Privacy Policy

Effective: March 4, 2026  |  Last updated: May 1, 2026

The app name may appear localized in different languages, but this privacy policy applies to the same application across all localized storefront listings.

1. Data We Collect

MMKV (Local Device Storage)

The app stores your preferences locally on your device using MMKV, including: theme, language, font size, favorite duas, notification schedule, content pack preferences, custom duas (if created), daily dhikr settings, ready-made zikir group history, zikirmatik counts, religious calendar settings, and a local "My Impact" counter showing how many duas you have made for others. This data is never transmitted off your device, never shared with any service, and stays entirely local. It is readable only by the app itself.

Location, Prayer Times, Qibla, and AlAdhan

If you choose to use prayer times or Qibla direction, the app asks for foreground location permission. Your location is used only while you are using these features.

• Prayer times: The app sends rounded latitude and longitude coordinates to the AlAdhan prayer-times API to calculate monthly prayer times for your area. The returned prayer calendar is cached locally on your device so the app can work faster and reduce repeated network requests.
• Qibla direction: The app uses your current location to calculate the direction and distance to the Kaaba. It may also read device compass/heading information while the Qibla screen is open. Qibla bearing and compass heading are processed on your device and are not sent to our servers.
• Hijri and religious days: The app may request Hijri calendar and religious day data from AlAdhan using calendar method settings. This does not require your precise location.
• No background location: The app does not request or use background location. We do not continuously track your location.

For more information about AlAdhan, see: AlAdhan

Firebase (Anonymous Authentication, Firestore, Cloud Messaging)

Starting with version 2.0, the app uses Firebase services from Google to enable the optional Community Dua Request feature and push notifications:

• Firebase Anonymous Authentication: When you first open the Community tab, the app generates an anonymous Firebase user ID. This ID is a random string with no link to your real identity, device, name, email, or phone number. You never sign in, and you cannot be identified across devices.
• Cloud Firestore (dua requests): When you create a dua request, you select from predefined categories only. The app stores the selected category, timestamps, duration/expiration information, status, and counters in Firestore. Your anonymous user ID is NOT stored in the public dua request document. It is kept only in a private sub-document that no other user or client can read. This private metadata is used by our server to send you push notifications, manage request limits or queues, and prevent duplicate submissions. No free-text content, names, locations, or descriptions are stored for community dua requests.
• Cloud Firestore (dua actions): When you tap "I Made Dua for All" in the Community tab, the app records one small counter increment per request so that each user cannot double-count. These records are keyed by an opaque ID and carry no personal information.
• Push notification tokens (FCM V1): If you enable notifications, Firebase Cloud Messaging stores the device push token linked only to your anonymous Firebase user ID. This token is used to send: (a) daily reminder notifications for duas, dhikr, Esmaul Husna, emotional support messages, Quran verses, religious days, and prayer-related reminders based on your preferences, and (b) community notifications when other users make duas for your community dua request.
• Premium entitlement snapshot: If you purchase Premium, the app may store a server-side premium status snapshot tied to your anonymous Firebase ID so community duration, queue, and summary features can work reliably.
• Firebase App Check: The app uses Firebase App Check to help protect backend features from abuse. App Check may transmit app integrity tokens to Firebase as part of normal security verification.
• Automatic expiration: Community dua requests are temporary. They expire automatically based on the selected duration and are no longer shown as active after expiration. Some anonymous operational records may remain for a limited time to support summaries, abuse prevention, or queue behavior.

For more information, see: Firebase Privacy and Security and Google Privacy Policy

RevenueCat (In-App Purchases and Premium Subscription)

The app offers Premium with Weekly, Monthly, Yearly, and Lifetime options. Subscriptions may include a free trial when available in your storefront. Premium unlocks additional convenience and personalization features such as longer community dua request duration, request queue/history/summary features, advanced notification controls, extra content, and other premium-only tools. The free version contains no advertising.

All purchases are processed by Apple (App Store) or Google (Play Store) and verified through RevenueCat. RevenueCat records anonymous user IDs and purchase history solely to verify your entitlement status ("isPremium"). No personal information such as name, email, or phone number is collected by RevenueCat. The RevenueCat anonymous ID is distinct from the Firebase anonymous ID.

For more information, see: RevenueCat Privacy Policy

2. GDPR / EU Users

The app does not display advertising and does not use any ad-related tracking SDKs, so no advertising consent dialog is required under GDPR.

For Firebase and Community Dua Request data: because Firebase data is anonymous, category-only, and used to provide requested app functionality, we rely on legitimate interest as the legal basis for processing. You may stop Firebase community data collection at any time by not using the Community tab, disabling notifications, or uninstalling the app.

For prayer times and Qibla: location permission is optional and requested by the operating system before use. You can deny or revoke location permission at any time in your device settings.

3. Data We Do NOT Collect

• User accounts, login credentials, passwords, or registration information
• Names, email addresses, phone numbers, or any other contact information
• Advertising identifiers (IDFA, Advertising ID) — the app displays no ads and uses no ad SDKs
• Background location or continuous location tracking
• Contacts, calendar, photo library, microphone, or camera content
• Free-text messages, descriptions, or any user-written content (community dua requests are category-based only, with no text field)
• Analytics or behavioral tracking of any kind
• Server-side reading history — all bookmark, favorite, streak, and reading position data stays on your device
• Any link between your Firebase anonymous ID and your real identity, device model, or other apps

4. Data Retention

Different categories of data are retained for different durations:

• Local device data (MMKV): Retained on your device indefinitely until you uninstall the app or clear its data through your device's system settings. We never receive this data and cannot delete it remotely.
• Cached prayer times and religious calendar data: Stored locally on your device to improve performance and offline availability after the first load. You can remove it by uninstalling the app or clearing app data.
• Firebase community dua requests, private metadata, dua action records: Temporary community records expire automatically based on their selected duration and are removed from active community lists after expiration. Some anonymous operational records may be retained for a limited time for summaries, queue behavior, and abuse prevention.
• Firebase push notification tokens: Retained as long as your device remains registered. Tokens are refreshed automatically by the operating system and old tokens become invalid. If you uninstall the app or disable notifications, the token becomes stale and is eventually removed from our records.
• RevenueCat purchase history: Retained as long as your subscription is active, plus the minimum period required by applicable consumer protection and tax law (typically several years). This is handled entirely by RevenueCat under their own retention policies.

5. How to Delete Your Data

Because the app does not require an account, there is no central "delete my account" action. Different data categories can be deleted in different ways:

Local device data (bookmarks, preferences, streak, custom duas):

• Option A: Uninstall the app. All local data is permanently removed.
• Option B (Android only): Go to Settings → Apps → Namaz Vakti: Dua ve Zikir → Storage → Clear Data. iOS does not provide a separate "clear data" option; deleting the app achieves the same result.

Location permission:

You can revoke location access at any time from your device settings. Without location access, prayer times and Qibla direction may not work or may require future manual-location support.

Firebase community dua request data (anonymous):

Because community data is anonymous and temporary, no manual deletion is usually required. If you want to delete an active dua request before it expires, contact us (see below).

Firebase push notification token:

Disable notifications from the app's Settings screen, or disable notifications for Namaz Vakti: Dua ve Zikir in your device's system settings. This will invalidate the token. Uninstalling the app also invalidates the token.

RevenueCat purchase history:

Purchase records cannot be deleted while a subscription is active, due to consumer protection and tax requirements. To request deletion after your subscription ends, contact RevenueCat via their Privacy Policy link above, or contact us and we will forward the request.

General deletion request:

If you have any other data deletion concern, contact us at skyes@yasirkara.com and we will respond within a reasonable time.

6. Children's Privacy

The app is rated 4+ / Everyone. We do not knowingly collect personal information from children under the age of 13. Because the app does not request names, emails, or any identifying information, and because the Community Dua Request feature is category-only with no free text, no user-identifying child data can be collected through community requests. If you are a parent or guardian and have concerns, please contact us.

7. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the app constitutes acceptance of any changes. Major changes (such as the introduction of new data-collecting features) will be announced in release notes on the app stores.

8. Contact

For privacy-related questions or deletion requests: skyes@yasirkara.com