Privacy Policy

We collect information you provide directly and automatically when you use our services. This includes:

We use your information for the following purposes:

• Service Provision: Provide, operate, and maintain our AI-powered Islamic guidance platform
• Personalization: Customize your experience based on your onboarding responses and usage patterns
• AI Training: Use your questions and responses to improve and train our AI models (conversations remain private and are not shared publicly)
• Communication: Send you service-related notifications, updates, and respond to your inquiries
• Payment Processing: Process transactions through third-party payment processors
• Analytics: Analyze usage patterns to improve our services and user experience
• Error Monitoring: Detect, diagnose, and fix technical errors and performance issues
• Security: Protect against fraud, bots, unauthorized access, and ensure platform security
• Legal Compliance: Comply with applicable laws, regulations, and legal processes

Legal Basis for Processing (GDPR): We process your personal data based on your consent, contract performance, legitimate interests (service improvement and security), and legal obligations.

We may share your information with the following third parties:

• Cloudflare: Content delivery network, security services, and bot protection (Turnstile captcha)
• Cloudflare Monitoring: Web analytics for tracking website usage, page views, and visitor statistics (privacy-focused analytics that doesn't track individual users)
• Sentry: Error monitoring and performance diagnostics to help us identify and fix technical issues
• Hostinger: Web hosting, infrastructure services, database hosting (where your account data, chat history, and personal information are stored in European data centers), and email hosting
• RackNerd LLC: Backend infrastructure hosting (European and United States data centers)
• Google (Gmail): Email communications and customer support correspondence
• OpenAI: AI model provider for generating responses to your questions
• Payment Processors: Third-party merchants of record for processing payments
• Analytics Providers: Google Analytics and Cloudflare Monitoring for website usage statistics and analytics (only with your consent via Cloudflare cookie consent)
• Legal Authorities: When required by law, court order, or to protect our rights and safety

We do not sell your personal information.

Important: Your conversations are private and are never shared publicly or with other users. We only share conversation data with our AI service provider (OpenAI) as necessary to provide the service.

We use cookies and similar tracking technologies through Cloudflare and analytics providers. We respect your privacy choices and only insert tracking cookies if you provide consent through our Cloudflare cookie consent mechanism.

If you do not consent to tracking cookies, we will not insert tracking technologies, though essential cookies may still be used for site functionality.

For comprehensive details about the cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection laws, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Request your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for data processing where consent is the legal basis
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, please use our Data Subject Rights Request form or contact us at [email protected]. We will respond to your request within 30 days as required by GDPR.

Retention Period: We retain your personal data, including chat conversations, indefinitely while your account is active. This allows us to provide you with access to your conversation history and improve our services.

Account Deletion: When you delete your account, we immediately remove all personally identifiable information (PII) associated with your account. However, we may retain certain anonymized or aggregated data as required by law or for legitimate business purposes (such as maintaining service integrity and preventing fraud). Some information may also be retained for a limited period as required by applicable legal obligations.

Data Export: You can request and export your data, including your chat history, at any time before deleting your account.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, misuse, or alteration. These measures include encryption, access controls, secure hosting, and regular security reviews.

Security Limitations and Disclaimers: Despite our efforts, we must inform you of the following limitations:

• No online system can guarantee absolute security. Data transmission over the internet carries inherent risks.
• We rely on third-party infrastructure providers (Cloudflare, Hostinger, RackNerd LLC, Sentry, OpenAI) who maintain their own security measures. We cannot guarantee or be held liable for security breaches originating from these third-party systems.
• You are responsible for maintaining the security of your account credentials. We are not liable for unauthorized access resulting from compromised credentials.
• We cannot guarantee protection against all types of cyber attacks, including but not limited to distributed denial-of-service (DDoS) attacks, zero-day exploits, or sophisticated hacking attempts.

Data Breach Notification: In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach. However, we are not liable for damages resulting from data breaches beyond what is required by applicable law.

Data Storage Location: Your primary account data, chat history, and personal information are stored in European data centers through Hostinger. RackNerd LLC provides backend infrastructure hosting in both European and United States data centers.

International Transfers: Some of our service providers may process your data outside the European Economic Area (EEA), including:

• OpenAI (United States): Processes your chat messages to generate AI responses
• Sentry (United States): Processes error logs and diagnostic data for technical issue resolution
• Google/Gmail (United States): Processes email communications and analytics data (with consent)
• RackNerd LLC (United States): Provides backend infrastructure hosting services in United States data centers
• Cloudflare (Global): Processes data through their global network for security and performance

Data Protection Safeguards: For transfers from the EEA to countries outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Reliance on service providers' data protection frameworks and certifications
• Contractual commitments to protect your data in accordance with GDPR and applicable data protection laws

Your Consent and Acknowledgment: By using our services, you explicitly acknowledge and consent to the international transfer of your data as described above, including to countries that may not have the same level of data protection as your country of residence. While we take reasonable steps to ensure your data remains protected, we cannot guarantee the same level of protection in all jurisdictions. To the maximum extent permitted by law, we are not liable for any data protection issues arising from international data transfers or the laws and practices of foreign jurisdictions.

Our services are not intended for children under the age of 13 (or the minimum age in your jurisdiction, whichever is higher). We do not knowingly collect personal information from children.

Parental Responsibility: If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately. We will take steps to delete such information. However, we are not responsible for verifying the age of users and cannot be held liable if minors access our services without proper parental supervision.

By creating an account or using our services, you represent and warrant that you are at least 13 years old (or the minimum age in your jurisdiction) and have the legal capacity to enter into this agreement.

We reserve the right to update, modify, or replace this Privacy Policy at any time, at our sole discretion, without prior notice. We will update the "Last Updated" date at the top of this policy when changes are made.

Your Responsibility: It is your responsibility to review this Privacy Policy periodically for changes. We may, but are not obligated to, notify you of material changes by email or through our service.

Acceptance of Changes: Your continued use of our services after any modifications to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree to the modified policy, you must immediately stop using our services and may request deletion of your account.

Privacy Policy Scope: This Privacy Policy explains how we collect, use, and protect your personal information. It does not create any warranties, representations, guarantees, or liabilities beyond those expressly set out in this policy and our Terms of Service.

No Guarantees: To the maximum extent permitted by applicable law, we make no representations or warranties regarding the security, privacy, or confidentiality of your data. We do not guarantee that our security measures will prevent unauthorized access, data loss, or breaches.

Third-Party Liability: We are not responsible or liable for the privacy practices, security measures, data breaches, or any actions of third-party service providers (including but not limited to Cloudflare, Sentry, Hostinger, OpenAI, Google, and payment processors). You acknowledge that your data will be processed by these third parties and you accept all associated risks.

Maximum Liability: To the maximum extent permitted by law, our total liability for any privacy-related claims, data breaches, or security incidents shall not exceed the amount you paid us (if any) in the 12 months preceding the incident. If you use our services free of charge, our liability shall be zero.

Terms of Service: Your access to and use of our websites, apps, and AI tools are governed by our Terms of Service, which include additional important disclaimers and limitations of liability. In the event of any conflict between this Privacy Policy and the Terms of Service, the Terms of Service will control to the extent permitted by law.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: