Privacy Policy
Last updated: March 11, 2026
TL;DR
- No data selling. Your data is never sold to anyone. Ever.
- AI never generates Islamic content. All Quran, hadith, and du'as come from our curated database.
- Your reflections are private. AI only sees heart state metadata, never your personal reflections.
- Your du'a list is local-only. It never leaves your device and is never synced to our servers.
- Analytics are opt-in. Crashlytics requires your consent before activation.
- You can delete everything. Request full account and data deletion at any time.
Hudur ("the App") is a du'a and Muraqaba companion for Muslims. We take your privacy seriously — especially when it comes to your spiritual practice. This policy explains what we collect, what we don't, and why.
1. What We Collect
| Data | Purpose | Storage |
|---|---|---|
| Email & display name | Account authentication | Supabase (encrypted) |
| Spiritual profile | Depth level (guided/steady/deep) | Supabase |
| Heart state metadata | Session matching & AI guidance | Supabase |
| Session metadata | Duration, exchange count, depth level | Supabase |
| Preferences | Language, theme, notification settings | Device & Supabase |
| Push notification token | Reminders & notifications | Supabase & FCM |
2. What We Don't Collect
- Your du'a list — stored locally on your device only, never synced
- Reflection content — AI receives heart state metadata only, never your written reflections
- Health or biometric data — we don't access HealthKit or biometric sensors
- Precise location — we don't request or store your location
- Contacts — we never access your address book
3. How AI Works in Hudur
Hudur uses Google Gemini AI as a Muhasaba (self-accounting) facilitator — not a therapist, scholar, imam, or mufti. Here's exactly how it works:
- All Islamic content is curated. Quran verses, hadith, and du'as come exclusively from our verified
islamic_contentdatabase. AI never generates Islamic texts. - Heart state matching. Your selected heart state (e.g., shukr, sabr, qabd) is shared with AI to match you with appropriate du'as and reflections.
- Edge Functions as proxy. All AI requests go through Supabase Edge Functions. No API keys are stored on your device.
- Session limits enforced. Maximum 5 exchanges per session and 3 sessions per day to maintain the practice's integrity.
4. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication, database, Edge Functions | Account data, session metadata |
| Google Gemini | AI Muhasaba guidance (via Edge Functions) | Heart state, depth level (anonymized) |
| Firebase Crashlytics | Crash reporting (opt-in only) | Device info, crash logs |
| Firebase Cloud Messaging | Push notifications | Device token |
| RevenueCat | Subscription management | Purchase data, anonymous user ID |
| Cloudflare R2 | Audio content delivery | None (read-only CDN) |
| Apple / Google Sign-In | Authentication | Email (via OAuth) |
5. Your Rights (GDPR & Privacy)
You have the right to:
- Access — Request a copy of all data we hold about you
- Delete — Request complete deletion of your account and all associated data
- Portability — Receive your data in a machine-readable format
- Opt-out — Disable analytics and crash reporting at any time
- Withdraw consent — Revoke any previously granted permissions
To exercise any of these rights, email us at salam@hudur.app. We will respond within 30 days.
6. Data Retention
- Active account — Data is retained as long as your account is active
- Deleted account — All data is permanently deleted within 30 days of your request
- Crash logs — Automatically purged after 90 days
- Session metadata — Retained for practice history; deleted with account
7. Children's Privacy
Hudur is designed for Muslim adults aged 18 and above. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
8. Changes to This Policy
We may update this policy from time to time. Significant changes will be communicated through the App. Continued use of Hudur after changes constitutes acceptance of the updated policy.