The default in consumer software is that your information is the product. Apps collect more than they need, share it with parties you do not know, and use it to build profiles of you that are then sold to advertisers, monetized in adversarial markets, or used to train models on your behaviors. The privacy-erosion default is so widespread that most users no longer notice they are agreeing to it. The terms-of-service prompt is dismissed. The location permission is granted. The contact list is uploaded. The photos are scraped for face recognition. By the time the patterns are visible, it is too late to take them back.
A platform serving the Muslim marriage process cannot operate on these defaults. Privacy is not a nice-to-have for our users. It is the precondition for using the product at all. A woman cannot have a serious conversation with a potential spouse if her photos can be screenshot and forwarded. A man cannot show up at a profile thoughtfully if his bio is being analyzed by a third-party algorithm he never agreed to. A family cannot participate in the matchmaking process if the platform itself is leaking information about who is on it.
So we built a platform where privacy is not a feature you opt into. It is the default, baked into every decision.
Photos are blurred until a mutual reveal. The platform does not let a man see a woman's clear photo unless she has approved the reveal — and the reveal can be reviewed by her wali before it happens. Photos cannot be saved or screenshotted without the platform detecting and logging the attempt. Photos cannot be shared outside the platform.
First names are shown only with a single initial until a conversation has progressed. No one sees your full identity by default. The identifying information is unlocked deliberately, by your choice, after you have determined that the conversation is worth that level of disclosure.
Distance is shown in privacy-preserving buckets — "in your city," "5-15 miles," "15-30 miles" — never as exact mileage and never below 5-mile precision. The platform does not request live location permission. The platform does not use GPS. We do not need to know where you physically are. We need to know what city you live in, and that is information you have already disclosed.
Identity verification happens before you can browse profiles. Every user submits a government ID and a live selfie, processed by a verified identity verification provider operating under a Data Processing Agreement with us. We do not store biometric data permanently. We do not let unverified users see your profile. The verification system is not just to protect us from fake accounts — it is to protect you from talking to people who are not real.
Chat is permanent. This is one of our most-discussed design choices. No deletion, no editing, no unsend. The reason is privacy in the deeper sense: a record that cannot be erased cannot be weaponized. If someone sends you an inappropriate message, you cannot be pressured into deleting the evidence. If you say something on day one that someone tries to spin on day fifty, the original message is there. Permanence is a privacy choice in the form of integrity.
We disclose every third-party service we use. Identity verification is disclosed by name and jurisdiction. Image moderation is disclosed by name and jurisdiction. Payment processors are disclosed. Cloud hosting is disclosed. We have Data Processing Agreements with each one. Where applicable, these agreements include EU-grade data protections that extend to all our users, regardless of where they live.
None of this is novel security thinking. Most of it is the unfashionable application of well-understood privacy principles. What is novel is that we are applying these principles to a category of software — the one optimized for engagement, attention, and data extraction — that has historically not bothered with them.
The choices add up. The result is a platform where you can think about getting married without first having to think about who is watching. That is the precondition for the kind of intentional, family-involved process this platform exists to support.
If you want the granular detail of how we handle specific categories of data, our Privacy Policy covers it. If you want to talk to us about anything specific, izharbid@walimarriage.com.
— The Wali Marriage team