This policy describes how Fajrunaa (“the application”) collects, uses and protects information about you when you use the application on iOS or Android.
1. Who publishes Fajrunaa?
[TO BE COMPLETED — publisher name, legal status, postal address, registration number, share capital where applicable].
Contact: [email protected] (to be replaced with the final address before publication).
2. Data processed and purposes
Fajrunaa is designed to minimize data collection. Nearly all processing happens on your phone.
2.1 Geolocation
The application needs your approximate location to compute prayer times (Fajr, Dhuhr, Asr, Maghrib, Isha) for your city. This location is used locally on your device and is not sent to our servers nor shared with any third party.
2.2 Camera (video challenges)
When you complete a “film an object” challenge, image analysis is performed on-device via an embedded machine-learning model (MLKit). No image and no video is saved or transmitted.
2.3 User account
If you choose to create an account (cross-device sync), we store: your email address, the identifier provided by your authentication provider (Apple / Google if applicable), your alarm preferences and your configured alarms. This data is encrypted in transit (TLS) and at rest.
2.4 Anonymous usage statistics
We may collect anonymous usage events (screen viewed, challenge completed) to improve the application. This data cannot be tied to your identity.
3. Legal basis and retention
Processing is based on the performance of the service you use (alarms, sync) and on your explicit consent for sensitive permissions (geolocation, camera).
Account data is retained while your account is active. When you delete your account, it is removed within [TO BE COMPLETED — timeframe, e.g. 30 days] unless legally required to be kept longer.
4. Your rights
Under GDPR, you have the following rights: access, rectification, erasure, restriction, portability, objection. To exercise these rights, contact us at [email protected]. You may also lodge a complaint with the CNIL (www.cnil.fr).
5. Security
We implement reasonable technical and organizational measures to protect your data against unauthorized access: TLS in transit, encryption at rest, environment separation, encrypted backups.
6. Sub-processors
We rely on hosting and tooling providers:
- Hosting: OVH (France).
- Email/OAuth authentication: internal auth-service (auth.devndin.com).
- Transactional email: Amazon SES (eu-west-3, Paris).
- Error tracking: Sentry.
- Anonymous analytics: PostHog (EU).
7. Transfers outside the EU
No systematic transfer of personal data outside the European Union. Where sub-processors occasionally operate outside the EU, standard contractual clauses ensure an adequate level of protection.
8. Changes
We may update this policy to reflect technical or regulatory changes. The effective date at the top of this page is updated with each revision.
9. Contact
For any question: [email protected].