IFG Security & Privacy Policy

We know that you are entrusting us with sensitive data at IFG and protecting that and making sure we are treating it truly confidentially is something that is front of mind for us.

To give you a sense of the steps we are proactively taking:

In 2022 we have commissioned a top City law firm to do a full data protection review of all of our work to make sure our operations are world class and in line with GDPR best practises.

Additionally, we do annual penetration tests of our software. This means we pay an expert cybersecurity company to try to hack our systems and identify any technical weaknesses we have and flag those to us so we can stay ahead of the curve.

Below we have answered some key other questions that might come to mind when you explore our website. If you have any other questions at all, just drop us a line via our contact page.

Is my data encrypted?

The data in IFG is encrypted at-rest and in-transit.

What this means is that all of our databases and storage happens within the best-in-class server systems globally including Amazon (AWS) servers, Digital Ocean, and Hubspot.

When your data is sat in the server it is encrypted and cannot be accessed unless someone authorised accesses it.

When you data is retrieved (e.g. when you login) your data is seen as “in transit” and our website requires HTTPS on all pages so that the data can only ever be transmitted and displayed over a secure connection.

Do you store card details?

We do not store your card details. All of our payment systems are handled via Stripe – the world leader in payment services – and any information retained (by your permission only) is within the Stripe platform. We do not ever have access to the unencrypted form of the card information.

Can IFG employees see my data?

The Muslim community is a small community and we know we would hate the idea of someone looking at our personal data without our permission. This also applies to our own team.

Here’s how we approach it.

For certain of our services our employees need to look at your data. For example, our Wills team need access to your submitted data to draft your Islamic will, or our VC team need to look at your data in order to keep your portfolio up-to-date and to be able to assist with your queries.

However, we strictly control access so that only those who need access have it. For example, our content team does not have access to our individual customer data as they don’t need access to it.

We have also made sure that our entire team – including the co-founders, engineering and product teams – have signed up, as part of their legally binding employment agreement, to:

  • Only access customer data where directly relevant to serving the customer;
  • Give strong preference wherever possible to rely on anonymised aggregated data for analysis and research purposes;
  • Check with our compliance team if in any doubt as to data usage in novel circumstances.

We have activity logs of access to, and changes made within, our CRM (Customer Record Management) system which allow us to monitor usage and flag inappropriate usage.

Does IFG sell my data?

IFG never sells your data.

You can read more about how we are financed here.


Can I permanently delete my data?

Yes.

Please just drop us a note via our contact page and we will ensure that your entire record is deleted from our database permanently.