Contents
At Zabiya, your privacy is non-negotiable. We build the app around one simple promise: no data sold, no behavioural ads, no surveillance. This policy explains exactly what we collect, why, and your rights.
1. Who we are
Zabiya is an all-in-one Islamic app (Quran, prayer, qibla, AI Sheikh and more) operated by Zabiya, reachable at contact@zabiya.org. We act as data controller under the GDPR.
2. Data we collect
Data you provide
- Account: email, name (if you create an account), hashed password (bcrypt).
- Spiritual preferences: madhhab, prayer calculation method, language, preferred reciter.
- AI Sheikh prompts: your question and the answer, encrypted in transit and at rest.
Data collected automatically
- Location: only with your permission, used for qibla and prayer times. Never shared with third parties.
- Technical identifiers: device, OS, app version, system language — for crash reporting.
- Cookies / SharedPreferences: see our cookie policy.
3. How we use your data
- Provide the service (account, prayer times, qibla, AI Sheikh).
- Improve the app (aggregated, anonymised analytics).
- Send adhan or daily routine notifications (you can disable them anytime).
- Comply with our legal obligations.
4. Third-party sharing
We share data only with processors necessary to run the service:
- Hosting: Namecheap / OVH (EU).
- AI Sheikh: Anthropic Claude (prompts transit; no reuse for model training).
- Push notifications: Firebase Cloud Messaging (Google).
- Donations: Stripe (PCI-DSS Level 1).
5. Your rights (GDPR / CCPA)
At any time you have the right to:
- Access your data (Art. 15 GDPR)
- Correct it (Art. 16)
- Request erasure / "right to be forgotten" (Art. 17)
- Restrict or object to processing (Art. 18-21)
- Receive your data in a portable format (Art. 20)
- File a complaint with your supervisory authority
To exercise these rights: contact@zabiya.org — replies within 30 days.
6. Security
TLS 1.3 in transit, AES-256 at rest for sensitive data, bcrypt password hashing, EU hosting, regular security audits.
7. Retention
Active account: for as long as you use Zabiya. Inactive account: auto-deleted after 3 years. AI Sheikh data: 90 days then purged.
8. Children
Zabiya is for all ages. Kids Mode collects no personal data from children. COPPA and GDPR-Kids compliant.
9. Changes
Any material update to this policy is announced in-app at least 30 days before it takes effect.
10. Contact
Data Protection Officer: contact@zabiya.org.