Privacy Policy

This Privacy Policy explains how SHIRAH collects, uses, stores, shares, protects, retains, and deletes user information.

SHIRAH is a Bangladesh-focused business, community, telecom, reselling, wallet, and digital-services mobile app.

App Name
SHIRAH
Package Name
com.shirahsoft.app
Effective Date
June 13, 2026
Last Updated
June 16, 2026

Important: By using SHIRAH, you acknowledge the data practices described in this Privacy Policy. Where applicable law or Google Play policy requires separate notice or consent for a permission, sensitive-data use, or third-party service, SHIRAH will request that permission or consent separately inside the app.

1. Introduction and Scope

This Privacy Policy applies to the SHIRAH mobile application, package com.shirahsoft.app, the SHIRAH website, and related support and account-deletion resources operated for SHIRAH users.

For this Privacy Policy, “SHIRAH,” “we,” “us,” and “our” refer to the SHIRAH service operated by Labib UR Rahman.

SHIRAH provides account-based mobile services, community features, wallet and reward records, mobile recharge and telecom offers, shop and reselling features, micro jobs, blood-donation support, fundraising-related records, notifications, and account-security tools.

SHIRAH is not an investment app, banking service, lending service, passive-income product, or guaranteed-earnings platform.

2. Information We Collect

SHIRAH collects information only when it is needed to provide, secure, support, or improve the features you use. The categories below may apply depending on your activity and the features enabled in your version of the app.

Account and Profile Information

  • First name and last name
  • Email address and phone number
  • Authentication provider and account identifier
  • Invite code, inviter or account-connection identifier, and related network statistics
  • Profile photo, cover photo, bio, date of birth, gender, country, blood group, and address when provided

Account Status, Permissions, and Security Information

  • Verification, subscription, and feature-access status
  • User role, permissions, account state, moderation status, risk level, and safety flags
  • Device-session records, login activity, session-revocation status, and app-lock settings
  • Fraud-prevention, abuse-detection, duplicate-account, and security-review signals

Wallet, Reward, Cashback, and Activity Records

  • Wallet balance and wallet transaction records
  • Reward-point balance and reward transaction records
  • Eligible reward-conversion records
  • Recharge or offer cashback records where an eligible campaign is active
  • Reselling-profit, micro-job reward, adjustment, reversal, or administrative transaction records
  • Withdrawal request and payout-status records

Payment and Withdrawal Information

  • Payment amount, currency, purpose, method, and status
  • Supported MFS provider, such as bKash, Nagad, Rocket, or Upay, where applicable
  • Invoice ID, transaction ID, sender number, provider response, fee, and charged amount
  • Withdrawal amount, payout method, payout account number, review status, and payout status
  • Failed-payment, refund, reversal, reconciliation, chargeback, dispute, and fraud-review records

Recharge, Top-Up, Drive Offer, and Telecom Information

  • Phone number entered or selected by the user for the requested service
  • Mobile operator, number type, recharge amount, package, top-up, or drive-offer details
  • Request reference, provider transaction ID, provider response, cashback eligibility, and transaction status
  • Recharge history, retry, refund, support, and dispute records

Community and User-Generated Content

  • Posts, captions, and uploaded images
  • Comments, replies, reactions, follows, followers, and following relationships
  • Content visibility settings and public-profile activity
  • Reports, moderation decisions, policy-enforcement records, and blocked-user relationships where that feature is available

Micro Job and Proof Submission Information

  • Jobs created, viewed, joined, or managed by users
  • Proof text, screenshots, images, links, notes, and submission status
  • Review, approval, rejection, reward, refund, complaint, and dispute records

Shop, Reselling, Vendor, and Order Information

  • Product browsing, categories, wishlist, product listings, variants, prices, stock, and vendor profiles
  • Reselling orders, quantities, selling price, vendor price, delivery charge, payment status, and settlement status
  • Customer delivery details submitted by a reseller, including name, phone number, district, upazila, address, and order note
  • Delivery, cash-on-delivery, cancellation, return, support, dispute, profit, and wallet-settlement records

Blood Donation and Social-Support Information

  • Blood group, district, donor availability, donor profile, and donation history when voluntarily provided
  • Visibility choices associated with donor information
  • Fundraising-related totals, transaction references, or status records where applicable

Device, App, Usage, and Technical Information

  • Device identifiers, app-set identifiers, app version, device model, and operating-system information
  • Authentication sessions, device-management metadata, and push-notification tokens
  • Realtime presence or online-status data
  • App interactions, analytics events, crash logs, diagnostics, performance information, and error reports
  • IP-address-related, device-integrity, rate-limit, security, and abuse-prevention signals where processed by SHIRAH or its service providers

Advertising Information

  • When Google Mobile Ads is enabled or initialized, it may process IP address, approximate-location signals derived from IP address, app interactions, diagnostic information, and device or advertising identifiers
  • Ad-request, delivery, impression, performance, security, and fraud-prevention information where advertising is enabled
  • SHIRAH does not currently provide reward points, wallet balance, withdrawable money, or cash-equivalent benefits in exchange for viewing advertisements

3. Permissions Used by SHIRAH

SHIRAH requests device permissions only when needed for a user-requested feature. You can deny or later revoke optional permissions through your device settings, although the related feature may stop working.

Contacts

With your permission, SHIRAH may read contacts locally so that you can select a phone number for recharge, top-up, or drive-offer services. Only the number selected by you is intended to be used for the requested transaction. SHIRAH does not upload or use your contact list for unrelated marketing.

Camera and Photos or Media

Camera and photo or media access may be used when you choose to capture or upload a profile image, community image, product image, micro-job proof, screenshot, or other feature-related media.

Notifications

Notification permission may be used to send account, security, wallet, payment, recharge, order, community, micro-job, support, and service messages. You can manage notification permission through your device settings.

Biometric Authentication

Biometric authentication may be used for a local app-lock feature. Authentication is performed through the device operating system. SHIRAH does not receive or store raw fingerprint, face, or other biometric templates on its servers.

4. How We Use Information

SHIRAH uses information for the following purposes:

  • Create, authenticate, manage, secure, and support user accounts
  • Provide community, wallet, reward, recharge, shop, reselling, micro-job, blood-donation, fundraising, notification, and security features
  • Process user-requested payments, recharge, top-up, drive offers, orders, settlements, reward conversions, and withdrawals
  • Verify transactions, prevent duplicate processing, reconcile provider responses, and resolve payment or service disputes
  • Deliver notifications, support responses, account alerts, and transaction updates
  • Detect and prevent fraud, abuse, unauthorized access, fake activity, duplicate accounts, policy violations, and platform manipulation
  • Moderate user-generated content, investigate reports, enforce platform rules, and protect users
  • Measure app performance, diagnose crashes, troubleshoot errors, and improve reliability
  • Meet applicable legal, accounting, tax, audit, safety, dispute-handling, and regulatory obligations

5. Payments, Wallet, Rewards, Cashback, and Withdrawals

SHIRAH supports Bangladesh-focused payment, wallet, reward, cashback, recharge, reselling, and withdrawal-related workflows in Bangladeshi Taka (BDT).

Depending on the transaction and the rules applicable to the distributed version of the app, a payment may be processed through Google Play Billing, UddoktaPay, a supported MFS provider, or another disclosed payment provider.

UddoktaPay and local MFS methods may be used for eligible local transactions such as telecom services, physical-product or reselling orders, cash-on-delivery-related operations, payouts, and other flows permitted by applicable Google Play policies and law.

Payment and payout providers may receive the information required to complete or verify a transaction, such as amount, currency, purpose, invoice or reference ID, sender or payout number, transaction status, and provider response.

SHIRAH does not intentionally collect or store MFS PINs, OTPs, card CVV numbers, or complete card or bank-account credentials. Never share a payment PIN, OTP, password, or secret credential with SHIRAH staff or any other person.

Reward points are app-based records and are not legal tender, a bank deposit, or guaranteed cash. Eligible reward conversion, cashback, wallet credit, and earning-related records may be subject to published eligibility rules, limits, fees, transaction success, manual review, security checks, and fraud-prevention controls.

SHIRAH does not currently award reward points, wallet credit, withdrawable balance, or cash-equivalent value for viewing advertisements.

Withdrawal requests require a minimum eligible wallet balance of 100 BDT. Requests are manually reviewed. Approved withdrawals may be manually processed through supported local MFS methods such as bKash, Nagad, Rocket, or Upay.

SHIRAH does not guarantee approval, a specific payout amount, or a fixed completion time. Approved requests are generally attempted within 24–48 hours where operationally possible, but verification, provider delay, holidays, incorrect details, technical issues, disputes, or fraud checks may require additional time.

6. Recharge, Top-Up, Drive Offers, and Telecom Providers

When you request recharge, top-up, or a drive offer, SHIRAH may send the selected phone number, operator, amount, package or offer, transaction reference, and related request details to Success TopUp or another configured telecom service provider.

Provider responses, operator availability, package details, price, cashback eligibility, success status, failure status, pending status, refund status, and service timing may be stored for transaction processing, user history, support, reconciliation, dispute handling, and fraud prevention.

7. Third-Party Services and Processors

SHIRAH uses third-party services to provide app functionality. Depending on the features enabled and used, these providers may process information on SHIRAH’s behalf or as independent service providers under their own terms and privacy practices.

  • Firebase Authentication
  • Cloud Firestore
  • Firebase Cloud Functions
  • Firebase Storage
  • Firebase Realtime Database
  • Firebase Cloud Messaging
  • Firebase Analytics
  • Firebase Crashlytics
  • Google Mobile Ads, when advertising is enabled or the SDK is initialized
  • Google Play Billing, where used for eligible digital transactions
  • UddoktaPay for eligible local BDT payment workflows
  • Supported MFS providers such as bKash, Nagad, Rocket, or Upay, where applicable
  • Success TopUp or another configured provider for recharge, top-up, drive offers, provider responses, and transaction status
  • Relevant vendors, delivery teams, and operational partners for reselling-order fulfilment, return handling, cash-on-delivery operations, and settlement

SHIRAH reviews the data practices of third-party SDKs and services included in the app and updates this Privacy Policy and Google Play disclosures when those practices or integrations materially change.

8. How We Share Information

SHIRAH does not sell personal or sensitive user information.

SHIRAH shares or allows processing of information only when reasonably necessary to:

  • Operate authentication, cloud storage, hosting, messaging, analytics, crash reporting, security, and advertising services
  • Complete user-requested payment, recharge, offer, order, delivery, settlement, wallet, or withdrawal workflows
  • Share order and customer-delivery details with the relevant vendor, delivery team, or operational partner for order fulfilment and support
  • Provide customer support, investigate disputes, prevent fraud, and protect users or the platform
  • Review reports, moderate content, enforce rules, and respond to child-safety or other serious safety concerns
  • Comply with applicable law, lawful government requests, court orders, financial-record requirements, audit obligations, or regulatory duties
  • Complete a merger, restructuring, transfer, or acquisition involving the service, subject to appropriate notice and legal safeguards where required

9. User-Generated Content, Public Visibility, and Customer Data

Posts, profile information, comments, replies, reactions, follow relationships, product listings, donor information, or other content may be visible to other users depending on the feature and visibility setting. Do not publish information that you do not want others to see.

SHIRAH staff, moderators, and support personnel may access content and related records when needed for moderation, support, fraud prevention, dispute handling, order processing, or policy enforcement.

A reseller who submits a customer’s name, phone number, address, or order note must have a lawful and appropriate basis to provide that information for order fulfilment. SHIRAH uses such information only for order processing, delivery, support, return or dispute handling, fraud prevention, and settlement.

Reported or removed content and related moderation records may be retained when necessary to investigate abuse, protect users, handle disputes, or meet legal obligations.

10. Sensitive Information

Financial information, authentication information, contacts, blood-group or donor information, customer-delivery information, and uploaded proof images may be personal or sensitive.

SHIRAH limits the use of this information to the feature requested by the user, account and transaction security, support, legal compliance, and the other purposes described in this Privacy Policy.

SHIRAH does not use contact-list information, payment credentials, blood-group information, donor information, or customer-delivery details for unrelated targeted advertising.

11. Data Storage and Security

SHIRAH uses reasonable technical, administrative, and platform-supported safeguards, including authentication controls, role-based access controls, restricted backend operations, secure transmission using HTTPS/TLS where applicable, device-session management, audit records, and manual review for sensitive wallet, payment, recharge, order, and withdrawal workflows.

Access to personal information is limited to authorized users, administrators, support personnel, or service providers who need it for an approved operational purpose.

No mobile app, cloud service, payment provider, telecom provider, or security system can guarantee absolute security. Users are responsible for protecting their device, email, phone number, login credentials, PIN, OTP, payment information, and app access.

12. Data Retention

SHIRAH retains active account and profile information while the account remains active and for as long as reasonably necessary to provide the requested services.

Transaction, wallet, reward, payment, withdrawal, recharge, top-up, drive-offer, order, delivery, settlement, refund, dispute, audit, moderation, support, and fraud-prevention records may be retained after account deletion when reasonably necessary for legal, financial, accounting, tax, security, fraud-prevention, dispute-handling, provider-reconciliation, or regulatory purposes.

Notification tokens and active device-session records are retained only while needed to provide notifications or account-security functions and are removed, replaced, or invalidated when no longer needed or when the associated account is deleted, subject to technical and security requirements.

User-generated content may be deleted, hidden, de-identified, or retained depending on user action, account deletion, moderation status, dispute needs, safety requirements, and system integrity.

SHIRAH limits retained information to what is reasonably necessary for the relevant purpose.

13. Account Deletion and Data Deletion

Users can request deletion of their SHIRAH account and associated personal data from inside the app. Users who cannot access the app can use the public deletion resource to request support-assisted deletion after reasonable account-ownership verification.

In-App Deletion

Sign in to SHIRAH, open the app menu or account-management area, select the Delete Account option, review the warning, and confirm the request.

Public Deletion Resource

Account deletion instructions and support-assisted deletion information are available at:

Delete Account Instruction


What Happens After a Valid Deletion Request Is Completed

  • The Firebase Authentication account is permanently deleted and active sign-in sessions are revoked.
  • Active profile information is deleted or irreversibly anonymized.
  • Phone-number uniqueness records are released where technically applicable.
  • Push-notification tokens and active device sessions are removed or invalidated.
  • Account-linked profile and cover images, and other personal media, are deleted or disconnected where technically applicable, unless limited retention is necessary for moderation, safety, dispute, or legal purposes.
  • Wallet access, reward points, and other account-linked benefits become unavailable after deletion.
  • Public posts, comments, proof submissions, order records, or other activity may be deleted, hidden, de-identified, or retained where necessary for transaction integrity, moderation, fraud prevention, safety, disputes, or legal obligations.
  • Limited transaction, payment, withdrawal, recharge, order, audit, security, moderation, fraud-prevention, and dispute records may be retained only for legitimate and necessary purposes.

In-app deletion requests are initiated after user confirmation. Support-assisted requests are processed after reasonable ownership verification and without undue delay, although pending transactions, disputes, security reviews, fraud checks, or legal-retention requirements may require additional time.

Logging out, uninstalling the app, or temporarily stopping app use does not delete the account.

14. Your Rights and Choices

Subject to applicable law and the nature of the service, you may:

  • Access and update certain profile information inside the app
  • Choose whether to provide optional profile, donor, media, contact, or notification information
  • Withdraw optional device permissions through your device settings
  • Manage public visibility where a feature provides visibility controls
  • Request correction of inaccurate account information
  • Request account and associated-data deletion through the in-app option or public deletion resource
  • Contact SHIRAH about privacy, security, account, payment, recharge, reselling, or deletion questions

Withdrawing permission does not affect processing already completed lawfully, and some features may not function without the information required for that feature.

15. Children’s Privacy

SHIRAH is intended only for users who are 18 years of age or older. It is not designed for, directed to, or knowingly made available to individuals under 18.

SHIRAH does not knowingly permit individuals under 18 to create or operate an account. If we learn that an underage individual has provided personal information, we may restrict or close the account and take reasonable steps to delete or anonymize the information, subject to legitimate security, fraud-prevention, transaction-retention, safety, and legal requirements.

Concerns involving child safety or suspected child exploitation may be reported to support@shirah.top.

16. International Data Processing

SHIRAH is intended primarily for users in Bangladesh. Some service providers may process or store information outside Bangladesh where required for authentication, hosting, storage, messaging, analytics, diagnostics, advertising, payment, recharge, security, support, or other technical operations.

Where information is processed outside Bangladesh, SHIRAH relies on the safeguards and contractual or technical protections made available by the relevant service provider and applicable law.

17. Changes to This Privacy Policy

SHIRAH may update this Privacy Policy to reflect changes in app features, data practices, service providers, legal requirements, security measures, or Google Play disclosures.

When a material change is made, the “Last Updated” date will be changed and notice may be provided through the app, website, or another appropriate channel where required.

The latest version will be published at:

Privacy Policy


18. Contact Us

For privacy questions, account-deletion requests, security concerns, or complaints about SHIRAH’s data practices, contact:

SHIRAH
Service Operator / CEO / Founder: Labib UR Rahman
Website: https://shirah.top
Support and Privacy Email: support@shirah.top
Child Safety Contact: support@shirah.top
Developer/Admin Email: contact.labibur@gmail.com
Address: Section-6, Mirpur, Dhaka-1216, Bangladesh