Your Privacy is Our Amanah

Account Information

When you create a Saraly account, we collect:

• Email address - For account creation, authentication, and communication
• Full name - Your first and last name for personalization
• Islamic name - Optional Islamic name for spiritual personalization
• Password - Securely hashed and stored for account security

Journal Content & Spiritual Data

As an Islamic journaling platform, we collect and store:

• Journal entries - Your personal reflections, thoughts, and spiritual insights
• Mood tracking - 20 different emotional states to track your spiritual journey
• Tags and categories - Labels you assign to organize your entries
• Favorites - Entries you mark as particularly meaningful
• Word counts - Automatically calculated for writing analytics
• Entry dates and timestamps - When you create and update entries

Islamic Preferences & Settings

To provide personalized Islamic features, we collect:

• Location data - City, latitude, and longitude for accurate prayer times
• Prayer calculation method - Your preferred method (Muslim World League, Egyptian, etc.)
• Timezone - For accurate prayer time calculations
• Hijri calendar adjustment - Personal preference for Islamic date calculations
• Arabic level - Your familiarity with Arabic (none, basic, intermediate, advanced)
• Spiritual goals - Your selected spiritual development objectives
• Language preference - Interface language setting

Onboarding & Experience Data

During onboarding, we collect:

• Journaling experience - Your background with journaling (never, digital, paper, Islamic)
• Session length preference - Preferred journaling session duration
• Privacy acknowledgment - Confirmation of privacy policy acceptance
• Onboarding completion status - Progress through setup process

Usage Analytics & Interactions

To improve our service, we track:

• Prompt interactions - Which prompts you view, use, and rate
• Feature usage - How you interact with Islamic features (prayer times, verses, etc.)
• Writing statistics - Entry frequency, word counts, and writing patterns
• Mood patterns - Trends in your emotional and spiritual states
• Session data - Login times and app usage duration

Website Analytics

We use privacy-first analytics through Vercel:

• Page views - Which pages you visit (no personal identification)
• Traffic sources - How you found our website
• General location - Country/region only (not precise location)
• Device type - General device information for optimization

Payment & Subscription Information

For Premium subscriptions, we collect:

• Stripe customer ID - For payment processing and subscription management
• Subscription status - Active, canceled, past due, etc.
• Plan information - Free or Premium plan details
• Billing periods - Subscription start and end dates
• Payment history - Transaction records (stored by Stripe, not us)

Core Application Functions

We use your information to provide and improve Saraly's core features:

• Account management - Authentication, profile management, and account security
• Journal functionality - Store, organize, and display your personal reflections
• Islamic features - Provide accurate prayer times, Hijri calendar, and daily verses
• AI-powered prompts - Generate personalized Islamic reflection prompts using OpenAI
• Analytics and insights - Show your writing patterns, mood trends, and spiritual progress
• Auto-save functionality - Prevent loss of your journal entries

Personalization & Recommendations

We analyze your usage patterns to:

• Customize prompts - Select relevant reflection prompts based on your mood and spiritual goals
• Optimize Islamic features - Provide prayer times and Islamic content relevant to your location
• Improve user experience - Adapt the interface based on your preferences and usage patterns
• Content recommendations - Suggest relevant Quranic verses and Islamic wisdom

Communication & Support

We may contact you for:

• Service announcements - Important updates about Saraly features and policies
• Account notifications - Security alerts, password resets, and subscription updates
• Customer support - Responding to your questions and technical issues
• Optional marketing - Islamic content, spiritual guidance, and feature updates (you can opt out)

Service Improvement & Development

We use aggregated, anonymized data to:

• Improve AI prompts - Enhance the quality and relevance of Islamic reflection prompts
• Feature development - Understand which features are most valuable to users
• Performance optimization - Identify and fix technical issues
• Islamic content curation - Ensure our content remains authentic and beneficial

Subscription & Payment Processing

For Premium subscribers, we use payment information to:

• Process payments - Handle subscription billing through Stripe
• Manage subscriptions - Track subscription status, renewals, and cancellations
• Provide customer support - Help with billing questions and subscription issues
• Prevent fraud - Detect and prevent fraudulent payment activity

Legal Basis for Processing (GDPR)

For users in the European Union, we process your data based on:

• Contract performance - Providing the journaling service you signed up for
• Consent - For optional features like marketing communications and analytics
• Legitimate interest - Improving our service, preventing fraud, and ensuring security
• Legal obligation - Complying with applicable laws and regulations

You can withdraw consent at any time through your account settings or by contacting us.

Where Your Data Is Stored

• Primary Database: Supabase (PostgreSQL) - servers located in North EU (Stockholm)
• Application Hosting: Vercel - global edge network with primary servers in the United States
• Payment Processing: Stripe - secure payment infrastructure in the United States
• AI Processing: OpenAI - servers located in the United States
• Website Analytics: Vercel Analytics - servers located in the United States
• Islamic APIs: Aladhan API for prayer times, Quran.com API for verses

Security Measures

We protect your information through multiple layers of security:

• Encrypted transmission - All data sent securely using HTTPS/TLS encryption
• Database security - Row-level security (RLS) policies ensure users can only access their own data
• Authentication - Supabase Auth with secure password hashing and session management
• API security - Authenticated API endpoints with proper authorization checks
• Payment security - PCI DSS compliant payment processing through Stripe
• Access controls - Limited team access with role-based permissions
• Regular security reviews - Ongoing monitoring, updates, and security assessments
• Data isolation - Each user's data is strictly isolated from others

Data Retention Policies

We retain your data for different periods based on the type:

• Account data: Retained while your account is active, deleted within 30 days of account deletion
• Journal entries: Retained indefinitely while your account is active, permanently deleted when you delete your account
• Usage analytics: Anonymized analytics data may be retained for up to 2 years for product improvement
• Payment data: Billing records retained for 7 years as required by law, handled by Stripe
• Support communications: Retained for 3 years for customer service purposes
• AI prompt cache: Cached AI-generated prompts retained for 90 days to improve performance
• Prayer times cache: Location-based prayer time data cached for 24 hours

Data Backups & Recovery

To protect against data loss:

• Automated backups - Daily encrypted backups of all user data
• Geographic redundancy - Backups stored in multiple geographic locations
• Point-in-time recovery - Ability to restore data from specific timestamps
• Disaster recovery - Comprehensive disaster recovery procedures in place

Account Management

You have full control over your Saraly account:

• Account settings - Update your profile information, Islamic preferences, and privacy settings
• Data export - Download all your data in JSON format through Settings → Privacy
• Account deletion - Permanently delete your account and all associated data
• Communication preferences - Control which emails you receive from us

Journal & Content Control

You maintain complete control over your spiritual content:

• Edit or delete entries - Modify or remove any journal entry at any time
• Export your journal - Download all entries in multiple formats (JSON, CSV)
• Privacy settings - Control how your data is used for analytics and improvements
• Auto-save control - Enable or disable automatic saving of your drafts

Subscription & Billing Control

For Premium subscribers:

• Subscription management - Upgrade, downgrade, or cancel your subscription
• Billing portal - Access Stripe's secure portal to manage payment methods and invoices
• Cancel anytime - Cancel your subscription with immediate or end-of-period effect
• Data retention - Choose what happens to your data if you cancel Premium

Your Data Rights (GDPR & CCPA)

Under applicable privacy laws, you have the right to:

• Access - Request a copy of all personal data we have about you
• Rectification - Ask us to correct inaccurate or incomplete information
• Erasure - Request deletion of your personal data ("right to be forgotten")
• Portability - Receive your data in a structured, machine-readable format
• Restriction - Limit how we process your data in certain circumstances
• Object - Object to processing based on legitimate interests
• Withdraw consent - Withdraw consent for any processing based on consent

How to Exercise Your Rights

You can exercise your privacy rights through:

• In-app settings - Most privacy controls are available in Settings → Privacy
• Email request - Contact us at contact@getsaraly.com
• Data export tool - Use the built-in data export feature for immediate access
• Account deletion - Use the account deletion feature for complete data removal

We will respond to all privacy requests within 30 days. For complex requests, we may extend this to 60 days and will notify you of any extension.

Data Transfer Locations

• Primary Storage: North EU - Stockholm (Supabase), United States (Vercel)
• AI Processing: United States (OpenAI)
• Payment Processing: United States (Stripe)
• Analytics: United States (Vercel Analytics)

Transfer Safeguards

For international data transfers, we implement appropriate safeguards including:

• Standard Contractual Clauses: EU-approved data transfer mechanisms
• Adequacy Decisions: Transfers only to countries with adequate privacy protections
• Data Processing Agreements: Binding agreements with all service providers
• Technical Safeguards: Encryption in transit and at rest
• Access Controls: Strict limitations on who can access transferred data

Age Requirements

• Minimum Age: 13 years old (16 in the EU)
• Recommended Age: 16+ for optimal experience with spiritual reflection features
• Parental Consent: Required for users under 18 in certain jurisdictions

Child Protection Measures

• We do not knowingly collect personal information from children under 13
• If we discover we have collected data from a child under 13, we will delete it immediately
• Parents can request access to, correction of, or deletion of their child's information
• We do not use children's data for behavioral advertising

Policy Updates

We may update this privacy policy periodically to reflect changes in our practices, services, or legal requirements. Here's how we handle updates:

• Material Changes: We will notify you via email and in-app notification 30 days before changes take effect
• Minor Changes: Updates to contact information or clarifications will be posted with updated date
• New Features: When we add new features, we'll update this policy and notify users
• Legal Requirements: Changes required by law will be implemented immediately with user notification

How We Notify You

• Email notification to your registered email address
• In-app banner highlighting policy changes
• Account dashboard notification for significant changes
• Website banner on GetSaraly.com for major updates

Your Choices

When we make material changes to this privacy policy:

• Review period: You have 30 days to review changes before they take effect
• Continued use: Using Saraly after changes take effect indicates acceptance
• Opt-out option: If you disagree with changes, you can delete your account
• Data export: You can export your data before account deletion