1. Summary

Iqra is built around your privacy. The short version:

• We collect only the minimum information needed to give you a personalised Qur'an companion that syncs across your devices.
• Your microphone audio for recitation features is processed on your device and is not sent to our servers by default.
• We do not sell your personal data, ever.
• You can export or delete your data at any time from the app's Settings.

2. Who we are

Iqra ("Iqra", "we", "us", "our") is the data controller for the personal data described in this Privacy Policy. You can contact us at hello@iqra.app (replace this with the operator's email when deploying).

3. Information we collect

3.1 Account information

When you sign in to Iqra we receive the following from your chosen identity provider:

• Google sign-in: your name, email address, profile picture, and a Google account identifier.
• Apple sign-in: your name (if you choose to share it) and either your real or a relay email address, plus an Apple user identifier.
• Email and password sign-in: the email address you provide and a securely hashed password (hashing is performed by Firebase Authentication; we never see your plaintext password).

3.2 App data

To give you a useful Qur'an companion, we store:

• Your reading position, bookmarks, and last-read timestamps;
• Your memorisation progress (verses marked as memorising or memorised, review schedule, streaks);
• Your Learning Hub progress (lessons completed, quiz scores);
• Your settings (translation choice, reciter, font, theme, ASR engine preference);
• A timestamp of your last activity.

3.3 Microphone and recitation audio

Some features (Hāfiẓ Live, Drive mode, recitation feedback) request microphone access. By default, recitation audio is processed locally on your device using the browser's built-in Web Speech API or other on-device models. This audio is not uploaded to our servers.

If you opt in to a cloud-based speech-recognition provider in Settings (for example, an OpenAI Whisper-style endpoint that you configure), short audio segments will be sent directly from your device to that third-party provider for transcription. We do not intermediate, log, or store that audio. The third party's privacy policy will govern that interaction.

3.4 Technical and diagnostic information

When you use the Service we may automatically receive limited technical information that browsers and platforms send by default, such as your IP address, browser type, and the URL you accessed. This information is used to operate and secure the Service, and is retained only for short, operational periods.

3.5 What we do not collect

• We do not request access to your contacts, photos, files, or location.
• We do not run third-party advertising or marketing trackers.
• We do not collect or analyse the content of your microphone audio on our servers.

4. How we use your information

We use the information described above to:

• Provide, operate, and maintain the Service;
• Authenticate you and keep your account secure;
• Sync your progress and settings across your devices;
• Improve and debug the Service (using only aggregated, non-identifying technical signals);
• Communicate with you when you contact us, or when we need to send essential service notices.

We do not use your personal data to build advertising profiles, and we do not sell your data.

5. Legal bases for processing (for users in the EEA / UK)

If you are in the European Economic Area or the United Kingdom, our legal bases for processing your personal data are:

• Contract: to provide the Service you have requested by signing in;
• Legitimate interests: to keep the Service secure, to prevent abuse, and to debug technical issues;
• Consent: for any optional features that require it (for example, microphone access, or enabling a third-party speech-recognition provider). You can withdraw consent at any time.

6. Where your data is stored

We use Google Firebase (Firebase Authentication and Cloud Firestore) to authenticate users and store account data. Firebase is operated by Google LLC and its sub-processors. Your data may be stored and processed in Google data centres in the region we have configured for the Service. You can read Google's data-processing commitments at firebase.google.com/support/privacy.

On your device, app state, settings, and progress are also kept in your browser's local storage so the app works offline. Clearing your browser's site data will remove this local copy; if you are signed in, the next sign-in will pull your latest data back from Firestore.

7. Third-party services

To deliver Qur'an content, recitations, and translations, the app requests data from the following public services:

• alquran.cloud , Qur'an text, translations, and metadata;
• cdn.islamic.network , recitation audio files;
• quran.com , verse-by-verse audio segments;
• Google Fonts , web fonts;
• Firebase , authentication and database hosting.

These services receive your IP address and standard request metadata so they can serve a response. They each operate under their own privacy policies.

8. Cookies and similar technologies

Iqra does not use advertising or tracking cookies. We use the browser's localStorage, IndexedDB, and Service Worker cache to store your settings, progress, and offline content. Firebase Authentication may set a small number of first-party cookies or local tokens that are required to keep you signed in.

9. Data retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your account data from Firestore within 30 days, except where we are required to retain it longer to comply with legal obligations or to resolve disputes.

Locally-cached data on your device is retained until you clear your browser's storage or uninstall the app.

10. Your rights

Depending on where you live, you have the following rights:

• Access: request a copy of the personal data we hold about you.
• Rectification: ask us to correct inaccurate or incomplete data.
• Erasure: ask us to delete your account and associated data.
• Restriction and objection: ask us to restrict or stop certain processing.
• Portability: receive a machine-readable export of your data.
• Withdraw consent: for any processing based on consent (for example, the microphone).

You can exercise the access, export, and deletion rights directly from Settings inside the app, or by emailing hello@iqra.app. If you are in the EEA or UK and feel we have not addressed your concern adequately, you have the right to lodge a complaint with your local data-protection supervisory authority.

11. Children's privacy

The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will take appropriate steps to delete it.

12. Security

We rely on industry-standard security practices provided by Firebase, including encryption of data in transit (TLS) and at rest, strict Firestore security rules that prevent users from reading or writing other users' data, and best-practice authentication flows. No system is perfectly secure, but we work to protect your data and to respond promptly to any incident.

13. Limited use disclosure (Google API services)

Iqra's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We use Google sign-in solely to authenticate you and to provide the features you have requested.

14. International transfers

Because we use Firebase, your data may be transferred to and processed in countries other than the one in which you reside, including the United States. Where required, transfers are protected by appropriate safeguards such as the Standard Contractual Clauses adopted by the European Commission.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. If the changes are material, we will use reasonable efforts to notify you in the app or by email.

16. Contact

For any questions about this Privacy Policy or how we handle your data, please contact us at hello@iqra.app.