Naar de inhoud
İbadetim

Legal

Privacybeleid

Laatst bijgewerkt

İbadetim(“we”, “our”, “us”) builds a mobile application (the “App”) and this accompanying website (the “Site”) that help Muslims with prayer times, the Quran, the Qibla direction, dhikr, hadith, and the Hatim Brotherhood — a social reading circle for finishing the Quran together. This Privacy Policy explains, in plain language, what data we collect, why we collect it, who we share it with, and the rights you have over your information. It applies to the App on iOS and Android, and to this Site at ibadetim.app.

1. Data we collect

1.1 Account data

When you sign in we use Firebase Authentication (Google LLC) to manage your identity. Depending on the sign-in method you choose we receive your email address, display name, and (optionally) a profile photo URL. We do not see or store your password — Google handles credentials for us.

1.2 Profile data we sync to Supabase

To deliver a personalised experience we keep a small profile row in our Supabase Postgres database. It contains your country code, the language you have chosen for the App, your Premium status, and your FCM push token so we can send prayer reminders and Hatim updates. The row is keyed to your Firebase user ID and protected by row-level security: only your authenticated session can read or modify it.

1.3 Prayer-time location

To show accurate prayer times we need a location. You can choose between two methods:

  • GPS coordinates via the system Geolocator. When you opt in, the coordinates are used to compute the nearest district and to refresh home-screen widgets. The raw latitude and longitude are only stored locally on your device for widget caching; they are not transmitted to our servers.
  • Manual selection from a list of cities and districts (e.g. a Diyanet İşleri Başkanlığı district ID). Only the district identifier — never your raw coordinates — is sent to our servers.

1.4 Hatim Brotherhood data

If you join or create a Hatim group, we store your group memberships, the juz you are reading, your reading progress, your join requests, and the chat messages you post inside the group. Chat messages are encrypted in transit and are scanned by an automated AutoMod filter on the server to remove spam and abuse.

1.5 Community module

The optional Community module lets you publish posts, comment on others' posts, and like or report content. We store the posts, comments, likes, and reports you create. Reports are reviewed by our moderators.

1.6 Analytics

We use Firebase Analyticsto understand how the App is used (page views and feature events such as “qibla calibrated” or “hatim joined”). These events contain no message contents and no personal information beyond a random pseudonymous installation identifier. We do not collect advertising identifiers from EU/UK users who decline consent in our Apple App Tracking Transparency or Google UMP prompts.

1.7 Crash logs

In production, when the App encounters an unexpected error, a row is written to a Supabase error_logs table containing the stack trace, App version, OS, and a request identifier. Crash logs are scrubbed of personally identifiable information before insertion.

2. Data we do not collect

We do notcollect or upload: your contacts, your microphone audio, your camera roll, files outside the App's own storage, your browsing history outside the App, your SMS messages, or your call log. The camera permission is requested only when you live-capture a profile photo, and the captured photo is never stored or transmitted without your explicit confirmation.

3. Third parties we share data with

We use a small set of vendors to operate the service. Each acts on our instructions only:

  • Firebase (Google LLC) — authentication, push notifications, and analytics.
  • Supabase Inc. — Postgres database, file storage, and row-level-security gateway, hardened with Firebase token verification.
  • Diyanet İşleri Başkanlığı API — prayer-time lookups for Turkey-served districts.
  • alquran.cloud — Quran text and translation feeds.
  • hadeethenc.com — multi-language hadith library feeds.
  • Pixabay — daily content imagery (no PII shared).
  • GoldAPI — gold and silver prices for the optional zakat calculator (no PII shared).
  • Cloudflare Workers — our custom daily content delivery edge.
  • Google AdMob— only on the free tier and only if you grant consent through Apple's App Tracking Transparency prompt or Google's UMP consent dialog.
  • Apple App Store and Google Play Billing — for in-app purchases of Premium. We never see your payment-card details.

4. Children

The App is not directed at children under 13. We do not knowingly collect data from children under 13 and we comply with the U.S. Children's Online Privacy Protection Act (COPPA). If you are a parent or guardian and you believe your child has provided us with personal data, please contact support@ibadetim.app and we will delete it.

5. GDPR / KVKK rights

If you are in the European Economic Area, the United Kingdom, or Turkey, you have the rights of access, rectification, erasure, restriction of processing, data portability, and objection. To exercise any of these rights, email support@ibadetim.app from the email address registered on your account. We will respond within 30 days.

6. Apple App Tracking Transparency

On iOS we display the Apple App Tracking Transparency prompt only for the purpose of personalised advertising on the free tier. Declining the prompt does not reduce App functionality in any way; you simply see contextual (non-personalised) ads instead of personalised ones.

7. Push notifications

We send notifications for upcoming prayers, dhikr reminders you schedule, and updates from your Hatim groups. You can disable any subset of these in Settings → Notificationsinside the App, or all of them at once in your device's system settings. We do not send marketing push notifications.

8. Data retention

Account and profile data is retained for as long as your account exists. When you delete your account, we delete your profile, analytics pseudonyms, and Hatim memberships within 30 days. Hatim group messages persist for the lifetime of the group so that the remaining members can keep their conversation history; your messages are anonymised (“Former member”) once you leave.

9. Account deletion

You can delete your account at any time from Settings → Sign Out → Delete account inside the App. You can also email support@ibadetim.app from the email address registered on your account and we will delete it manually. Either way, deletion completes within 30 days.

10. Security

All traffic to and from our servers uses TLS 1.2 or higher. Sensitive preferences on your device are stored using flutter_secure_storage, which uses the iOS Keychain on iOS and Android Keystore on Android. Our Postgres database enforces row-level security and verifies a fresh Firebase ID token on every request, so a leaked anonymous key cannot read other users' data.

11. Changes to this policy

When we change this policy in a material way we will notify you via an in-App banner the next time you open the App, and we will update the “Last updated” date at the top of this page. Your continued use of the App after a change constitutes acceptance of the revised policy.

12. Contact

For privacy questions, requests, or complaints, contact support@ibadetim.app. We answer every email personally.