Privacy Policy

Last updated: February 15, 2026

Falah One ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use the Falah One mobile application ("App"). We designed Falah One with a privacy-first approach: core prayer, Quran, dua, and zikr features work without creating an account.

1. Information We Collect

1.1 Information You Provide Voluntarily

If you choose to create an account (which is optional), we collect:

  • Account Information: Name, username, email address, password hash, and optional profile image (if provided by Google Sign-In)
  • Account Preferences: Language and timezone preferences
  • Session and Security Data: Session token metadata, IP address, user agent, and session timestamps used for authentication and security
  • Community Submissions: Dua and zikr collections you submit for community review
  • Reports: Content error reports and report metadata you choose to submit

Some cloud-backed and community features require sign-in.

1.2 Information Collected With Permission or User Action

The following data is accessed only after permission prompts or user action:

  • Location Data (Approximate and Precise): Used to detect your nearest JAKIM prayer zone and calculate Qibla direction. Coordinates are used on-device and also sent to our nearest-zone API endpoint for zone detection; we do not store raw coordinates in our application database. You may deny location permission and select zone manually.
  • Notification Data: If notifications are enabled, we process and store your Expo push token, platform (iOS/Android), and notification settings.
  • Device Metadata for Push Delivery: Device brand/model/OS version from Expo Device is sent when registering push notifications to help validate and manage token delivery.

1.3 Information Stored Locally on Your Device

The following data is stored locally on your device (SQLite, AsyncStorage, and SecureStore). Depending on feature usage and sign-in state, some of this data may also sync to our servers for account-backed functionality:

  • Prayer tracking logs and streaks
  • Qada (missed prayer) records and calculator profiles
  • Quran reading progress and bookmarks
  • Dua and zikr favourites
  • Hadith bookmarks and favourites
  • Spiritual goals and amalan progress
  • App preferences and settings
  • Downloaded audio recitations

1.4 Information We Do Not Collect

For clarity, Falah One does not collect:

  • Advertising IDs for ad targeting
  • Browsing history or search history outside the App
  • Contacts, photos, or files from your device
  • Financial or payment information
  • Health or fitness data
  • Data for third-party ad profiling or sale to data brokers

2. How We Use Your Information

We use collected information for the following purposes:

  • Prayer Times: Your location or manually selected zone is used to fetch prayer times from the JAKIM API
  • Qibla Direction: Your location is used to calculate the direction of the Kaaba on your device
  • Cloud-Backed Features: When you are signed in, eligible data (such as goals, qada records, bookmarks, and progress) may sync to our servers for backup and multi-device access
  • Notifications: Push token, zone, and notification preferences are used to deliver prayer and related reminders
  • Account Management: Email verification and password reset emails are sent only when you request them
  • Community Content: Submissions you make are reviewed and, if approved, made available to other users
  • Security and Abuse Prevention: Session metadata, rate limiting, and related logs are used to protect accounts and services
  • Internal Operations Analytics: We may use synced in-app activity data in aggregate/internal admin dashboards to monitor reliability and improve product features

3. Data Storage and Security

3.1 Local Storage

Most data is stored locally on your device using SQLite and AsyncStorage. Authentication tokens are stored using Expo SecureStore. We do not have direct access to data that remains only on your device.

3.2 Cloud Storage

If you sign in and use cloud-backed features, data is stored in a PostgreSQL database hosted on secure servers. Audio content (Quran recitations) is stored using S3-compatible object storage.

3.3 Security Measures

We implement the following security measures:

  • Encrypted password storage using secure hashing algorithms (bcrypt)
  • HTTPS/TLS encryption for data transmitted between the App and our servers
  • Rate limiting on sensitive endpoints
  • Secure session management with token expiry
  • Secure token storage on device (Expo SecureStore)

4. Third-Party Services and SDKs

Falah One integrates with the following third-party services:

Service Data Shared Purpose
Google OAuth 2.0 Name, email, and profile image returned by Google Optional social sign-in
JAKIM API Prayer zone code (no direct personal profile data) Prayer times and Islamic calendar data
Expo Push Service (with FCM/APNs delivery) Push token, notification payload, and delivery metadata Deliver push notifications
Platform Location/Geocoding Services Device location coordinates (when permission is granted) Location lookup and reverse geocoding
S3-Compatible Storage Content requests for hosted audio files Serve Quran audio recitations
SMTP Email Provider Email address and account email content Verification and password reset

We do not use third-party ad networks or sell data to data brokers.

5. Analytics, Tracking, and Advertising

We do not use third-party advertising SDKs or cross-app tracking.

  • No behavioral advertising or ad personalization
  • No tracking across other companies' apps or websites
  • No Facebook Pixel or ad network SDKs
  • We may generate internal/aggregate service analytics from synced in-app activity to operate and improve Falah One
  • No sale of personal information

6. Data Sharing and Sales

We do not sell your personal information. We do not share your data with third parties for marketing or advertising purposes.

Your data may be disclosed only in these limited cases:

  • Service Providers: To processors needed for app operations (for example OAuth sign-in, email delivery, push delivery, and hosting/storage)
  • Community Content: Approved dua and zikr submissions you choose to publish
  • Legal Requirements: If required by law, regulation, court order, or legal process
  • Safety: To protect the rights, property, or safety of users or the public

7. Your Rights and Choices

You have the following rights regarding your data:

  • Use Without Account: You can use core features without creating an account
  • Location Permission: You can deny location access and manually select your prayer zone
  • Notification Permission: You can disable notifications through device settings
  • Data Access: You can request a copy of personal data we hold about you
  • Data Correction: You can update profile details through the App
  • Account Deletion: You can request account and server-side data deletion by contacting us at the email below. We process verified deletion requests within 30 days unless legal retention is required.
  • Local Data: You can clear local data by uninstalling the App
  • Withdraw Consent: You can withdraw consent for optional permissions at any time via device settings

8. Data Retention

We retain account data while your account is active. After a verified deletion request:

  • Profile and account-linked data are deleted within 30 days, except where retention is required by law or legitimate security needs
  • Synced data (for example bookmarks, progress, goals, qada records, favourites, and reports) is deleted or de-identified according to system requirements
  • Approved community submissions may remain published but are de-linked from account identity where feasible
  • Data stored locally on your device is not automatically removed by server-side deletion; you can clear it by uninstalling the App

9. App Store Data Disclosure

9.1 Apple App Store (iOS)

In accordance with Apple's App Privacy framework, summary categories may include:

  • Data Used to Track You: None. We do not track you across other companies' apps or websites.
  • Data Linked to You (if signed in): Account/contact data (name, username, email), user-generated content (reports/submissions), push token (when linked), and synced in-app activity/progress data
  • Data Not Linked to You (context-dependent): Guest push tokens and location used for zone detection

Final App Privacy labels are configured in App Store Connect for each released build.

9.2 Google Play Store (Android)

In accordance with Google Play Data Safety requirements, declarations may include:

  • Data collected: Account/contact info (optional sign-in), location (optional), app activity/progress data when synced, user-generated content, push token, and limited device metadata for push delivery
  • Data shared with service providers: As required for OAuth sign-in, push notification delivery, email delivery, and infrastructure hosting/content delivery
  • Security practices: Data encrypted in transit (HTTPS/TLS); users can request deletion

Final Google Play Data Safety declarations are maintained in Play Console and must match shipped app behavior.

10. Children's Privacy

Falah One is intended for a general audience. We do not knowingly collect personal information from children under 13 (or the applicable age in your jurisdiction) without appropriate consent. If you believe a child has provided personal information without proper consent, contact us and we will take appropriate action.

11. International Data Transfers

Our servers are located in Asia. If you use Falah One from other regions (including the EEA or UK), data transmitted to our services may be processed in another jurisdiction. By using cloud-backed features, you consent to this transfer. We implement reasonable safeguards for such transfers.

12. Permissions Explained

Falah One requests the following device permissions. All are optional, and you can use core features without granting them:

  • Location (ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION): Detect prayer zone and assist Qibla functionality
  • Exact Alarms (SCHEDULE_EXACT_ALARM): Schedule notifications at exact prayer times
  • Notifications: Deliver prayer and reminder notifications
  • Internet: Fetch prayer/content updates, authenticate, and sync cloud-backed data when used

13. Regional Privacy Rights

13.1 European Economic Area (GDPR)

If you are located in the EEA, you may have rights including access, rectification, erasure, restriction, and portability. Our legal bases include consent (for optional permissions/features), contract/performance of services, and legitimate interests (service security and operations). To exercise rights, contact us at the email below.

13.2 California (CCPA/CPRA)

If you are a California resident, you may have rights to know, correct, and request deletion of personal information. We do not sell personal information. To exercise rights, contact us at the email below.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted in-app and/or on our website with an updated date.

15. Contact Us

If you have questions or requests regarding this Privacy Policy or your personal data, please contact us at: