The Charter · v0 draft
Four promises. Structurally enforced.
Trusting an institution means trusting the rules. Below are the rules that govern UmmahPassport. The v0 draft is published; final language locks after scholar-council review.
وَلَا تَجَسَّسُوا
wa lā tajassasū — “and do not spy on one another.”
- I
No state funding, ever
UmmahPassport does not accept funding from any government — Muslim or otherwise. Funding comes from individual Muslims, Muslim-community foundations not tied to state apparatuses, and revenue from premium services. This is non-negotiable and structurally enforced.
- II
Data minimization
We collect what is necessary to provide identity, nothing more. We do not sell data. We do not run advertising surveillance. Relying-party projects (Ihsan Standard, NoorMap, and future) receive only the claims required for their function (email, opaque user ID, the specific app-scope permissions you granted).
- III
Right to leave with your data
You can export everything UmmahPassport holds about you in a machine-readable format. You can delete your account; we delete your data within 30 days; we publish an audit log of mass-deletion events. Your data is yours.
- IV
Charter-protected free forever
The identity layer itself stays free for individuals — no upsell, no premium tier, no feature gating on personal identity. Sustaining revenue comes from relying-party services and from donations, not from rent-seeking on identity.
Pilot phase · landing before we open the network
UmmahPassport is in pilot. We’re using this time to work through what open-source publication looks like for an identity layer, finalize the rest of the auth surface, and stress-test the long-term posture of the network — before any third-party project joins. The items below land before that door opens.
- • Open-source publication of the identity-protocol implementation, security-sensitive code, and the relying-party SDK.
- • Final auth-surface decisions (passkey/WebAuthn, OAuth Device Authorization grant, account-recovery posture).
- • Scholar council membership and rotation policy.
- • Wind-down protocol if the network is ever compromised.
- • Detailed data-retention and breach-notification standards.