboxed documents directory.

2.3 Technical & Usage Data

When you use the App, we automatically collect limited technical information to ensure reliability and security:

  • Device type and OS version — used only to ensure compatibility (via device_info_plus; data is not sent to any analytics service).
  • Session token — included in API request headers to authenticate your requests to our server.
  • API request logs — server-side logs of API calls for security monitoring and debugging. Logs are retained for a maximum of 90 days.

We do not use any third-party analytics SDK (e.g., Firebase Analytics, Mixpanel, Amplitude, Segment). All usage data stays within our own servers.


3. Device Permissions

ICF Connect requests only the permissions it actually needs. Below is a complete and accurate list of permissions requested on each platform.

3.1 iOS Permissions

Permission Why It Is Needed When Requested
Photo Library
(NSPhotoLibraryUsageDescription)
To let you select and upload a CV or document file when applying for a job listing Only when you tap the file upload button in the Jobs feature
Microphone
(NSMicrophoneUsageDescription)
The audio playback library used by the App (for playing Adkar, Hadith, and Roula note audio) includes audio session code that requires this declaration on iOS. The App does not record audio at any point. Required by Apple for any app whose binary references audio APIs — the App itself never prompts the user to use the microphone

ℹ️ The App does not request camera access (camera is not used). The App does not request location access.

3.2 Android Permissions

Permission Why It Is Needed Android Version
READ_MEDIA_IMAGES To let you select a file from your gallery for CV / job application upload Android 13+ (API 33+)
READ_EXTERNAL_STORAGE To let you select a file for CV / job application upload Android 12 and below
INTERNET Core App functionality — all API communication, audio/video streaming All versions (granted automatically, no prompt)

You may revoke permissions at any time in your device's Settings → Apps → ICF Connect → Permissions. Revoking file access will prevent CV uploads but will not affect any other App functionality.


4. How We Use Your Information

Purpose Description Legal Basis
Account management Create, authenticate, and maintain your member account Contract performance
App functionality Deliver features: events, jobs, Roula notes, Adkar, Hadith, Quran, habits, Janaza, Ayyuhannas, ICF Care Contract performance
Personalisation Remember your favourites, reading position, and habit progress Legitimate interest
In-app notifications Display local notifications for registration completion, payment confirmation, new content, and habit reminders Legitimate interest / Consent
Security Detect and prevent unauthorised access, fraud, and abuse Legitimate interest
Service improvement Analyse internal usage patterns to improve features and fix issues Legitimate interest
Legal compliance Meet applicable legal and regulatory obligations Legal obligation

We do not use your data for advertising, behavioural profiling, or any form of cross-app tracking.


5. How We Share Your Information

We do not sell, rent, or trade your personal data to any third party. Data is shared only in the following limited circumstances:

5.1 ICF Organisation Hierarchy

Your name, membership number, and organisational unit may be visible to authorised ICF leaders and administrators within your organisation hierarchy (Unit, Division, Region, Nation) as part of the App's membership directory functionality.

5.2 Job Listings

If you build a job seeker profile and apply for a position, your CV and application details are shared with the relevant employer posting the listing within the ICF network. You control whether your profile is visible.

5.3 Infrastructure & Hosting Providers

Our backend is hosted on servers we operate at connect.icfonline.org. We use trusted cloud infrastructure providers who process data strictly on our behalf under data processing agreements.

5.4 Payment Gateway

ICF Care membership fees are processed through an external payment gateway opened in your device's browser. ICF Connect does not store, process, or transmit credit card or bank account details. The payment provider's own privacy policy governs any data collected during payment.

5.5 YouTube / Google

The App embeds YouTube video content using stream URL extraction. When you play a YouTube video, your device connects directly to YouTube's servers. This is governed by Google's Privacy Policy.

5.6 Legal Requirements

We may disclose data if required by applicable law, a court order, or a valid governmental request, or where necessary to protect the rights and safety of ICF, our members, or the public.


6. Data Retention

  • Active account data — retained for as long as your membership account remains active.
  • Deleted account data — permanently removed within 30 days of account deletion, except where retention is required by law.
  • API server logs — retained for a maximum of 90 days for security and debugging, then deleted.
  • Local device data — cleared immediately when you log out or delete the App.
  • Cached audio files — stored locally; removed when you clear the App cache or uninstall the App.

You can delete your account at any time via Settings → Delete Account within the App. This initiates permanent removal of all your personal data from our servers within 30 days.


7. Data Security

We protect your data using:

  • HTTPS / TLS encryption for all data transmitted between the App and our servers.
  • Token-based authentication — all API requests are authenticated using a secure session token; passwords are never stored in plain text.
  • Sandboxed local storage — data stored on your device is isolated within the App's secure sandbox, inaccessible to other apps.
  • Access controls — server-side data access is restricted to authorised ICF personnel only.

No method of internet transmission is 100% secure. We cannot guarantee absolute security, but we continuously review and improve our practices.


8. Children's Privacy

ICF Connect is a membership application intended for adults and registered ICF members. The App is not directed to children under 13 (or the applicable minimum age in your jurisdiction).

We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information about a child, please contact us immediately at icfintl@icfonline.org and we will delete it promptly.


9. Your Rights

Depending on your country or region, you have the following rights over your personal data:

Right What It Means How to Exercise
Access Request a copy of the personal data we hold about you Email us
Rectification Correct inaccurate or incomplete data Edit Profile in the App, or email us
Erasure (Right to be Forgotten) Request permanent deletion of your account and data Settings → Delete Account in the App, or email us
Data Portability Request your data in a structured, machine-readable format Email us
Restriction Request that we limit processing of your data in certain circumstances Email us
Objection Object to processing for purposes based on legitimate interest Email us
Withdraw Consent Withdraw consent where processing is based on consent Settings in the App, or email us

We will respond to all rights requests within 30 days. We may need to verify your identity before fulfilling a request.

Account Deletion (Apple App Store & Google Play requirement):
You can permanently delete your account and all associated personal data directly within the App: Settings → Delete Account. All data is removed from our servers within 30 days of your request. This feature is available without contacting support.

10. International Data Transfers

ICF Connect is operated globally. Your data is stored on servers located at connect.icfonline.org. If you access the App from outside the server's host country, your data may be transferred internationally. We take appropriate safeguards to ensure your data is protected in accordance with this policy, regardless of where it is processed.


11. Additional Rights for EEA, UK & Swiss Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation:

  • The right to lodge a complaint with your national data protection authority (DPA).
  • The right to know the legal basis for each processing activity (see Section 4).
  • The right not to be subject to automated decision-making or profiling that produces legal effects — we do not use automated decision-making.

Our legal bases for processing are: contract performance (providing the App's services to members), legitimate interest (security, improvement), and legal obligation (compliance).


12. Additional Rights for California Residents (CCPA / CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know — what personal information we collect, use, and share.
  • Right to Delete — request deletion of your personal information (use Settings → Delete Account or email us).
  • Right to Opt-Out of Sale — we do not sell your personal information.
  • Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at icfintl@icfonline.org.


13. Third-Party Links & Services

The App may link to or embed third-party content. This Privacy Policy does not apply to those services. We encourage you to review their policies:

  • YouTube / Google — video content playback. Policy: https://policies.google.com/privacy
  • Payment Gateway — ICF Care membership payment processed in external browser. Policy provided by the gateway at time of payment.

No third-party advertising, analytics, or tracking SDK is integrated into ICF Connect.


14. Google Play Data Safety Summary

The following summary reflects our Data Safety declaration on the Google Play Store:

Question Answer
Does the app collect or share user data? Yes — see Section 2
Is all data encrypted in transit? Yes — HTTPS/TLS
Can users request data deletion? Yes — Settings → Delete Account in the App
Data shared with third parties No (except YouTube for video playback and external payment gateway in browser)
Data used to track users No
Data used for advertising No

15. Apple App Store Privacy Summary

The following reflects the App Privacy labels declared on the Apple App Store:

Data Type Collected Linked to Identity Used to Track Purpose
Name App Functionality
Email Address App Functionality
Phone Number App Functionality
Physical Address App Functionality
User ID App Functionality
Other User Content (CV / files) App Functionality
Product Interaction (views, favourites, habits) App Functionality
Location, Health, Financial, Browsing, Contacts, Diagnostics ❌ Not collected
Data Used to Track You None — this app does not track users across other apps or websites

16. Changes to This Privacy Policy

We may update this policy periodically to reflect changes in our practices, the App's features, or applicable law. When we make material changes we will:

  • Update the "Last Updated" date at the top of this page.
  • Display an in-app notification to active users where required.

Continued use of the App after changes are posted constitutes acceptance of the updated policy. We encourage you to review this page periodically.


17. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact:

📄 Privacy Policy: View Policy
📋 Support: Support Page

We aim to respond to all enquiries within 30 days.