Your Privacy Matters

We collect the following categories of information to provide and improve our services:

• Account Information: When you register via Google Sign-In or Apple Sign-In, we collect your name, email address, and profile photo. This is stored securely in Firebase Authentication and Firestore.
• Location Data: We request access to your device's location to calculate accurate prayer times and determine the Qibla direction. Location data is processed primarily on-device. Coordinates are sent to our prayer time calculation provider (Aladhan API) solely to retrieve timing data. We do not store your location history or track your movement.
• Prayer & Usage Data: Records of your prayer completions, streaks, daily habits, and achievement badges to power your personal dashboard and accountability features. This data is stored in Firestore and associated with your account.
• Device Information: Device model, operating system version, preferred language, and FCM (Firebase Cloud Messaging) push notification tokens. These are necessary to deliver prayer reminders and optimize the app experience.
• Analytics Data: Anonymized usage information such as screen views, feature interactions, and crash reports collected via Firebase Analytics and Crashlytics. This data helps us understand how users interact with the app and identify issues.
• Support Communications: If you contact us via email or in-app support, we retain your message, email address, and any information you provide to assist you effectively.

We use the information we collect for the following purposes:

• Provide, maintain, and improve Prayio's core features including prayer time calculations, Qibla direction, and tracking
• Deliver personalized prayer time reminders and Adhan notifications at times you have configured
• Track your worship progress including prayer streaks, completion history, and achievement badges
• Enable social accountability features such as friends leaderboard, prayer pacts, and community rooms
• Respond to your support requests and troubleshoot technical issues
• Send important service updates, security alerts, and policy changes
• Analyze usage patterns to improve app performance, UI/UX, and feature relevance
• Detect and prevent fraud, abuse, unauthorized access, and security incidents
• Comply with applicable legal obligations and regulatory requirements

We do not sell, trade, or rent your personal information to third parties. Your trust is important to us. We share data only in these limited circumstances:

• Firebase (Google): We use Firebase for authentication (Firebase Auth), database (Cloud Firestore), storage (Cloud Storage), analytics (Firebase Analytics), crash reporting (Crashlytics), and push notifications (Firebase Cloud Messaging). Firebase processes data under Google's Privacy Policy and is GDPR-compliant.
• Aladhan API: When calculating prayer times, your device's latitude and longitude are sent to the Aladhan API. This is done directly from your device, not our servers. Aladhan does not store location data.
• Apple & Google Sign-In: If you use Apple Sign-In or Google Sign-In, authentication is handled by Apple and Google respectively. We receive only the profile information you authorize (name, email).
• Legal Requirements: We may disclose your information if required by law, court order, or government regulation, or to protect the rights, property, or safety of Prayio, our users, or the public.
• Business Transfers: In the event of a merger, acquisition, reorganization, or asset sale, your data may be transferred as part of the transaction. We will notify you via email and in-app notification before this occurs and ensure the recipient agrees to safeguard your data.

We retain your personal data only as long as necessary to fulfill the purposes described in this policy:

• Active Accounts: We retain your data while your account is active and you continue to use Prayio.
• Account Deletion: You may delete your account at any time from the app settings (Profile → Delete Account). Upon deletion, your profile, prayer records, achievements, and associated data are permanently removed within 30 days.
• Backups: Residual copies of your data may remain in our backup systems for up to 90 days after deletion, after which they are securely erased.
• Analytics Data: Anonymized analytics data that cannot be linked back to you may be retained for longer periods for product improvement.
• Legal Holds: We may retain data longer if required by applicable law or for legitimate legal dispute purposes.

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you by contacting us.
• Right to Rectification: Correct any inaccurate or incomplete personal data through your account settings or by contacting us.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data. You can delete your account directly in the app, or contact us for assistance.
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
• Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
• Right to Object: Object to certain types of data processing, including direct marketing.
• Right to Withdraw Consent: Withdraw your consent at any time for processing that is based on consent. This does not affect the lawfulness of processing before withdrawal.
• Right to Lodge a Complaint: You have the right to file a complaint with your local data protection authority if you believe your rights have been violated.

To exercise any of these rights, please contact us at technext96@gmail.com. We will respond within 30 days.

Prayio requests certain device permissions to deliver its features. Here is exactly what each permission is used for:

• Location (While Using App): Required to calculate accurate prayer times and Qibla direction based on your current position. Location is only accessed while the app is in use. We never access location in the background without your explicit consent, and we do not store your location history.
• Notifications: Used to deliver Adhan (prayer call) alerts, prayer time reminders, and achievement notifications at times you configure. You can customize or disable notifications at any time from your device settings.
• Microphone: Used only for Quran audio playback features. We do not record, store, or transmit any audio without your explicit action.
• Camera / Photo Library: Only accessed when you choose to take a new profile photo or select one from your gallery. We never access your camera or photos without your direct action.

You can review and manage these permissions at any time through your device settings. Prayio will continue to function with limited features if certain permissions are denied.

Prayio is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at technext96@gmail.com.

If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we will take steps to delete that information promptly. We encourage parents to monitor their children's online activities and app usage.

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between the Prayio app and our servers is encrypted using TLS (Transport Layer Security) 1.2+.
• Encryption at Rest: Data stored in Firebase Cloud Firestore and Cloud Storage is encrypted at rest using AES-256.
• Secure Authentication: We use Firebase Authentication with OAuth 2.0 (Google, Apple) for secure, token-based authentication. Passwords are never stored by us.
• Firebase Security Rules: All database access is protected by Firebase Security Rules that restrict read/write access to authenticated users and authorized operations only.
• Secure Token Storage: Authentication tokens and session data are stored securely using platform-native secure storage APIs (iOS Keychain, Android EncryptedSharedPreferences).
• Regular Security Reviews: We periodically review our codebase, dependencies, and infrastructure for potential vulnerabilities.

While we take these precautions seriously, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational reasons. When we make material changes:

• We will update the "Last updated" date at the top of this policy
• We will notify you via in-app notification and/or email at least 7 days before significant changes take effect
• We will seek your consent where required by applicable law

We encourage you to review this Privacy Policy periodically. Your continued use of Prayio after changes become effective constitutes your acceptance of the updated policy. If you do not agree with the changes, you may delete your account before they take effect.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please don't hesitate to reach out. We are here to help.