Istiqama logo
Istiqama
Download

Privacy Policy (Istiqama)

Effective date: 16 March 2026

This Privacy Policy describes the personal data we process when you use the Istiqama mobile app.

1) Who we are

Istiqama (“we”, “us”) is the publisher of the app and the data controller for the processing described below.

2) What data we process

We process the following data:

  • Account information (if you sign in): email address, and your name when it is provided by Apple/Google.
  • Prayer data you choose to record: your settings and progress (e.g., onboarding, level, join date), your programs/plans, and your prayer logs (date, prayer, status, timing/on‑time status, late reason, notes you enter).
  • Location (if you grant permission): coordinates used to calculate prayer times for your area.
  • Error reports: error messages and context to help us fix bugs. If you are signed in and an error report is linked to your session, we store your user ID with that report.

3) How we use data

  • Provide the app features (tracking, progress, settings).
  • Sync and backup across devices (only if you sign in).
  • Calculate prayer times (only if you allow location access).
  • Improve stability and security (error reports).

Prayer logs can reveal religious practice. We process them only to provide the app features you use (including cloud sync when you sign in).

4) Where data is stored

  • On your device: app state and preferences.
  • In the cloud: if you sign in, we store and sync your app state (profile, programs, logs) so you can restore it on another device.

5) Service providers we use

We don’t use advertising SDKs. We share data only with service providers needed to run the app:

  • Authentication & database provider: used for sign‑in and cloud sync data (and error reports if enabled).
  • Apple / Google (Sign‑in providers): they process your sign‑in under their own privacy terms.
  • AlAdhan API (prayer times): date + coordinates when you allow location access for prayer time calculation.
  • Twemoji (jsDelivr CDN) (emoji images): when the app displays emojis, your device downloads emoji images from the CDN. The CDN receives standard network data (such as IP address and user agent) to deliver the content.

6) Retention

  • On-device data: until you reset it or uninstall the app.
  • Cloud-synced data: while your account is active; deleted on account deletion.
  • Error reports: up to 90 days, then deleted or anonymized.

7) Your rights & choices

If GDPR applies to you, you have rights to access, correct, delete, restrict, object, and export your data, and to withdraw consent (for example, location permission).

  • Local data: reset/delete in the app settings (if available) and/or uninstall.
  • Cloud/account data: contact us to request access/export/deletion.
  • You can also lodge a complaint with your data protection authority (e.g., CNIL in France).

7) Contact

For privacy questions or requests: omarvqv@gmail.com