Enterprise security. Built in.
Your contributors trust your masjid with their personal and payment information. We take that as an amanah — the controls below are part of the platform, for every organisation.
Your contributors trust your masjid with their personal and payment information. We take that as an amanah — the controls below are part of the platform, for every organisation.
TOTP-based MFA with recovery codes. Protect admin accounts with a second factor that works with any authenticator app.
Staff sign in with the identity providers your team already uses — fewer passwords, same security standards.
Contributors sign in with a one-time code to their email or phone — no passwords to forget, no app store required, and built for every literacy level.
Four system roles (platform admin, org admin, staff, contributor) plus custom roles. Database-driven permissions with 60-second cache. Multiple roles per user.
Payment provider credentials and sensitive configuration are encrypted at rest using Fernet symmetric encryption. Keys are never stored alongside data.
Every sadaqah, every profile change, every role assignment, every login — logged with timestamp, user, and before/after values, then chained with cryptographic hashes and verified every 6 hours. Tampering becomes evident, not silent. Exportable for your trustees, shura, and auditors.
Every database query is scoped by organization ID. There is no API call that can access another organization's data — by design, not by convention.
All AI features run within the platform's tenant isolation boundary. Organization data is never shared across tenants, used for training external models, or accessible to other organizations. The AI intelligence layer operates on your data alone — with the same encryption, audit trail, and access controls as every other feature.
Mohseen accounts live only on Mohseen — your community's accounts never appear on other platforms. Each brand is architecturally isolated: separate registration, separate JWT scope, separate email identity. A contributor here cannot be discovered, contacted, or imported from anywhere else. More →
When a contributor is deleted, their personally-identifying fields are stripped from every read path — their sadaqah stays in your ledger for compliance, but their name, email, and phone disappear from API responses. Right-to-erasure honored at the data-model layer, not just the UI.
Export-on-request, deletion-on-request, consent tracking, lawful-basis records. Built for European regulators by default, not as an afterthought toggle.
No card data ever touches Mohseen's servers. Checkout runs in a hardened, locked payment iframe — card numbers go directly from the contributor's browser to the payment processor, and the surrounding page architecturally cannot fake a sadaqah. Your masjid inherits the processor's PCI compliance — not the other way around.
