← Back

Privacy Policy

Last updated: March 2026

What we collect

When you make a request to the Qivam API, we log the following data per request:

  • HTTP method and path — e.g. GET /v1/mosques/nearby
  • Response status code — e.g. 200, 404
  • Response time — milliseconds from request receipt to response sent
  • Response size — bytes, from the Content-Length header if present
  • Key suffix — the last 8 characters of your API key (never the full key)
  • User-agent — the HTTP client identifier sent in your request
  • IP address — the first value of the X-Forwarded-For header set by AWS API Gateway

No mosque search coordinates are persisted. No end-user personal data is stored. We do not set cookies or use browser fingerprinting.

Why we collect it (legal basis)

Legal basis: Legitimate interest (GDPR Article 6(1)(f)). We process this data to operate, secure, and rate-limit the platform — for example, to detect abuse, diagnose errors, and understand traffic patterns. IP address and user-agent are personal data under GDPR. Our API key holders are developers and businesses (B2B), not end consumers.

How long we keep it

Request logs are stored in AWS CloudWatch (eu-west-1) and are retained for 30 days, after which they are automatically deleted.

Your right to opt out

You can disable request logging for your API key at any time. Send a request with your key in the header:

POST https://api.qivam.com/v1/analytics/opt-out
X-API-Key: your_api_key

To re-enable logging:

POST https://api.qivam.com/v1/analytics/opt-in
X-API-Key: your_api_key

This satisfies the Article 21 right to object to processing based on legitimate interest.

Data processors

All data is processed within AWS eu-west-1 (Ireland). No third-party analytics services are used. Your data is never sold or shared with third parties.

Contact

For GDPR requests (access, erasure, portability) or any privacy questions, email team@qivam.com.