Privacy Policy

1. Introduction

Sirat Studio SMC Private Limited ("Company", "we", "us", or "our") operates the IslamiQ mobile application ("App", "Services").

This Privacy Policy explains how we collect, use, store, protect, and share your personal information when you use IslamiQ.

Our Commitment

Your privacy matters. We are committed to protecting your personal data and handling it responsibly in compliance with applicable laws, including:

• General Data Protection Regulation (GDPR) - European Union

• California Consumer Privacy Act (CCPA) - United States

• Personal Data Protection laws where applicable

By using IslamiQ, you consent to the data practices described in this Privacy Policy.

Key Information

• Data Controller: Sirat Studio SMC Private Limited

• Contact: info@islamiq.co.uk

• Address: 227, 39, F11/3, Islamabad, 44000, Pakistan

• Websites: islamiq.co.uk | siratstudio.com

2. Information we collect

2.1 Information You Provide Directly

Account Registration

When you create an account, we collect:

• Email address (for email/password signup)

• Name (if you sign in with Apple or Google)

• Authentication tokens (managed securely by Firebase)

• Profile information (optional - photo, preferences)

User-Generated Content

• AI Conversations: Questions you ask the AI scholars

  • 🔴 [DEV CONFIRM: We store chat history for [30 days/indefinitely/until you delete it]]

  • 🔴 [DEV CONFIRM: Do we analyze conversations to improve AI? Yes/No]

• Likes & Favorites: Insights you mark as favorite (used for recommendations)

• Settings & Preferences: Theme, language, notification preferences

Payment Information

• We do NOT collect or store credit card information

• All payments are processed by Apple App Store or Google Play Store

• We only receive: Transaction ID, subscription status, purchase date

2.2 Information Collected Automatically

Device Information

We automatically collect:

• Device type: iPhone, Android phone, tablet

• Operating system: iOS version, Android version

• App version: Which version of IslamiQ you're using

• 🔴 [DEV CONFIRM: Do we collect: Device ID, IP address, mobile carrier, screen resolution?]

Usage Analytics

We track how you use the App:

• Features used: Which scholars you chat with, which Insights you listen to

• Session data: How often you open the App, how long you stay

• ILM Credits usage: How many questions you ask, when you run out of credits

• Ad interactions: Which ads you watch (if applicable)

• 🔴 [DEV CONFIRM: Which analytics platform - Firebase Analytics only, or others like Mixpanel, Amplitude?]

• 🔴 [DEV CONFIRM: Do we track crash reports? (Firebase Crashlytics, Sentry, etc.)]

Location Data

• Why we need it: To calculate accurate prayer times and Qibla direction

• When we access it: 🔴 [DEV CONFIRM: Always / Only when using prayer features / When app is open]

• What we collect: Precise GPS coordinates

• Storage: 🔴 [DEV CONFIRM: Do we store location history? If yes, for how long?]

• Opt-out: You can deny location permission (prayer features won't work)

2.3 Information from Third Parties

Third-Party Sign-In

Apple Sign-In:

• Your name (optional - you can hide it)

• Your email (or Apple's private relay email if you choose to hide)

• Unique Apple user ID

Google Sign-In:

• Your name

• Your email address

• Profile photo (if public)

• Unique Google user ID

Third-Party Services

We share data with these service providers (see Section 5):

• Firebase (Google): Authentication, database, analytics, storage

• OpenAI: Your questions are sent to OpenAI API for processing

• AdMob (Google): Device ID and ad interaction data for free users who watch ads

• Chatterbox AI: Used to generate audio narrations (no personal data shared)

• Hetzner: Our hosting provider (servers in 🔴 [DEV CONFIRM: UK/Germany/other])

3. How we use your Information

3.1 Provide & Improve Services

• Operate the App: Enable login, store your preferences, manage subscriptions

• Process AI Conversations: Send your questions to OpenAI API and retrieve responses using RAG

• Calculate Prayer Times: Use your location to provide accurate prayer schedules

• Qibla Direction: Use your location and device orientation to show Qibla

• Personalize Experience: Recommend Insights based on your interests

• Improve Quality: Analyze usage to fix bugs and enhance features

3.2 Communication

• Push Notifications: Prayer reminders, new Insights, achievement badges, goal reminders

• Email: Account confirmations, subscription receipts, important updates

• Support: Respond to your questions and resolve issues

3.3 Analytics & Research

• Usage Patterns: Understand which features are popular, which scholars users prefer

• Performance Monitoring: Track app crashes, loading times, errors

• A/B Testing: Test new features with subset of users to improve experience

• 🔴 [DEV CONFIRM: Do we use analytics for marketing attribution? (track where users come from)]

3.4 Security & Fraud Prevention

• Detect Abuse: Identify fake accounts, credit card fraud, bot activity

• Prevent Unauthorized Access: Monitor suspicious login attempts

• Enforce Terms: Detect and prevent violations of our Terms of Service

3.5 Legal Compliance

• Tax & Accounting: Maintain records as required by law (7 years for financial records)

• Legal Requests: Respond to court orders, subpoenas, or law enforcement requests

• Protect Rights: Enforce our legal rights and defend against claims

4. Cookies & Tracking technologies

4.1 Mobile App Tracking

Our App uses these tracking technologies:

• Firebase Analytics: Tracks features used, session duration, user flows

• AdMob Advertising ID: 🔴 [DEV CONFIRM: Used for personalized ads? Or non-personalized?]

• Session Storage: Temporary data to maintain your login and preferences

• 🔴 [DEV CONFIRM: Any other SDKs that collect data? Facebook SDK, Branch.io, etc.]

4.2 Website Cookies (islamiq.co.uk)

🔴 [DEV CONFIRM: Does your marketing website use cookies? If yes, specify types:]

• Essential cookies (site functionality)

• Analytics cookies (Google Analytics, etc.)

• Marketing cookies (ad tracking, retargeting)

If you use cookies on your website, you MUST show a cookie consent banner for EU visitors.

4.3 Opt-Out Options

Mobile Advertising ID:

• iOS: Settings → Privacy & Security → Tracking → Toggle OFF "Allow Apps to Request to Track"

• Android: Settings → Google → Ads → "Delete advertising ID" or "Opt out of Ads Personalization"

Firebase Analytics:

• 🔴 [DEV CONFIRM: Can users opt-out of analytics in-app? If yes, where?]

• Alternatively, users can reset their Advertising ID (see above)

5. How we share your information

🔒 We Do NOT Sell Your Personal Information

We only share your data in these limited circumstances:

5.1 Service Providers (Third-Party Tools)

We share data with trusted service providers who help us operate IslamiQ:

🔴 [DEV CONFIRM: Any other services? Push notification provider, email service (SendGrid, Mailgun), customer support (Intercom, Zendesk), etc.]

These service providers are contractually obligated to:

• Protect your data

• Use it only for the specified purposes

• Not sell or share it with third parties

5.2 Legal Requirements

We may disclose your information if required by law:

• Court orders or subpoenas

• Law enforcement requests (with valid legal process)

• Government investigations

• Protect public safety (prevent harm, fraud, illegal activity)

5.3 Business Transfers

If Sirat Studio is acquired or merged with another company:

• Your information may be transferred to the new entity

• We will notify you via email and in-app notification

• The new entity must honor this Privacy Policy

5.4 Anonymized & Aggregated Data

We may share anonymized, non-identifiable data:

• "80% of users prefer Imam al-Ghazali's insights"

• "Average session time is 12 minutes"

• "Most popular feature is Quran reading"

This data cannot identify you individually.

6. Data retention

6.1 While Your Account is Active

• Account data: Retained as long as your account exists

• Chat history: 🔴 [DEV CONFIRM: Stored for 30 days / until you delete / indefinitely]

• Location data: 🔴 [DEV CONFIRM: Stored locally only / sent to servers / not stored]

• Usage analytics: Retained for up to 2 years, then aggregated anonymously

• Financial records: Retained for 7 years (legal requirement for tax/accounting)

6.2 Inactive Accounts

If you don't use IslamiQ for 1 year:

• We will send an email reminder: "Your account will be deleted in 30 days"

• If you don't log in within 30 days, we delete your account

• Exception: Financial records retained for legal compliance

6.3 After Account Deletion

When you delete your account:

• ✅ Immediately deleted: Account info, chat history, preferences, saved items

• ✅ Cannot be recovered: Deletion is permanent

• ⚠️ Retained anonymously: Aggregated analytics (cannot identify you)

• ⚠️ Legal retention: Financial records (7 years), transaction logs (fraud prevention)

• ⚠️ Backup purge: Deleted from backups within 30 days

7. Data security

7.1 How We Protect Your Data

Encryption:

• 🔴 [DEV CONFIRM: All data transmitted between your device and our servers is encrypted using TLS 1.2/1.3]

• 🔴 [DEV CONFIRM: Data at rest is encrypted using [specify: Firebase encryption, AES-256, etc.]]

Access Controls:

• 🔴 [DEV CONFIRM: Only authorized personnel have access to user data: founders, developers, customer support, etc.]

• Role-based permissions (developers see only what they need)

• Two-factor authentication for internal systems

Monitoring:

• Automated alerts for suspicious activity

• Regular security audits

• Intrusion detection systems

Infrastructure:

• Servers hosted by Hetzner (🔴 [DEV CONFIRM: location - UK/Germany])

• Firebase (Google's enterprise-grade security)

• Regular backups (encrypted and secured)

7.2 Data Breach Response

If your personal data is compromised:

• ✅ We will notify you within 72 hours of discovering the breach

• ✅ Notification includes: What data was affected, what we're doing, what you should do

• ✅ We will report to authorities as required by GDPR/CCPA

• ✅ We will take immediate action to secure systems and prevent further breaches

7.3 Your Responsibility

• Use a strong password (mix of letters, numbers, symbols)

• Don't share your account with others

• Log out on shared devices

• Report suspicious activity to info@islamiq.co.uk

Note: No system is 100% secure. While we implement industry-standard security measures, we cannot guarantee absolute security.

8. Your Privacy rights

8.1 Rights for All Users

✅ Access: Request a copy of your personal data
✅ Correction: Update inaccurate or incomplete information
✅ Deletion: Delete your account and all personal data
✅ Opt-Out: Disable notifications, location access, or analytics tracking

How to exercise these rights:

• Account Deletion: Settings → Account → Delete Account

• Data Access/Correction: Email info@islamiq.co.uk

• Notifications: Device settings → IslamiQ → Notifications → OFF

• Location: Device settings → IslamiQ → Location → Never

8.2 GDPR Rights (EU/UK/Switzerland Users)

If you're in the European Economic Area, UK, or Switzerland, you have additional rights:

📋 Data Portability: Receive your data in a machine-readable format (JSON, CSV)
⏸️ Restriction: Restrict processing in certain circumstances
🚫 Object: Object to processing based on legitimate interests
🔄 Withdraw Consent: Withdraw consent at any time (doesn't affect prior processing)
⚖️ Lodge Complaint: File a complaint with your local Data Protection Authority

GDPR Legal Basis for Processing:

• Consent: You agreed to these terms when creating an account

• Contract: Processing necessary to provide Services you requested

• Legitimate Interest: Improve Services, prevent fraud, ensure security

• Legal Obligation: Tax records, legal compliance

International Data Transfers:

• Your data may be transferred to the United States (Firebase, OpenAI, AdMob)

• We use Standard Contractual Clauses (SCCs) approved by the EU Commission

• Google has Privacy Shield successor certifications

8.3 CCPA Rights (California Users)

If you're a California resident, you have these rights:

🔍 Know: Know what personal information we collect, use, and share
📥 Access: Request a copy of your personal information (up to 2x per year, free)
🗑️ Delete: Request deletion of your personal information
🚫 Opt-Out of Sale: We do NOT sell your info, so nothing to opt out of
⚖️ Non-Discrimination: We won't discriminate against you for exercising CCPA rights

California Privacy Rights Disclosure:

• Personal info collected: See Section 2

• Sources: Directly from you, automatically from device, from third parties

• Purpose: See Section 3

• Shared with: See Section 5

• Sold: NO - we do not sell personal information

• Retention: See Section 6

8.4 How to Exercise Your Rights

Email us: info@islamiq.co.uk
Subject line: "Privacy Rights Request - [Your Request]"
Include:

• Your name and email address

• Specific request (access, deletion, correction, etc.)

• Proof of identity (to protect your privacy)

Response time: We respond within 30 days
Verification: We may ask for additional information to verify your identity

9. Childern's Privacy

9.1 All Ages Welcome

IslamiQ is a religious and educational app suitable for all ages, including children. However, we are committed to protecting children's privacy.

9.2 COPPA Compliance (Under 13)

• We do NOT knowingly collect personal information from children under 13 without parental consent

• If we discover a child under 13 has provided personal info, we delete it immediately

• Parents: If your child has created an account, please contact us at info@islamiq.co.uk

9.3 Features Accessible Without Account

Children can use these features without creating an account (no data collection):

• Quran reading/listening 

• Insights reading/listening 

• Hadith browsing

• Prayer times (requires location, but can be used without account)

• Qibla direction (requires location, but can be used without account)

To access AI conversations and Premium Insights, an account is required. We do not allow children under 13 to create accounts.

9.4 Parental Responsibility

• Parents/guardians should supervise their children's use of the App

• We recommend parents review this Privacy Policy with their children

• Parents may delete their child's account at any time

10. International data transfers

10.1 Where Your Data is Stored

IslamiQ is operated from Pakistan, but uses service providers in multiple countries:

10.2 Data Protection Measures

When transferring data internationally, we ensure:

• ✅ Standard Contractual Clauses (SCCs) approved by EU Commission

• ✅ Service Provider Certifications (Google's Privacy Shield successor)

• ✅ Encryption in Transit (TLS/SSL)

• ✅ Your Consent (by using the App)

10.3 EU-US Data Transfers

• US companies we work with (Google, OpenAI) have implemented Privacy Shield successor frameworks

• We use SCCs to ensure GDPR-level protection

11. Do Not Track (DNT)

• Some browsers offer "Do Not Track" (DNT) signals

• 🔴 [DEV CONFIRM: We [do/do not] respond to DNT signals]

• Recommended approach: "We do not currently respond to DNT signals, but you can opt-out of tracking using device settings (see Section 4.3)"

12. California "SHINE THE LIGHT" law

California residents can request information about personal information shared with third parties for direct marketing purposes.

Our Response: We do NOT share your personal information with third parties for their direct marketing purposes.

13. Changes to this privacy policy

13.1 Updates

We may update this Privacy Policy to reflect:

• Changes in data practices

• New features or services

• Legal or regulatory requirements

• User feedback

13.2 Notification

When we make changes:

• ✅ "Last Updated" date is revised

• ✅ Updated policy posted in the App

• ✅ For material changes: Email notification 30 days before changes take effect

• ✅ Continued use after changes = acceptance of new policy

13.3 Your Options

If you don't agree to the updated Privacy Policy:

• Stop using the App

• Delete your account before changes take effect

• Contact us with concerns: info@islamiq.co.uk

14. Contact us

14.1 Privacy Questions

If you have questions about this Privacy Policy or our data practices:

Email: info@islamiq.co.uk
Subject: "Privacy Inquiry"

We respond within 30 days (72 hours for urgent security matters)

14.2 Data Controller

Sirat Studio SMC Private Limited
Product: IslamIQ
Principal: Farooq Khan
Product Manager: Imran Abbasi
Address: 227, 39, F11/3, Islamabad, 44000, Pakistan
Websites: islamiq.co.uk | siratstudio.com

14.3 EU Representative

🔴 [DEV/LEGAL INPUT: If you have substantial EU users, you may need to appoint an EU representative under GDPR Article 27. This is typically required if you're targeting EU users at scale. Consult with a lawyer if needed.]

14.4 Data Protection Authority

EU/UK Users: You have the right to lodge a complaint with your local Data Protection Authority if you believe we have violated GDPR.

Find your DPA:

• EU: https://edpb.europa.eu/about-edpb/board/members_en

• UK: https://ico.org.uk/

15. Acknowlegment

BY USING ISLAMIQ, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY.

If you do not agree, please do not use our Services.

Privacy policy summary (Quick Reference)

Last Updated: February 7, 2026

END OF PRIVACY POLICY