Privacy Policy

Qiyam ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:

• Visit our website at qiyamapp.com
• Use our Qiyam iOS mobile application
• Sign up for our email notifications

This policy applies to both our marketing website and our iOS app. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access our website or application.

Developer Information:
Amine Benlaroui
Avenue des Alpes 1
1006 Lausanne, Switzerland
Email: contact@qiyamapp.com

We collect different types of information depending on whether you're using our website or our iOS application.

Website Information Collection

When you visit our website, we collect:

• Email Marketing Data: Email address and first name (collected via Mailchimp hosted form when you sign up for app launch notifications)
• Subscription Data: Subscription timestamp and IP address (automatically collected by Mailchimp)

iOS App Information Collection

When you use the Qiyam iOS app, we collect:

Authentication Data (via Supabase):

• Email address and name
• Apple Sign-In credentials (Apple ID token and user identifier)
• Google Sign-In credentials (Google token and user identifier)
• Authentication tokens and session identifiers

User Progress and Activity Data (stored in Supabase):

• Quran verses you've marked as memorized
• Spaced repetition parameters (review intervals, ease factors, next due dates)
• Quiz performance data (answers, timestamps, correct/incorrect records)
• Review history and statistics
• Mastery levels and progress tracking for individual verses

Device and Technical Data:

• Device identifiers (IDFV - Identifier for Vendor)
• iOS version and app version
• Device type and model
• Crash logs and error reports (to improve app stability)

Payment Data:

• Subscription status (active, expired, trial)
• Purchase date and expiry date
• Subscription type/tier

Important: All payment processing is handled by Apple through In-App Purchase. We do NOT receive or store your credit card information, billing address, or other payment details. Apple processes all payments directly.

We use the information we collect for the following purposes:

Website Email Collection

• To notify you when the Qiyam app launches
• To send occasional updates about the app and its features
• To communicate important service announcements

iOS App - Core Functionality

• To provide and maintain your account (authentication data)
• To sync your memorization progress across devices (user progress data)
• To calculate optimal review schedules using spaced repetition algorithms
• To track your learning progress and statistics
• To provide personalized quiz content based on your memorization status

iOS App - Service Improvement

• To analyze app performance and identify bugs (crash logs, technical data)
• To understand how users interact with features (anonymized usage patterns)
• To improve and optimize the spaced repetition algorithm

iOS App - Subscription Management

• To verify your subscription status and grant access to premium features
• To manage your trial period and subscription lifecycle

Customer Support

• To respond to your questions, requests, or feedback
• To troubleshoot technical issues
• To process data deletion requests

What We Do NOT Do

• We do NOT sell your personal information to third parties
• We do NOT use your data for advertising purposes
• We do NOT share your Quran memorization progress with anyone without your permission
• We do NOT track your location

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, our legal basis for processing your personal information includes:

• Contract Performance: Processing is necessary to provide the services you've requested, such as creating your account, syncing your progress, and managing your subscription.
• Consent: You explicitly consent to receive marketing emails when you sign up for our launch notification list.
• Legitimate Interests: We have legitimate interests in improving our app, fixing bugs, and ensuring security, which do not override your privacy rights.

You have the right to withdraw consent at any time by contacting us or unsubscribing from emails. Withdrawing consent will not affect the lawfulness of processing before withdrawal.

Data Storage Locations

Website Data:

• Mailchimp: Email addresses and names are stored by Mailchimp in their cloud infrastructure located in the United States. Mailchimp is GDPR-compliant and uses Standard Contractual Clauses for international data transfers.

iOS App Data:

• Supabase: All app data (authentication, user progress, statistics) is stored using Supabase in European Union data centers, ensuring GDPR compliance.
• Local Device Storage: The iOS app caches certain data locally on your device for offline functionality. This includes your memorization progress and scheduled reviews. Local data is protected by iOS's built-in app sandboxing and encryption.

Security Measures

We implement industry-standard security measures to protect your personal information:

• HTTPS encryption for all data transmission between your device and our servers
• Encrypted authentication tokens for secure session management
• Secure API communication with our backend services
• Sensitive data stored in iOS Keychain (most secure storage on iOS)
• Regular security updates and monitoring
• Access controls limiting who can access user data (only authorized personnel for support purposes)

However, please note that no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information using commercially acceptable means, we cannot guarantee absolute security.

Data Retention

Website:

• Email addresses are retained indefinitely until you request deletion or unsubscribe
• After unsubscribing from emails, your data may be retained in Mailchimp for a limited period as required for legal compliance and record-keeping

iOS App:

• User account data is retained as long as your account is active
• Progress data is retained to maintain your memorization history and learning progress
• After account deletion, all data is permanently removed within 30 days
• Backup copies may retain data for up to 90 days before complete removal

We use the following third-party services that may collect or process your information:

Mailchimp (Email Marketing)

• Purpose: Email collection and marketing communications
• Data Shared: Email address, first name, subscription timestamp
• Privacy Policy: https://www.intuit.com/privacy/statement/
• Location: United States
• GDPR Compliance: Compliant through Standard Contractual Clauses

Supabase (Authentication & Database)

• Purpose: User authentication and data storage for the iOS app
• Data Shared: All app data described in this policy (authentication, progress, statistics)
• Privacy Policy: https://supabase.com/privacy
• Location: European Union data centers
• GDPR Compliance: Fully compliant, EU-hosted

Apple App Store / In-App Purchase

• Purpose: Payment processing and subscription management
• Data Shared with Us: Subscription status, purchase dates, expiry dates only
• Note: Apple handles all payment information directly. Your credit card details, billing address, and other payment information are never shared with us.
• Privacy Policy: https://www.apple.com/legal/privacy/

Third-Party Links

Our website and app may contain links to third-party websites, social media platforms, and services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.

Depending on your location, you may have certain rights regarding your personal information:

For All Users

• Right to Access: Request a copy of your personal information
• Right to Correction: Request correction of inaccurate personal information
• Right to Deletion: Request deletion of your personal information
• Right to Unsubscribe: Opt-out of marketing emails at any time

Additional Rights for EEA, UK, and Swiss Users (GDPR)

• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for email marketing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Additional Rights for California Users (CCPA/CPRA)

• Right to Know: Know what personal information is collected and how it's used
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: We do not sell personal information, so no opt-out is needed
• Right to Non-Discrimination: Equal service regardless of privacy rights exercise

How to Exercise Your Rights

Email Unsubscribe:

• Click the "unsubscribe" link at the bottom of any email, or
• Email us at contact@qiyamapp.com with "Unsubscribe" in the subject line

Account Deletion (iOS App):

• Email contact@qiyamapp.com with "Delete My Account" in the subject line
• Include your registered email address
• We will confirm deletion within 7 business days
• All data will be permanently deleted within 30 days

Data Access or Correction:

• Email contact@qiyamapp.com with your request
• We will respond within 30 days (or as required by local law)

Data Portability:

• Email contact@qiyamapp.com requesting your data export
• We will provide your data in JSON format within 30 days

Verification:

For security purposes, we may need to verify your identity before processing requests involving personal data access, correction, or deletion.

Age Restrictions and Parental Consent

Our Service is intended for general audiences and can be used by individuals of all ages to memorize the Quran. However, we have specific policies regarding children's data:

United States (COPPA Compliance):

• We do not knowingly collect personal information from children under 13 without verifiable parental consent
• If a child under 13 wishes to use the app, a parent or guardian must create and manage the account
• Parents may contact us to review, delete, or stop further collection of their child's information

European Economic Area and UK (GDPR):

• For children under 16 (or applicable age in specific EU countries), parental consent is required to process personal information
• Parents or guardians must provide consent and create accounts on behalf of children

Other Jurisdictions:

• We comply with applicable local laws regarding children's privacy
• Parents are encouraged to monitor their children's online activities

Parental Rights

Parents and guardians have the right to:

• Review personal information collected from their child
• Request deletion of their child's personal information
• Refuse further collection or use of their child's information

To exercise these rights, please contact us at contact@qiyamapp.com with "Child Privacy" in the subject line.

Safety Features

The app contains only Quranic text and educational memorization tools. There is no social networking, chat, user-generated content sharing, or communication features that would expose children to risks from other users.

Notice to Parents:

If you believe we have inadvertently collected information from a child without proper parental consent, please contact us immediately at contact@qiyamapp.com with "Child Privacy" in the subject line, and we will take steps to delete such information promptly.

Qiyam is operated from Switzerland, and we use service providers located in various countries, including the United States and European Union. Your personal information may be transferred to and processed in countries outside your country of residence.

For EEA, UK, and Swiss Users

We ensure adequate protection for international data transfers through:

• Standard Contractual Clauses (SCCs): Our service providers (Mailchimp) use EU-approved Standard Contractual Clauses for data transfers to the United States
• EU Data Hosting: App data stored in Supabase remains in European Union data centers, minimizing international transfers
• GDPR-Compliant Providers: All our data processors are GDPR-compliant
• Switzerland-EU Adequacy: Switzerland is recognized by the EU as providing adequate data protection

Your data may be transferred to:

• United States (Mailchimp email storage)
• European Union (Supabase infrastructure for app data)

These transfers are necessary to provide our services (operating the app, syncing your data, sending notifications). By using our services, you acknowledge and agree to these transfers in accordance with this Privacy Policy.

Our website and app do not respond to "Do Not Track" (DNT) signals from browsers because:

• We do not use tracking technologies or behavioral advertising
• We do not track users across websites
• We collect only the data necessary for service functionality

Third-party services may collect technical data as described in this policy, but we do not control their tracking practices. Please refer to their privacy policies for more information.

In the event of a data breach that affects your personal information, we will:

• Investigate the breach promptly upon discovery
• Take immediate steps to secure our systems and prevent further unauthorized access
• Notify affected users within 72 hours of discovering the breach (where required by law)
• Notify relevant data protection authorities as required by applicable law
• Provide clear information about what data was affected and what steps we're taking

Notification Methods:

Notification will be sent to:

• Email address on file for app users
• Email address in our Mailchimp list for email subscribers

We maintain incident response procedures to minimize the impact of any security incidents and protect your personal information.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You

Material Changes:

For significant changes that affect your rights or how we use your data, we will:

• Update the "Last Updated" date at the top of this policy
• Send an email notification to our mailing list
• Display a prominent notice in the app (for app-related changes)
• Provide at least 30 days' notice before changes take effect

Minor Changes:

For minor updates (e.g., clarifications, formatting, typo corrections), we will:

• Update the "Last Updated" date
• Make changes effective immediately upon posting

Your Responsibility

You are advised to review this Privacy Policy periodically for any changes. Your continued use of our website or app after changes become effective constitutes acceptance of the updated policy.

Version History

• November 28, 2025: Initial privacy policy published

Future updates will be listed here with dates and brief descriptions of changes.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email Contact

contact@qiyamapp.com

Subject Line Guidance:

To help us route your inquiry efficiently, please use these subject lines:

• General privacy questions: "Privacy Policy Question"
• Data deletion requests: "Delete My Account" or "Delete My Data"
• Data access requests: "Data Access Request"
• Parental consent/child privacy: "Child Privacy"
• Unsubscribe requests: "Unsubscribe"

Postal Address

Amine Benlaroui
Avenue des Alpes 1
1006 Lausanne
Switzerland