Privacy Policy

1. Introduction and Scope

Welcome to Sanad+, a mobile application designed as a prayer tracking and donation accountability tool for Muslims. Sanad+ is an app provided by MK Builds LLC. It is available on iOS (SwiftUI) and Android (Flutter) platforms. This Privacy Policy describes how Sanad+ collects, uses, and shares your information when you use our application.

We understand the sensitive nature of religious practice data and are committed to protecting your privacy. By using Sanad+, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect various types of information to provide and improve our service to you.

2.1 Personal Information

• Account Information: When you create an account, we collect your email address, display name, and a hashed version of your password.
• Profile Data: We collect optional profile information such as gender (male/female/unspecified), timezone, and language preference to personalize your experience.
• Authentication: We utilize Firebase Auth to manage user authentication, which may involve collecting data related to your email, Google Sign-In, or anonymous accounts.
• Contact Information: An optional phone number may be collected during onboarding for specific features or recovery purposes.

2.2 Religious Practice Data

• Prayer Completion Records: We record the date, time, and type of prayer (Fajr, Dhuhr, Asr, Maghrib, Isha) you mark as completed.
• Prayer Status: We track whether prayers are marked as on-time, late, or missed.
• Prayer Streaks: We analyze daily and weekly prayer completion patterns to help you track your progress.
• Prayer Notes: You may optionally add notes about your prayer completion.
• Congregational Prayer: We record whether prayers were performed in congregation if you choose to indicate this.

2.3 Location Data

• GPS Coordinates: We collect your latitude and longitude for accurate prayer time calculations.
• Location Permission: We request "When in use" location permission to ensure the accuracy of prayer times.
• Cached Location: Your location data may be stored locally on your device for offline prayer time calculations.
• Location Purpose: Location data is only used for prayer time calculations and is not used for tracking your movements or for any other purpose.

2.4 Usage and Analytics Data

• App Usage: We collect data on feature usage, session duration, and prayer completion actions to understand how our app is used.
• Token System Data: We track impact token earnings, deductions, and transaction history within the app's virtual token system.
• Notification Interactions: We monitor notification delivery and user interactions with notifications to improve their effectiveness.
• Performance Data: We collect app performance metrics, crash reports, and error logs to identify and fix issues.

2.5 Device Information

• Device Identifiers: We collect FCM (Firebase Cloud Messaging) tokens for push notifications.
• App Version: We record the current app version and build number.
• Platform Information: We collect information about your device's operating system (iOS/Android version) and device model.
• Network Information: We collect information about your connection type for API calls.

3. How We Use Your Information and Legal Basis for Processing

We use the collected information for various purposes, primarily to provide and improve the Sanad+ service. Our legal basis for processing your personal data depends on the data and the context in which we collect it.

3.1 Core App Functionality

• Prayer Time Calculations: Your location data is used to provide accurate prayer times based on your geographical position.
• Prayer Tracking: We record and store your prayer completion data to help you track your religious practice.
• Notifications: We use your data to send timely prayer reminder notifications.
• Token System: We manage impact token calculations and transactions within the app.

Legal Basis: Processing is necessary for the performance of the contract with you (to provide the app's core services) and, for sensitive religious data, based on your explicit consent.

3.2 Account Management

• User Authentication: Firebase Auth facilitates secure login and account management.
• Profile Management: We store and update your user preferences to personalize your app experience.
• Data Synchronization: Your data is synchronized across your devices to ensure consistency.

Legal Basis: Processing is necessary for the performance of the contract with you.

3.3 Analytics and Improvement

• App Analytics: We use Firebase Analytics to understand app usage patterns and improve features.
• Performance Monitoring: Firebase Performance helps us optimize app performance.
• Crash Reporting: Firebase Crashlytics assists in identifying and fixing bugs and errors.
• User Experience: We analyze usage data to continuously improve app features and user experience.

Legal Basis: Processing is based on our legitimate interests in improving our Service and, where required, your consent (e.g., for optional analytics tracking).

Anonymized/Aggregated Data: We may anonymize and aggregate your data (remove personal identifiers) for research, statistical analysis, and product improvement. Once anonymized, this data is no longer personal information and is used for purposes such as understanding usage trends and optimizing features without identifying individual users.

4. Third-Party Services and Data Sharing

We utilize various third-party services to operate and improve Sanad+. Your data may be shared with these services as necessary for their functions, always with a commitment to your privacy.

4.1 Firebase Services

We rely heavily on Google Firebase services for our backend infrastructure:

• Firebase Auth: For user authentication and account management.
• Cloud Firestore: As our primary database for storing user data and prayer records.
• Firebase Analytics: For app usage analytics.
• Firebase Crashlytics: For crash reporting and error tracking.
• Firebase Performance: For app performance monitoring.
• Firebase Messaging: For push notification delivery.
• Firebase Remote Config: For app configuration management.

4.2 External APIs

• Aladhan API: We send your latitude and longitude to the Aladhan API to retrieve accurate prayer times.
• Google Services: Used for Google Sign-In authentication.

4.3 Data Processing

• Location Services: We use Geolocator (Flutter) and CoreLocation (iOS) for precise location data collection.
• Local Storage: Hive (Flutter) and Core Data (iOS) are used for local data storage on your device for offline functionality.
• Notification Services: Flutter Local Notifications and UserNotifications handle local notification delivery.

4.4 Links to External Websites/Services

Our app may contain links to third-party websites or services (e.g., for charitable organizations you might donate to). Please be aware that we are not responsible for the privacy practices or the content of such other sites. This Privacy Policy applies solely to information collected by Sanad+. We encourage you to read the privacy policies of any third-party sites or services you visit.

5. Data Storage and Security

5.1 Data Storage

• Cloud Storage: Your user data and prayer records are primarily stored in Firebase Firestore.
• Local Storage: Some data is stored locally on your device for offline functionality and performance.
• Data Retention: Prayer logs and user data are generally retained until your account is deleted. We may retain certain data for a longer period if required by law or for legitimate business purposes (e.g., for financial records related to donations, or for backup and disaster recovery purposes for a limited time). Anonymized or aggregated data may be retained indefinitely.
• Backup: Automatic data synchronization across devices serves as a backup mechanism.

5.2 Security Measures

We implement robust security measures to protect your data:

• Encryption: Data is encrypted both in transit (e.g., via HTTPS/TLS) and at rest (on Firebase servers).
• Authentication: We use secure Firebase Auth implementation for user authentication.
• Access Controls: User data is isolated and accessed only via Firebase Auth UID, ensuring that only you can access your specific data.
• Regular Updates: We regularly apply security patches and updates to our systems and dependencies.

5.3 Data Breach Notification

In the unlikely event of a data breach, we are committed to promptly notifying affected users and relevant authorities in accordance with applicable data protection laws. Our notification will include information about the nature of the breach, the data potentially involved, and steps you can take to mitigate potential harm.

6. Your Rights and Choices

You have control over your information and how it's used.

6.1 Data Access

• View Your Data: You can access your prayer logs, token history, and profile data within the app.
• Export Data: (Feature planned) You will be able to request an export of your data.
• Update Information: You can modify your profile and preferences directly in the app settings.

6.2 Data Control

• Analytics Opt-out: You can disable analytics tracking in the app settings if you prefer not to share usage data. Your consent for analytics is managed through this in-app setting.
• Notification Preferences: You have full control over notification types and timing in your app settings.
• Location Services: You can disable location access through your device settings, but this will affect the accuracy of prayer time calculations.
• Token System: You may opt-out of the impact token system if you do not wish to participate.

"Do Not Track" Signals: Sanad+ currently does not respond to "Do Not Track" (DNT) signals. We adhere to the standards outlined in this Privacy Policy.

6.3 Data Deletion

• Account Deletion: You can delete your account and all associated data directly from the app.
• Local Data Deletion: You can clear all local data from your device through app settings or by uninstalling the app.
• Data Retention: After account deletion, there is a 30-day grace period during which your account can be recovered. After this period, data is permanently deleted, subject to any necessary legal retention periods as mentioned in Section 5.1.

7. Children's Privacy

Sanad+ is intended for users 13 years of age and older.

• Age Restrictions: The app is designed for users who are at least 13 years old.
• Parental Consent: If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to remove that information. Parental consent may be required for users under 13 to use the app.
• COPPA Compliance: We are committed to complying with the Children's Online Privacy Protection Act (COPPA) where applicable, including special handling for underage users.
• Data Collection: We limit data collection for minors to only what is necessary for the app's core functionality.

8. International Data Transfers

• Data Location: Firebase servers are located in multiple regions globally. Your data may be processed and stored on servers located outside of your country of residence.
• EU Data: We are committed to GDPR compliance for European users, ensuring adequate safeguards for data protection.
• Data Transfers: We ensure that any international data transfers are conducted with adequate safeguards, such as standard contractual clauses, to protect your privacy rights.

9. Updates to Privacy Policy

We may update our Privacy Policy from time to time.

• Notification: We will notify you of any significant changes by posting the new Privacy Policy on this page and/or through prominent in-app notifications.
• Consent: Your continued use of the app after any modifications to the Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.
• Version History: Previous versions of the Privacy Policy will be made available upon request. For accessibility, if you require this policy in an alternative format, please contact us using the information below.