1. Information We Collect

a) Account Information (Optional)

If you choose to create an account to use cloud backup, sync, and social community features, we collect:

• Email Address — provided directly by you or via your authentication provider (Google Sign-In or Apple Sign-In).
• Display Name — provided directly by you or via your authentication provider.
• Username — a community handle you choose to interact with friends and classrooms.
• Authentication Identifiers — unique user IDs generated by our authentication provider (Firebase Authentication) to securely identify your account.
• Profile Photo (Optional) — if you choose to upload a custom avatar, the image is stored in our cloud storage and shown to other users you connect with via social features. You can remove it at any time from your Profile settings. Avatar upload is disabled in Guest Mode.
• Voice Recordings (Optional) — if you participate in classroom recitation features and choose to share an audio recording, it is uploaded to our cloud storage and shared only with the classroom you submitted it to. You can delete it from the classroom at any time.

b) Guest Mode

If you choose to use the app in Guest Mode, we do not collect any personal information whatsoever. All your progression data remains exclusively on your local device. Users are not required to create an account to access core app functionality.

c) Usage & Diagnostic Data

On native mobile platforms (iOS and Android), we collect limited usage and diagnostic data to maintain app quality:

• Analytics Events — anonymous usage events such as screen views, feature interactions, and app-level actions (e.g., which surah was played). These events do not contain personally identifiable information.
• Crash Reports — diagnostic data including device type, operating system version, crash stack traces, and error messages. If you are signed in, your user ID may be associated with crash reports to assist in debugging account-specific issues.
• Device & App Metadata — app version, device model, and operating system version used for diagnostics and compatibility analysis.

d) Synced User Content

For authenticated accounts, the following user-generated content is synced to the cloud:

• Reading progress (last-read surah and ayah positions)
• Bookmarks and notes
• Memorization tracking and checklists
• Dhikr counts and salah tracking
• App settings and preferences
• Social data (friend connections, classroom memberships, streak pacts)

2. How We Collect Data

We collect data through the following methods:

• Directly from you — when you create an account, set a username, save bookmarks, or interact with app features.
• Automatically via SDKs — Firebase Analytics and Firebase Crashlytics automatically collect usage events and crash diagnostics on native platforms.
• Via authentication providers — when you sign in with Google or Apple, your authentication provider shares your email address and display name with our authentication service.

3. How We Use Your Data

We use the data we collect for the following purposes only:

• Authentication and account management — to securely identify you and manage your account.
• Syncing progress and settings — to restore your progress and preferences across devices.
• Social and community features — to enable Friends, Streak Pacts, and Classroom functionality.
• App quality monitoring — to identify and fix crashes, bugs, and performance issues.
• Improving the app — to understand how features are used and prioritize improvements.
• Subscription management — to validate and provision Besties+ subscription entitlements (see Section 8).

4. Third-Party Services

Quran Besties uses the following third-party services to provide app functionality. Each service processes data according to its own privacy policy:

• Firebase Authentication (Google LLC) — secure sign-in and account management. Privacy details.
• Firebase Analytics (Google LLC) — anonymous usage analytics on native platforms. Privacy details.
• Firebase Crashlytics (Google LLC) — crash reporting and diagnostics. Privacy details.
• Cloud Firestore (Google LLC) — cloud database for syncing user progress and social features. Privacy details.
• Google Sign-In (Google LLC) — optional authentication provider. Privacy details.
• Apple Sign-In (Apple Inc.) — optional authentication provider on iOS. Privacy details.
• Quran.com API — anonymous HTTP requests to fetch Surah data and audio recitations. No user data is transmitted.
• Internet Archive (archive.org) — a non-profit digital library that hosts Islamic lecture and audiobook content surfaced through our app. Audio streams directly from archive.org's servers to your device when you play it; the Internet Archive may log standard request data (such as IP address and user-agent) per its own privacy policy. Privacy details.
• Apple App Store / StoreKit (Apple Inc.) — processes Besties+ subscription purchases on iOS. We never see your payment-card information. Privacy details.
• Google Play Billing (Google LLC) — processes Besties+ subscription purchases on Android. We never see your payment-card information. Privacy details.

We do not share your personal data with any third party for advertising, marketing, or data brokering purposes.

5. Data Storage & Cloud Syncing

For authenticated accounts, your app data is securely stored using Google Firebase infrastructure, which provides encryption in transit and at rest. Data is processed in accordance with Google's data processing terms.

Guest Mode data is stored exclusively on your local device and is never transmitted to any server.

6. Location Data

The app requests access to your device's location to provide two features:

• Prayer Times — Your coordinates are used to compute accurate prayer times for your geographic region.
• Qibla Compass — Your location computes the correct bearing toward Makkah.

Your location data is processed entirely on your local device and is never transmitted to our servers, stored permanently, or shared with any third party.

7. Audio Content Sources

The app delivers audio content from two distinct sources, each handled differently:

a) Quran Recitations

The Holy Quran recitations available in the app are sourced from the public Quran.com API and Quran Besties's own audio infrastructure. No personal data is transmitted when audio is fetched.

b) Audiobooks & Islamic Lectures

The audiobook library includes content from two sources:

• Originally produced content — series created by Quran Besties or for which we have explicit distribution rights (such as our flagship narrated "Stories of the Prophets"), hosted on our own servers.
• Content from the Internet Archive (archive.org) — Islamic lecture and audiobook series that we surface through a curated interface but which stream directly from the Internet Archive's servers to your device. We do not host, edit, copy, modify, or redistribute this content. We provide an aggregator/search interface only.

Where Internet Archive content appears in the app, it is clearly labeled with attribution to its source and a link to view the original archive.org page. All copyright in third-party audio content remains with the original speakers, producers, and rights holders.

Rights holders who would like content removed, or who would like to formally partner with the app, can reach us using the procedure described in Section 14 (Copyright & Takedown Requests).

8. In-App Purchases & Subscriptions

The app offers an optional paid subscription called Besties+ (with Lite, Full, and Founder tiers) and a one-time Tip Jar feature for voluntary support. All purchases are entirely optional; the core functionality of the app is free.

a) Payment Processing

All purchases are processed exclusively by:

• Apple App Store / StoreKit on iOS
• Google Play Billing on Android

We never see, collect, or store your payment-card numbers, billing addresses, or any other payment-related personal information. Apple and Google process all billing, refunds, and payment-record retention according to their own privacy policies.

b) Subscription Verification

After a successful purchase, your device sends a digital receipt to our secure Cloud Functions for server-side validation. This validation:

• Confirms the receipt is authentic via cryptographic signature checks against Apple's and Google's public certificates
• Records your active subscription tier in your account so the entitlement can be restored on other devices and survives reinstallation
• Stores only: subscription tier, expiration timestamp, product identifier, and platform (Apple or Google)

We do not store card numbers, partial card numbers, billing addresses, transaction amounts, or any other personal financial information.

c) Restoring Purchases

You can restore your active subscription on a new device by signing into the same account. The restore action re-fetches your validated subscription state from our servers — no re-purchase is required.

d) Cancellation & Refunds

Subscription cancellation, refund requests, and billing disputes are handled exclusively by Apple (iOS) or Google (Android) through your device's account settings. We do not have access to billing systems and cannot issue refunds directly.

9. Social Features

When participating in social features (Friends, Streak Pacts, Classrooms), your display name, username, and learning statistics (such as streaks and badges) may be visible to your approved friends or classroom members as part of the community experience.

You can control the visibility of your stats via the "Share Public Stats" setting in your profile.

10. Device Permissions

• Notifications — Local prayer time reminders are generated and scheduled on your device. We may also send remote push notifications (via Apple Push Notification service on iOS and Firebase Cloud Messaging on Android) for sacred-day reminders, friend requests, classroom activity, and streak pact updates. We do not use remote push notifications for advertising, marketing, or engagement-tracking purposes.
• Camera — Camera access is requested only for augmented reality features (such as the Qibla compass) and is never recorded or transmitted.
• Microphone — Microphone access is requested only when you choose to record audio for classroom recitation submissions. Recordings are not made or stored without your explicit action.
• Photo Library — Photo library access is requested only when you choose to upload a custom profile avatar. We never read, list, or transmit other photos.
• Location — Used solely for prayer times and Qibla as described above.

11. Data Retention & Deletion

Account Deletion

You retain complete ownership of your data. You may permanently delete your account at any time directly from the in-app Profile Settings (under "Danger Zone"). Account deletion:

• Permanently removes your profile, email, username, and authentication credentials
• Permanently deletes all cloud-synced data including reading progress, bookmarks, notes, dhikr counts, social connections, and subscription records
• Is immediate and irreversible

Minimal data may be retained temporarily in automated backup systems for up to 30 days after deletion, solely for security and disaster-recovery purposes, after which it is permanently purged.

Data Retention

We retain your data only for as long as your account exists and is necessary to provide our services. We do not retain data beyond what is needed for the purposes described in this policy.

Revoking Consent

You can revoke consent for data collection at any time by:

• Deleting your account via in-app settings
• Switching to Guest Mode (which stops all cloud syncing and analytics association)
• Contacting us at the email below to request data deletion

12. Children's Privacy

Quran Besties is an educational app suitable for all ages. We do not knowingly collect personal information from children under 13 without parental consent. Parents can opt their children into Guest Mode for a fully offline and private experience without account creation.

13. No Selling of Data

14. Copyright & Takedown Requests

We respect intellectual property rights. The audiobook library surfaces content from the Internet Archive — a non-profit digital library — and our role is that of an aggregator and search interface. We do not host or distribute Internet Archive content; it streams directly from archive.org's servers to your device.

For Rights Holders Requesting Removal

If you are a copyright holder and believe content surfaced through our app should be removed from our catalog, please contact us with the following information:

• The specific content (title, scholar/speaker, and where applicable the Internet Archive identifier)
• Proof of your ownership or authorization to act on behalf of the rights holder
• A statement that you believe the appearance of the content in our app is unauthorized
• Your contact information (email and any verification details)

We process verified takedown requests promptly — typically within 7 business days — and remove the content from our curated catalog. If the content is hosted on the Internet Archive, you may also wish to file a parallel request directly with the Internet Archive at info@archive.org, since they control the actual hosted file.

For Rights Holders Wanting Inclusion

If you are a scholar, organization, or rights holder who would like your content officially featured in the app with explicit permission and attribution, we would be honored to hear from you. Reach out at the email below — most partnerships are simple to set up.

How to Contact Us About Copyright

📧 Send copyright requests, takedown notices, or partnership inquiries to qurancompanionsupport@gmail.com with "Copyright" in the subject line for fastest routing.

15. Data Breach Notification

In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay and, where feasible, within 72 hours of becoming aware of the breach. Notification will be made via the email address associated with your account and will include:

• The nature of the breach and the categories of data affected
• The likely consequences of the breach
• The measures we have taken or propose to take to address the breach
• Steps you can take to mitigate any potential adverse effects

Where required by law, we will also notify the relevant supervisory authority (such as a Data Protection Authority in the EU/UK) within the same 72-hour window.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the app after changes constitutes acceptance of the updated policy.

17. Contact

If you have any questions, concerns, or requests regarding this privacy policy or your personal data, please contact us:

📧 qurancompanionsupport@gmail.com

🔗 github.com/symphation