Privacy Policy
Effective Date: November 1, 2025
Last Updated: November 1, 2025
1. Preamble
DeenDash AI ("we," "our," "ours") is a mobile application that provides:
- An Islamic AI assistant (Mufti GPT)
- Prayer times tracking with notifications
- Access to Qur'an, Hadith, and Du'a
- Personal spiritual practice tracking
We consider privacy protection as a sacred trust (amānah). This document explains what data we collect, why, how we protect it, and your rights.
2. Data Collected
| Category | Details | Stored Where? | Shared With? |
|---|---|---|---|
| Account | Email (optional), first name, madhab, language | Device + Encrypted Firestore | Never |
| Location | GPS coordinates once per request | Device only (cached 30 days) | Never |
| Spiritual Journey | Prayers, Qur'an pages, dhikr, charity, fasting | Encrypted Hive + optional Firestore sync | Never |
| Mufti GPT History | Questions + answers | Encrypted Hive + optional Firestore sync | OpenAI receives only question + Islamic excerpts (no PII) |
| Analytics | Crash reports, performance | Firebase Crashlytics | Google (anonymized) |
| Payment | Managed exclusively by Apple/Google | — | — |
We NEVER collect:
- Continuous location tracking
- Contacts, photos, microphone
- Browsing history
- Biometric data
- Financial information
3. Processing Purposes
| Purpose | Legal Basis (GDPR) |
|---|---|
| Prayer times calculation | Legitimate interest (core service) |
| Mufti GPT responses | Contract execution |
| Multi-device sync | Consent (toggle switch) |
| Stability improvement | Legitimate interest (anonymized) |
4. Data Security
| Layer | Protection |
|---|---|
| In transit | TLS 1.3, certificate pinning |
| At rest (device) | Hive AES-256 |
| At rest (cloud) | Firestore AES-256 + security rules (UID-only access) |
| API Keys | Server-side, rotated every 90 days |
| Backups | Encrypted, retained 180 days |
5. Third-Party Sharing
| Third Party | Data Sent | Purpose | Privacy Link |
|---|---|---|---|
| OpenAI | Question + Islamic excerpts | Response generation | openai.com/policies |
| Google Firebase | Anonymized crash & metrics | Stability | firebase.google.com/support/privacy |
| Apple / Google | Purchase receipt (no card) | Subscriptions | Apple/Google policies |
We never sell or rent any personal data.
6. Minors (COPPA / GDPR)
- Minimum age: 13 years
- Parental consent required for under 13 (email verification)
- No behavioral advertising
7. Your Rights
| Right | How to Exercise |
|---|---|
| Access | Settings → Data Management → Export JSON |
| Rectification | Edit profile anytime |
| Erasure | Settings → Delete Account (cloud data deleted within 30 days) |
| Objection / Restriction | Disable sync or analytics |
| Portability | Export JSON |
| Withdraw Consent | Disable sync |
8. Data Retention
| Type | Duration |
|---|---|
| Local (device) | Until uninstall or deletion |
| Cloud (active account) | As long as account exists |
| Cloud (inactive) | Deleted after 24 months |
| OpenAI Logs | 30 days (OpenAI policy) |
9. International Transfers
- Firebase: us-central1 (United States)
- Standard Contractual Clauses (GDPR) in place
10. Changes
Major changes → in-app notification + email (if provided). Continued use = acceptance.
11. Contact
Data Protection Officer
Email: privacy@deendash.io
© 2025 DeenDash AI. All rights reserved.