Privacy Policy

1. Who we are

Sakina ("Sakina", "we", "us", or "our") is an Islamic spiritual wellness mobile application that helps you connect how you feel to the Names of Allah, Quranic verses, and authentic supplications. This Privacy Policy explains what information we collect when you use the Sakina app and the related services (together, the "Service"), how we use it, and the choices you have.

This policy applies to the Sakina iOS and Android applications.

2. Information we collect

2.1 Information you provide to us

• Account information. When you sign up, we collect your email address and optionally your name. If you sign in with Apple or Google, we receive the limited identifying information those services provide (an opaque user identifier, and the email and name you choose to share).
• Onboarding answers. During onboarding we ask a series of personalization questions. Your answers are stored against your account and also sent to our analytics provider as user-profile properties (see Section 4). Specifically, we collect:
  • age_range — e.g., 18–24, 25–34
  • intention — what brings you to Sakina (e.g., "spiritual growth", "difficult time")
  • prayer_frequency — how often you pray
  • quran_connection — how connected you feel to the Quran
  • familiarity — your familiarity with the 99 Names
  • resonant_name_slug — the Name that most resonated with you
  • struggles — areas you struggle with (e.g., "anxiety", "grief", "loneliness")
  • common_emotions — emotions you commonly experience
  • aspirations — qualities you aspire to (e.g., "more patient", "closer to Allah")
  • dua_topics and optional free-text dua_topics_other — topics you want to make duas about
  • attribution — how you heard about Sakina
  • daily_commitment_minutes — how many minutes per day you want to spend in the app
  • reminder_time — the local time you want your daily reminder
  Free-text inputs (like the "other" field on dua topics) are capped at 280 characters and trimmed before being stored.
• Check-ins, reflections, and duas. The feelings you type, the AI-generated reflections you save, and the duas you build are stored against your account so you can revisit them in your journal.
• Preferences. Daily reminder time, notification preferences (per-category toggles for streak, quest, Muhasabah, and milestone notifications; a master push toggle), timezone (so reminders fire at the correct local time), and chosen title or display name.

2.2 Information collected automatically

• Usage data. Which features you use, when you open the app, streak activity (current streak length and last-active date), daily-reward claims, quest progress, token and scroll balances, and in-app events (for example: a reflection was saved, the paywall was viewed).
• Device and technical data. Device model, operating system version, app version, language, timezone, and a non-permanent device identifier used for push notifications.
• Subscription data. If you subscribe to Sakina Premium, we receive the subscription product identifier, start date, expiration date, and renewal or cancellation events from Apple or Google via RevenueCat. We do not see or store your payment card details — those stay with Apple or Google.
• Crash and diagnostic data. If the app crashes or throws an error, we may receive a technical stack trace and your app/device version to help us fix bugs.

2.3 Information we do not collect

• We do not access your contacts, photos, microphone, or location.
• We do not collect payment card numbers — all payments are processed by Apple or Google.
• We do not build an advertising profile of you.

3. How we use information

We use the information described above to:

• Operate the Service — sign you in, sync your journal across devices, remember your preferences.
• Personalize the experience — show you Names, verses, and duas that match what you've shared.
• Generate AI responses — your typed text is sent to OpenAI (see Section 4) to produce reflections and duas.
• Send the daily reminder notification you asked for, and other push notifications you enabled.
• Manage subscriptions — grant premium access, handle renewals, process cancellations, and surface billing issues.
• Understand aggregate product usage so we can improve Sakina.
• Detect fraud and enforce our Terms of Service.
• Comply with legal obligations.

4. Third-party services

Sakina relies on the following third-party services. Each processor only receives the specific data it needs for its function. Their own privacy policies govern how they handle that data.

• Supabase — authentication, database, and backend functions. Stores your account, profile, journal entries, subscription state, and quest progress. Privacy policy.
• OpenAI — AI generation for the Reflect and Build-a-Dua features. When you use these features, the text of your prompt is sent to OpenAI. OpenAI processes it to generate a response and, per their API terms, does not use API-submitted content to train their models. Privacy policy.
• RevenueCat — subscription management. Receives your Supabase user identifier and the Apple- or Google-issued receipt for your Sakina Premium subscription. Privacy policy.
• Apple — Sign in with Apple, App Store subscription billing, and push notifications via APNs. Privacy policy.
• Google — Sign in with Google, Play Store subscription billing (Android), and push notifications via Firebase Cloud Messaging (Android). Privacy policy.
• Mixpanel — product analytics. Mixpanel receives two categories of data, tied to your Sakina user identifier:
  • Events — in-app actions (for example: "paywall viewed", "reflection saved", "onboarding step completed").
  • User-profile properties — the onboarding answers listed in Section 2.1 (age_range, intention, prayer_frequency, quran_connection, familiarity, resonant_name_slug, struggles, common_emotions, aspirations, dua_topics, dua_topics_other, attribution, daily_commitment_minutes, reminder_time, commitment_accepted) and the onboarding_completed flag.
  Some of these properties — specifically intention, quran_connection, prayer_frequency, struggles, and common_emotions — describe your religious practice, emotional state, or mental-health concerns. We use them only to understand product usage in aggregate (for example, which onboarding segments convert better) and to personalize notifications. We do not use them to build an advertising profile, and we do not share them outside the processors listed in this section. Privacy policy.
• OneSignal — push notification delivery. Receives a device token and your Sakina user identifier so we can send the scheduled daily reminder and milestone notifications. Notification targeting logic (which users receive which category, your timezone, whether you are eligible based on your last-active date or streak status) is computed on our Supabase backend and not stored as OneSignal tags — only the minimum routing information needed to deliver a given push is passed to OneSignal. Privacy policy.

5. Sharing and disclosure

We do not sell your personal information. We share information only in these situations:

• With service providers listed in Section 4, so the app can function.
• To comply with law. If required by a valid legal process (subpoena, court order, or equivalent), we will disclose the minimum information required.
• To protect rights and safety. If we reasonably believe disclosure is necessary to prevent fraud, abuse, or harm.
• Business transfers. If Sakina is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

6. Data retention

We keep your information for as long as your account is active. When you delete your account from inside the app (Settings → Delete account), we permanently delete your profile, journal entries, onboarding answers, quest progress, and subscription record from our systems within 30 days. Some data may be retained longer if required by law (for example, tax and payment records Apple or Google maintains independently).

Anonymous aggregate analytics that cannot be tied back to you may be retained for product-improvement purposes.

7. Your rights and choices

You have the following rights with respect to your personal information. You can exercise most of these directly from inside the app.

• Access and review — view your saved reflections, duas, and profile in the app.
• Correct — update your name, reminder time, and preferences in Settings.
• Delete — delete your account and associated data from Settings → Delete account.
• Export — request a copy of your personal data by emailing us.
• Withdraw consent — revoke push-notification permission from the iOS/Android system settings at any time.
• Object or restrict processing — contact us at the address below.

7.1 Residents of the EU and UK (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under the GDPR and UK GDPR, including the right to lodge a complaint with your local data-protection authority. The legal bases on which we process your information are: (a) performance of a contract, to operate the Service you signed up for; (b) your consent, for push notifications; (c) our legitimate interests, for analytics and fraud prevention; and (d) legal obligation, where applicable.

7.2 California residents (CCPA/CPRA)

California residents have the right to know, delete, correct, and opt out of the "sale" or "sharing" of their personal information. Sakina does not sell or share your personal information as those terms are defined under the CCPA. To exercise your rights, contact us using the details in Section 12.

8. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect your information. Data in transit is encrypted using TLS. Data at rest in our database is encrypted by our hosting provider. Access to user data inside our organization is restricted to the minimum personnel necessary.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security. If we become aware of a data breach affecting your information, we will notify you and the relevant authorities as required by applicable law.

9. Children's privacy

Sakina is not directed to children under 13 years of age (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child under 13 has provided personal information to us, please contact us and we will delete it.

10. International data transfers

Sakina is operated from the United States. The service providers listed in Section 4 may process your information in the United States or in other jurisdictions. When we transfer personal information out of the European Economic Area, the United Kingdom, or Switzerland, we rely on safeguards such as Standard Contractual Clauses where required.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy at this URL and update the "Effective date" at the top. For significant changes, we will also notify you inside the app or by email. Your continued use of Sakina after an update means you accept the revised policy.

12. Contact us

If you have questions about this Privacy Policy or want to exercise any of your rights, contact us at:

Email: ibrahim.ahmed1564@gmail.com