• 
  Download and use our mobile application TASBIH — Dhikr
  Tracker on Google Play (com.tasbihapp.tasbih).
  
• 
  Visit our website at
  https://tasbihapp.com.
  
• 
  Engage with us in other related ways, including support email or
  community channels.
  

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?

Information you give us

In Short: You can use most of the app
without an account. If you create one, we collect only what is needed
to authenticate you and sync your dhikr data across your devices.

The personal information we collect when you choose to create an
account or contact us may include:

• Account data — email address and password.
  Passwords are stored only by our authentication provider,
  Supabase,
  as a salted hash; we never see them in plain text.
• Profile preferences you choose to enter —
  display name, country, preferred language, and prayer-method
  preferences.
• Optional content you create in the app —
  dhikr counts, custom dhikr texts, daily intentions, session
  reflections, and external-donation logs (see §3 and §5
  below).
• Support correspondence — anything you
  write to us at
  officialtasbihapp@gmail.com or its alias addresses.

Sensitive Information. We do not
collect names, postal addresses, phone numbers, payment card numbers,
government IDs, biometric data, religious practice records linked to
your identity, or any other category that qualifies as
“sensitive personal information” under EU GDPR, UK GDPR,
or US state privacy laws.

Payment Data. The app has no paid tier and no
in-app purchase, so we do not collect or process any payment
information. If you choose to make a voluntary donation, you do so on
LaunchGood’s own website (see §5); we never see your card
number, billing address, or amount unless you choose to log it back
into the app yourself.

Information collected automatically

In Short: Some basic device and
diagnostic information is collected automatically so the app can run
reliably and serve ads.

• Device information — model, operating
  system version, language, time zone, and a randomly-generated
  device identifier.
• App diagnostics — basic crash and error
  information that the Google Mobile Ads SDK and our backend log
  in order to keep the Services running. We do not run a separate
  analytics SDK and we do not collect screen-by-screen
  event tracking.
• IP address — observed by our backend
  (Supabase) and by Google AdMob when serving ads. We do not
  store IP addresses long-term.
• Approximate geolocation — only if you
  grant location permission. Used to compute prayer times and
  the qibla direction. The calculation runs on your device; the
  coordinates are not transmitted to our servers.

On-device features that do not leave your device

The following features run entirely locally on your phone and
do not transmit any data to us or to any third party:

• ML Kit Text Recognition and ML Kit on-device Translation, used
  for the optional “Scan dhikr text from a photo”
  feature.
• Bluetooth Low Energy (BLE) scanning for compatible smart-tasbih
  hardware. We never receive the device names, MAC addresses, or
  counts from those peripherals.
• Push-notification scheduling and display.
• Hijri-calendar and prayer-time computations.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information
to run the app, serve ads, operate our charity-attribution counter,
diagnose bugs, communicate with you, and comply with the law.

• To run the core app — counting dhikr,
  syncing your sessions across your devices when you sign in, and
  scheduling prayer-time and dhikr reminders.
• To show you ads through Google AdMob and its
  mediation partners (see §3).
• To operate our charity attribution ledger
  — when you watch an opt-in rewarded ad or log an external
  donation to LaunchGood, we record an anonymised event so we can
  publish a transparent total at
  tasbihapp.com/charity.
• To diagnose and fix bugs, prevent abuse, and
  improve reliability.
• To communicate with you when you contact
  support.
• To comply with the law and respond to lawful
  requests.

We do not use your personal information for
automated decision-making that produces legal or similarly significant
effects, and we do not build advertising or behavioural
profiles of you ourselves.

3. ADVERTISING, ADMOB, AND THE CONSENT FLOW

In Short: The app is monetised by
Google AdMob. In the EEA, UK, Switzerland, and Brazil we show a Google
consent form before any ad loads, and you can change your choice
anytime from Settings → Privacy options.

Three ad formats are used:

Format	Where it shows	Frequency
Banner	Bottom of the home screen and the app drawer	Adaptive, ~60s refresh
Interstitial	Full-screen between sessions, after Save & Contribute	At session save time
Rewarded	Optional, only if you tap “Watch an ad to add to charity”	User-initiated only

We do not use app-open ads, and we do
not use interruptive video ads outside of the
user-initiated rewarded format above.

Mediation partners. AdMob may pass an ad request on
to one of its mediation partners (such as AppLovin) when they bid
higher than AdMob’s own demand. Each partner has its own privacy
notice; the relevant ones are:

• Google AdMob —
  https://policies.google.com/technologies/ads
• AppLovin —
  https://www.applovin.com/privacy

Consent (GDPR / UK / Swiss / Brazilian users). We
use the IAB / Google
User Messaging Platform
to gather your consent before any ad loads. The first time the app
starts in one of these regions you’ll see a Google-provided
consent form where you can choose between personalised ads,
non-personalised ads, or limited ad options. You can revisit and
change your choice at any time from
Settings → Privacy options inside the app.

Charity attribution. When an ad is rendered (a
real impression, not just loaded), we increment an anonymous counter
in your local database that contributes to our published charity
total. No personal identifier is attached to that counter.

4. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your
personal information when we have a valid legal basis under
applicable law.

If you are located in the EEA, UK, or Switzerland,
this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require
us to identify a legal basis for each processing activity. We rely
on:

• Consent — for personalised advertising
  and any optional permissions you grant (location, camera,
  notifications). You can withdraw consent at any time without
  affecting the lawfulness of past processing. Learn more about
  withdrawing your consent.
• Contract — to deliver the app and any
  features tied to your account.
• Legitimate interests — to keep the
  Services secure, prevent fraud, and improve reliability, where
  these interests are not overridden by your rights and freedoms.
• Legal obligation — to respond to lawful
  regulator or court requests.

If you are located in Canada, this section applies
to you.

We rely on your express or implied consent under PIPEDA. You can
withdraw your consent
at any time. We may also process information without consent in the
narrow exceptions PIPEDA permits (for example, fraud detection or
compliance with a court order).

5. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We share information only
with the small set of service providers we depend on to run the
Services. We do not sell or rent personal information.

Provider	Purpose	Region
Supabase	Authentication and encrypted user-data sync	United States
Google AdMob	Ad serving, ad measurement, and crash diagnostics from the Mobile Ads SDK	Global
AppLovin (and other AdMob mediation partners)	Ad bidding when AdMob mediates an impression	Global
LaunchGood	Voluntary external donations — you transact directly with LaunchGood; we never see your card or amount unless you choose to log it back in the app	United States

Each provider above is bound by a written data processing
agreement. We do not sell your personal information
to data brokers, lead-gen networks, AI training providers, retargeting
platforms, or any other third party. We do not share
your data with social networks, except for the limited profile fields
returned by Apple, Google, or other identity providers if you choose
to sign in with them.

We may also disclose information when required by law, in response
to a valid legal process, to protect the safety of our users, or as
part of a business transfer (merger, acquisition, or sale of assets)
— in which case we will require the receiving party to honour
this Privacy Notice.

6. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?

In Short: We are not responsible for
the privacy practices of websites we link to.

The app may link to third-party websites — most commonly
LaunchGood, when you choose to “Donate More” voluntarily.
We are not responsible for the privacy practices of those sites.
Review their privacy notices before sharing any information with
them.

7. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: The mobile app does not use
browser cookies. The website uses a small number of necessary,
functional, and (with your consent) analytical cookies.

The mobile app uses:

• Local Hive storage for your sessions, custom
  dhikr, and settings. This data lives on your device.
• A randomly-generated AdMob advertising identifier
  (resettable in your device settings under “Privacy →
  Ads”) to deliver and measure ads.
• An anonymous app-instance identifier generated
  by the Google Mobile Ads SDK to help diagnose ad-loading
  problems and prevent fraud.

Our website
(https://tasbihapp.com)
uses a small number of necessary, functional, and (with your consent)
analytical cookies. The cookie consent banner on the website lets you
opt in or out per category.

8. HOW DO WE HANDLE SOCIAL LOGINS?

In Short: If you sign in through an
identity provider, we receive only your email and (optionally) your
display name — nothing else.

If you choose to sign up using Apple, Google, or another identity
provider supported through Supabase, we receive only the limited
profile information that provider returns — typically your
email address and (if you allow it) your display name. We do not
request or store any other social-graph data, friend lists, posts,
or follower information, and we do not post anything to your social
account.

9. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

In Short: Yes — our backend
runs in the United States.

Our backend (Supabase) and several of our service providers
operate from the United States. If you access the Services from
outside the US, your information will be transferred to and
processed in the US. For users in the EEA, UK, and Switzerland,
these transfers are made under the European Commission’s
Standard Contractual Clauses (SCCs) where the recipient is not on
the UK or EU adequacy lists.

10. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: For as long as your account
is active, plus a short legal-retention window. Anonymised aggregate
counters may be kept indefinitely.

We keep your account data for as long as your account is active.
If you delete your account or email us a deletion request, we erase
your account record within 30 days, except for:

• Anonymised aggregate counters (e.g. “total ads watched
  across all users”, “total dhikr counted across all
  users”) which contain no personal identifier and are kept
  indefinitely.
• Records we are legally required to keep (e.g. for tax or
  fraud-prevention purposes), kept only for the legally-required
  retention period.

11. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on where you
live, you may have rights to access, correct, delete, port, restrict,
or object to our processing of your data, and to withdraw your
consent at any time.

• Access — receive a copy of the personal
  information we hold about you.
• Rectification — correct inaccurate or
  outdated information.
• Erasure — ask us to delete your data.
• Restriction — limit how we process your
  data.
• Portability — receive your data in a
  structured, machine-readable format.
• Object — object to processing based on
  legitimate interests, or to direct marketing.
• Withdraw consent — at any time, without
  affecting prior processing.
• Lodge a complaint — with your local
  data-protection authority.

To exercise any right, email
officialtasbihapp+privacyrelated@gmail.com
from the address associated with your account. We will respond
within the timeframe required by your local law (typically 30–45
days).

If you are located in the EEA or UK and you believe we are
unlawfully processing your personal information, you may complain to
your
Member State data-protection authority
or the
UK ICO.
If you are in Switzerland you may contact the
Federal Data Protection and Information Commissioner.

Withdrawing your consent.
Where we rely on consent, you can withdraw it at any time by emailing
the address above, or in-app via
Settings → Privacy options for ads consent.
Withdrawal does not affect the lawfulness of processing carried out
before the withdrawal.

Account Information

If you would like to review or change information in your account
or terminate your account, you can:

• Open the in-app account screen and update your profile or
  preferences.
• Email us at
  officialtasbihapp+privacyrelated@gmail.com
  and we will deactivate or delete your account from our active
  databases within 30 days.

12. CONTROLS FOR DO-NOT-TRACK FEATURES

The mobile app respects your operating-system-level “Limit
Ad Tracking” / “Allow Apps to Request to Track”
settings (Android / iOS). When tracking is limited, AdMob serves
only non-personalised ads.

We do not respond to browser DNT signals on the website, because
there is not yet a recognised industry standard for them, but our
cookie banner lets you opt out of analytical and advertising
cookies.

13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a resident of
California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa,
Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New
Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia,
you may have the right to access, correct, delete, port, and opt out
of certain uses of your personal information.

Categories of Personal Information We Collect

The table below shows the categories of personal information we
have collected in the past twelve (12) months.

Category	Examples	Collected
A. Identifiers	Email address (only if you create an account), IP address (observed transiently by our backend and AdMob), and a randomly-generated device / advertising identifier	YES (limited)
B. Personal information (California Customer Records)	Name, contact information, education, employment, employment history, financial information	NO
C. Protected classification characteristics	Gender, age, date of birth, race and ethnicity, national origin, marital status, demographic data	NO
D. Commercial information	Transactions, purchase history, financial details, payment information	NO
E. Biometric information	Fingerprints and voiceprints	NO
F. Internet or similar network activity	Crash and reliability diagnostics from the Google Mobile Ads SDK and our backend (no per-screen behavioural tracking)	YES (limited)
G. Geolocation data	Approximate device location for prayer-time and qibla calculations — computed on-device, not transmitted to our servers	ON-DEVICE ONLY
H. Audio, electronic, sensory, or similar information	Images and audio, video or call recordings created in connection with our business activities	NO
I. Professional or employment-related information	Business contact details, job title, work history, professional qualifications	NO
J. Education Information	Student records and directory information	NO
K. Inferences drawn from collected personal information	Profiles or summaries about an individual’s preferences and characteristics	NO
L. Sensitive personal information	Government IDs, precise geolocation, religious-practice records linked to an identifier, biometric data, financial-account data	NO

Sources of personal information

Learn more about the sources of personal information we collect
in “WHAT INFORMATION DO WE COLLECT?”

How we use and share personal information

Learn more in “HOW DO WE PROCESS YOUR INFORMATION?”
and “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?”

Do we “sell” or “share” personal
information? No. We do not “sell”
personal information as that term is defined under the CCPA / CPRA,
and we have not done so in the preceding twelve (12) months. For the
limited cases where ad-network identifiers may constitute
“sharing” for cross-context behavioural advertising under
California law, you can opt out by using the in-app
Settings → Privacy options entry, by enabling
the OS-level ad-tracking limit on your device, or by emailing us at
the address below.

Your rights

You have rights under certain US state data-protection laws.
However, these rights are not absolute, and in certain cases we may
decline your request as permitted by law. These rights include:

• Right to know whether we are processing your
  personal data.
• Right to access your personal data.
• Right to correct inaccuracies in your personal
  data.
• Right to request the deletion of your personal
  data.
• Right to obtain a copy of the personal data
  you previously shared with us.
• Right to non-discrimination for exercising
  your rights.
• Right to opt out of targeted advertising,
  sale, or profiling. Because we do not sell or profile, this
  right is satisfied automatically; for sharing of ad-network
  identifiers, see above.

How to exercise your rights

Email
officialtasbihapp+privacyrelated@gmail.com
from the email address tied to your account, with a brief description
of the request. You may also designate an authorised agent to act on
your behalf, with proof of authorisation.

Request verification

We will verify your identity by matching the email address on
your account. If we cannot verify you from the information already
held, we may request additional information solely for verification
and security purposes; we will not use it for any other purpose.

Appeals

If we decline to take action on your request, you may appeal by
replying to our response, or by emailing
officialtasbihapp+privacyrelated@gmail.com.
We will inform you in writing of any action taken or not taken in
response to the appeal, including a written explanation of the
reasons. If your appeal is denied, you may submit a complaint to
your state attorney general.

California “Shine The Light” Law

California Civil Code Section 1798.83 permits California
residents to request, once a year and free of charge, information
about categories of personal information disclosed to third parties
for direct marketing purposes. We do not disclose any personal
information to third parties for their own direct marketing.

14. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?

Australia and New Zealand

We process your personal information in line with Australia’s
Privacy Act 1988 and New Zealand’s Privacy Act 2020. To
exercise any access or correction right, email us. Complaints can
also be made to the
Office of the Australian Information Commissioner
or the
Office of the New Zealand Privacy Commissioner.

Republic of South Africa

You have the right to request access or correction of your
personal information. If you are unsatisfied with our handling of a
complaint, you may contact the
Information Regulator (South Africa):
General enquiries:
enquiries@inforegulator.org.za
Complaints (POPIA / PAIA Form 5):
PAIAComplaints@inforegulator.org.za
and
POPIAComplaints@inforegulator.org.za.

15. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes — we update this
notice when our app or applicable law changes.

We update this Privacy Notice when we add new features, change
service providers, or to comply with new laws. The
policy version at the top of this page tracks each
material change. When the published version is newer than the one
you previously consented to, the app will show you a re-consent
prompt the next time you open it.

16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may
email us at
officialtasbihapp+privacyrelated@gmail.com
or contact us by post at:

Chicago, IL
United States

17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Email
officialtasbihapp+privacyrelated@gmail.com
from the address tied to your account, with a brief description of
the request (access / correction / deletion / objection / withdraw
consent). We respond within the timeframe required by your local
law.

This Privacy Notice reflects the actual behaviour of the
TASBIH — Dhikr Tracker mobile app
(com.tasbihapp.tasbih) and the tasbihapp.com website
on the date shown at the top. It supersedes all prior versions.