Plain-English privacy.

• No analytics. No advertising IDs. No social-media SDKs.
• Your prayer times, qibla bearing, and salah log are computed and stored on your device. They never leave it.
• If you sign in, your profile + reading progress sync to our Supabase database (EU). Nothing else.
• One email to hello@barakah.life deletes every byte we hold about you, within 7 days.

Email address — only if you sign in. Used to send you a 6-digit login code and to recover your account on a new device. We never email you marketing.

Display name and bio — optional. If you set them, they appear on the leaderboard and your community posts so other users can put a name to your activity.

Avatar photo — optional. If you choose one, it uploads to a public Supabase Storage bucket (avatars) under <userId>/avatar.*. Public-readable URL so it can render in the app and on the leaderboard.

Reading + practice activity — bookmarks, ayah notes, ayahs marked read, salah you logged, fasts you logged, dhikr counts, reading streak, khatam plan progress. Stored on your device and (if you sign in) synced to your account so you can pick up on another device.

Approximate location— only if you grant the iOS "While Using" permission. Used to compute prayer times and qibla direction. Coordinates are processed on-device; we do not store location history server-side.

Camera + photo library access — opt-in. The camera is used by the halal barcode scanner; images are never uploaded. The photo library is used when you pick a profile picture or attach images to a community post.

Community posts you write — when you post in the community feed, the text + any images you attach + your user ID + the timestamp are stored in our database and shown publicly to other Barakah users. Don't post anything you wouldn't want quoted later.

Community images — uploaded to a public Supabase Storage bucket (community-images) under your <userId>/ folder. URLs are public so the feed can render. Owner-only writes; you can delete your own posts (which removes their image references) at any time.

Anonymous AI rate-limit hashes— when you ask the AI assistant or use "Help me write," we hash your IP and store the hash + a daily counter so a single user can't burn the budget. The hash cannot be reversed back to your IP. Counters reset daily.

Subscription status — if you subscribe to Premium, RevenueCat (which sits in front of Apple's IAP) tracks your entitlement so we know whether to unlock paid features. We see the entitlement flag, not your card. Apple handles billing.

• No analytics. No Google Analytics, no Mixpanel, no Amplitude, no PostHog.
• No advertising IDs. No third-party trackers in the app.
• No microphone. No contacts. No background location.
• No social-media SDKs. We don't share data with Meta, Google, X, TikTok, or anyone else.
• We do not sell your data. There is no "data partner" — we work with the providers listed below and that is the entire list.

On your device by default. The mobile app uses iOS Keychain (for the sign-in token) and an encrypted local key-value store (everything else: read sets, prayer schedule, tasbih counts, theme, settings).

If you sign in, your account data syncs to Supabase (Postgres, hosted in the EU on AWS Frankfurt). The project uses Postgres Row Level Security so only your authenticated session can read or write your rows.

Storage for your avatar and any community post images lives in two public Supabase Storage buckets (avatars, community-images). Public so the URLs can render in the app for everyone. Owner-only writes — only you can upload or delete your own files.

Supabase (eu-central-1) — auth, database, storage. Only data we explicitly send (described above).

Resend — sends the 6-digit sign-in code via email. Holds your address only as long as it takes to deliver the code.

RevenueCat — wraps Apple's in-app purchase system to manage Premium entitlements. RevenueCat sees your anonymous app user ID and Apple receipt; it does not see your name, email, or device contacts.

Apple In-App Purchase / App Store — handles all Premium billing. Apple's privacy policy applies to the payment itself.

Apple MapKit— renders the qibla map preview and locates "Mosques near me." Map tiles are fetched directly from Apple; Apple's map-services privacy policy applies. We do not receive your map interactions.

Apple Push Notification service — delivers local prayer alerts and Live Activity updates you've turned on. Apple does not see the content of your prayer schedule.

Anthropic Claude — powers the AI assistant (/ask) and the "Help me write" community drafter. Your question + a system prompt are sent to Anthropic's API per their privacy policy. Per Anthropic's commercial terms, prompts are not used to train their models.

Quran.com API — public, read-only. We fetch Arabic verses, translations, and recitation timings. Quran.com sees only the verse keys we request, never anything about you.

everyayah.com — public CDN for ayah-level recitation audio. Same setup; they see only the audio file paths.

The website uses one essential cookie set by Supabase to keep you signed in (sb-access-token). No tracking cookies, no advertising cookies, no consent banner because we don't have anything to consent to. The mobile app does not use cookies; it uses iOS Keychain + the encrypted local store.

Barakah is for anyone old enough to use a phone responsibly. We don't knowingly collect data from children under 13 (or 16 in the EU). If you believe your child has signed up, email us and we'll delete the account.

You can export or delete everything we hold about you, anytime, no questions asked. Email hello@barakah.life from the address on your account and we'll process the request within 7 days. The mobile app also has a self-service "Delete account" button in Settings that does the same thing.

If you're in the EU, UK, or California you also have GDPR / UK-GDPR / CCPA rights (access, rectification, restriction, portability, objection); the same email handles those.

If anything material changes we'll update this page and bump the "last updated" date. Anything that affects how we collect or share data we'll surface in the app too — usually as a one-time banner or release note.

hello@barakah.life · Terms of service · About