Privacy Policy

Effective Date: May 23, 2026

1. Introduction

This Privacy Policy describes how Rasool (the "Application"), an Islamic daily reminder application developed by Ghassan Abu Khaled (the "Service Provider"), collects, uses, and protects your personal information.

By downloading, accessing, or using the Application, you agree to the data practices described in this Privacy Policy. Your use of the Application is also subject to our Terms of Use.

2. Data Collection

The Service Provider is committed to protecting your privacy and minimizing the personal data required to operate the Application. To deliver personalized daily reminders, manage your reading activity, and maintain your subscription, the Application collects and processes the following categories of data:

  • Anonymous Account Identifier: On first launch, the Application creates an anonymous account through Supabase Auth. This account is identified by a randomly generated identifier and is not linked to any personal information until you choose to add an email or sign in with Apple.
  • Account & Authentication Data (Optional): If you choose to save your account for recovery, we collect your email address and a sign-in identifier from Apple (we do not receive or store your Apple password). Adding an email is optional and only required to restore your subscription, reading history, favorites, and streak after reinstalling or switching devices.
  • Preferences & Onboarding Answers: Your selected language, theme, age range (18+), preferred content categories (adhkar, duas, ayat, ahadith), spiritual themes (such as gratitude, patience, anxiety, guidance), notification frequency, and notification time window. These are used solely to personalize the content delivered to you.
  • Reading Activity: A log of the content cards you have viewed, the cards you have marked as favorites, and your consecutive daily reading streak. This activity stays associated with your account so it can be restored on a new device.
  • Notification Metadata: Push notification tokens issued by Apple Push Notification service or Firebase Cloud Messaging, and a server-side log of which content has been delivered to you. This log is used to prevent repeated content and is automatically purged after 90 days.
  • Subscription State: Whether your account is on a free trial or an active subscription, the entitlement identifier, and renewal status. This information is provided to us by RevenueCat based on your Apple or Google purchase.
  • Product Analytics: Usage events such as screen views, onboarding progress, cards viewed, favoriting actions, and subscription milestones, alongside device type, operating system, app version, and locale. These analytics are collected through PostHog and hosted in the European Union (PostHog EU Cloud). Product analytics are processed on the basis of our legitimate interest in improving the Application; you may object at any time (see Section 5).

International Data Transfers: Your data is processed in the United States, the European Union, and other countries where our service providers operate. Where required, we rely on Standard Contractual Clauses for transfers out of the EEA/UK.

What We Do Not Collect Rasool does not collect location data, contacts, photos, health data, or any biometric information. The Application does not send your personal data to any AI or large language model provider — all religious content displayed is pre-published by the Service Provider and is not AI-generated.

3. Third-Party Service Providers

The Application integrates with the following third-party service providers to manage infrastructure, process subscriptions, and deliver notifications. By using the Application, you accept their respective privacy practices and terms:

  • Supabase (Authentication, Database, and Edge Functions)
  • RevenueCat (In-App Subscriptions and Entitlement Management)
  • Apple (Sign in with Apple, App Store Billing, Push Notifications via APNs)
  • Google (Google Play Billing, Push Notifications via Firebase Cloud Messaging)
  • PostHog (Product Analytics, hosted in the European Union)

4. Data Deletion & Retention

You maintain full control over your personal data. You have the continuous right to request the permanent deletion of your account and all associated preferences, reading history, favorites, and streak data.

Deletion Process: You may delete your account directly inside the Application by opening Settings and selecting Delete Account, or alternatively by submitting a deletion request via email to the Service Provider. Once a deletion request is fulfilled, all related records, authentication credentials, and personal identifiers are permanently removed from our active production servers.

Data Retention: We retain your account and activity data only for as long as your account remains active. After you delete your account, your data is permanently removed from our active production databases within 30 days. Encrypted database backups containing your data are automatically purged within 90 days of the deletion request.

Notification History: The internal log of which content has been delivered to your account is automatically purged after 90 days as part of routine maintenance, regardless of whether you request account deletion.

5. Regional Privacy Rights (GDPR & CCPA)

Depending on your region, you may have specific rights regarding your personal data. If you are a resident of the European Economic Area (EEA) or the UK (under GDPR), you have the right to access, rectify, port, restrict the processing of, or object to the processing of your data, as well as the right to lodge a complaint with your supervisory authority.

If you are a resident of California (under CCPA/CPRA), you have the right to know what personal information is collected, the right to delete, and the right to opt-out of the sale or sharing of your personal information. Please note that we do not sell or share your personal information with third parties.

To exercise any of these rights, please contact us using the information provided at the end of this policy.

Objecting to product analytics: You may object to analytics processing at any time by emailing privacy@rasool.app or by deleting your account from the Settings screen — either action removes your data from our analytics provider.

6. Age Restriction

Rasool is intended for users aged 18 and over. The onboarding flow does not allow users under 18 to select an age range, and the App Store age rating reflects this restriction. We do not knowingly collect personal data from anyone under 18. If we become aware that we have inadvertently collected such data, we will take immediate steps to delete it from our servers.

7. Data Security

We implement industry-standard security measures to protect your data. All data is encrypted in transit using Transport Layer Security (TLS) and at rest using Supabase-managed AES-256 encryption. Sign-in identifiers and active session tokens are stored locally within your device's secure enclave (Keychain on iOS or Keystore on Android). Access to production data is restricted to the Service Provider and is logged for accountability.

8. Changes to this Policy

We may update this Privacy Policy from time to time. The "Effective Date" at the top reflects the latest revision. Material changes will be communicated via in-app notice or email prior to taking effect. Continued use of the Application after the effective date constitutes acceptance of the updated Privacy Policy.

9. Contact Us

For any formal inquiries, legal notices, or data requests regarding this Privacy Policy, please contact the Service Provider at the authorized email address below:

privacy@rasool.app