1. Introduction
Welcome to Hifzul Quran ("the App", "we", "us", "our"). This Privacy Policy explains how [YOUR LEGAL ENTITY] collects, uses, stores, and protects your personal information when you use our Quran memorisation application.
We are committed to protecting your privacy and handling your data with transparency and care. By using Hifzul Quran, you agree to the practices described in this policy.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Name — your display name (provided during onboarding)
- Email address — provided via Apple Sign-In
- Apple ID identifier — a unique, app-scoped identifier (we never see your actual Apple ID)
2.2 Profile & Preferences
Information you provide during onboarding and settings:
- Memorisation goal (memorise, review, or learn tajweed)
- Daily time commitment
- Experience level (beginner, intermediate, advanced, hafiz)
- Preferred reciter, translation language, font size
2.3 Usage & Progress Data
We collect data about how you use the App to provide the memorisation experience:
- Memorisation session history (ayahs reviewed, grades, duration)
- Spaced repetition card data (intervals, ease factors, next review dates)
- Streak and daily activity records
- Bookmarks and reading progress
- Quran library browsing history
2.4 Voice Recordings (With Explicit Consent)
If you opt in to voice-based recitation features:
- Audio recordings of your Quran recitation for real-time feedback
- Recordings are processed on-device where possible (via WhisperKit)
- When on-device processing is unavailable, recordings are sent to a secure cloud service for transcription and immediately deleted after processing
- We do not store your voice recordings permanently on our servers
2.5 Device & Technical Data
- Device type and operating system version
- App version
- Crash reports and performance metrics
- Network connectivity status (online/offline)
- Timezone (used for streak calculations)
2.6 Analytics Data
We use PostHog for anonymised usage analytics:
- Screen views and navigation patterns
- Feature usage frequency
- Session duration and completion rates
- Onboarding funnel progression
3. How We Use Your Information
We use your information exclusively to:
- Provide the memorisation experience — spaced repetition scheduling, progress tracking, streak calculations
- Personalise your learning — adapting to your skill level, goals, and pace
- Process voice recitation — providing pronunciation feedback (only with your explicit consent)
- Sync your data — keeping your progress consistent across devices
- Improve the App — understanding usage patterns to build better features
- Communicate with you — responding to support requests, sending critical updates
We never use your data to:
- Sell to third parties
- Serve advertisements
- Build advertising profiles
- Train AI models on your personal recitation without explicit consent
4. Data Storage & Security
4.1 Where Your Data Is Stored
- On-device: Memorisation cards, cached Quran text, and preferences are stored locally using encrypted storage (MMKV)
- Cloud: Account data, progress history, and sync data are stored on Supabase (hosted on AWS) with row-level security policies ensuring you can only access your own data
4.2 Security Measures
- All data transmitted between the App and our servers uses TLS 1.3 encryption
- Authentication tokens are stored in the iOS Keychain via Expo SecureStore
- Database access is protected by Supabase Row Level Security (RLS)
- Passwords are never stored — we use Apple Sign-In exclusively
4.3 Data Retention
- Account data: Retained while your account is active. Deleted within 90 days of account deletion request.
- Voice recordings: Processed in real-time and immediately discarded. Never stored permanently.
- Analytics data: Anonymised and retained for up to 24 months for product improvement.
- Cached data: Stored locally on your device; you can clear this at any time from Settings.
5. Data Sharing
We share your data only with the following service providers, solely to operate the App:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database & authentication | Account info, progress data |
| Apple | Authentication (Sign in with Apple) | Apple ID token |
| PostHog | Analytics | Anonymised usage events |
| RevenueCat | Subscription management | Purchase receipts, user ID |
| Tarteel / Cloud ASR | Voice transcription (cloud fallback) | Temporary audio data |
We do not share your data with any other third parties. We do not sell your data.
6. Your Rights
6.1 All Users
You have the right to:
- Access your data — view all stored data in the App's Profile section
- Correct your data — update your name, preferences, and goals at any time
- Delete your data — request full account deletion from Settings
- Export your data — request a copy of your data by emailing [YOUR EMAIL]
- Withdraw consent — disable voice recording features at any time
6.2 European Union Residents (GDPR)
Under the General Data Protection Regulation, you additionally have the right to:
- Data portability — receive your data in a machine-readable format
- Restrict processing — limit how we use your data
- Object to processing — opt out of analytics data collection
- Lodge a complaint — contact your local data protection authority
Our legal basis for processing your data is:
- Contract performance — providing the memorisation service you signed up for
- Legitimate interest — improving the App based on anonymised analytics
- Consent — processing voice recordings (only when you explicitly opt in)
6.3 California Residents (CCPA)
Under the California Consumer Privacy Act, you have the right to:
- Know what personal information we collect and how it is used
- Request deletion of your personal information
- Opt out of the sale of personal information (we do not sell your data)
- Non-discrimination for exercising your privacy rights
7. Children's Privacy
Hifzul Quran is designed for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at [YOUR EMAIL] and we will promptly delete it.
8. Offline Functionality
Hifzul Quran works offline. When offline:
- Your memorisation sessions are stored locally on your device
- Data syncs automatically when you reconnect to the internet
- No data is transmitted to our servers while offline
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last updated" date at the top
- We will notify you via an in-app notice
- Continued use of the App after changes constitutes acceptance
10. Contact Us
If you have questions about this Privacy Policy or want to exercise your data rights:
Email: [YOUR EMAIL]
Address: [YOUR LEGAL ENTITY ADDRESS]