1. Data We Collect
DuaSalaam collects only what is necessary to provide its features:
- Email address — collected when you create an account, used for login (OTP code) and optional monthly newsletters.
- Password (hashed) — stored as a one-way bcrypt hash. We never store or see your plain-text password.
- Location (GPS, city, country) — collected only with your explicit permission, used solely to calculate prayer times and Qibla direction. Precise GPS coordinates are processed on-device only; your chosen city/country is saved to your account settings.
- Worship records (Aamaal, Qaza) — if you enable cloud backup, these are end-to-end encrypted on your device before transmission. We cannot read them.
We do not collect advertising IDs, contacts, browsing history, financial data, or any data unrelated to app functionality.
2. How We Use Your Data
- Email: to send your OTP login code and (with consent) monthly newsletters.
- Hashed password: solely to verify your identity at login.
- Location: to compute prayer times on-device. City/country syncs to your account so preferences persist across devices.
- Encrypted worship records: stored as opaque ciphertext for cross-device backup/restore. We have no ability to decrypt them.
We do not use your data for advertising, profiling, or sale to third parties.
3. Third-Party Services
- Resend (email delivery) — your email is transmitted to Resend to deliver OTP codes and newsletters. Resend acts as a data processor under our instructions.
- AlAdhan API — calendar adjustment parameters are sent to api.aladhan.com for Hijri date conversion. No personal information is included.
- YouTube — lecture videos are embedded. When viewed, YouTube's embed privacy policy applies. Our servers send no personal data to YouTube.
No other third-party services receive your personal data.
4. End-to-End Encryption
Your Aamaal Register and Qaza Register are protected by end-to-end encryption (E2EE). Encryption occurs on your device before any data is transmitted. Your encryption key is stored only in your device's secure storage (iOS Keychain / Android Keystore) and never leaves your device in plain form. A password-wrapped copy of the key is backed up to our servers so you can recover it on a new device — but only you, with your password, can unwrap it.
Important: if you forget your password and no longer have access to an authenticated device, your encrypted data cannot be recovered by us.
5. Data Retention & Deletion
Your data is retained for as long as your account is active. You may delete your account at any time from the Settings screen, which permanently removes all your data from our servers within 30 days. You may also email dcm700@proton.me to request deletion.
6. Data Security
We use HTTPS for all data in transit, bcrypt for password hashing, E2EE for worship records, and secure session management. Our infrastructure is hosted in a professionally managed environment with access controls and monitoring.
7. Your Rights
- Access: request a copy of your data by emailing dcm700@proton.me.
- Correction: update your email or location in app settings.
- Deletion: delete your account from Settings or via email request.
- Location opt-out: revoke GPS permission in device settings at any time.
- Marketing opt-out: use the unsubscribe link in any newsletter.
We aim to respond to all privacy requests within 7 business days.
8. Children's Privacy
DuaSalaam is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us at dcm700@proton.me and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be posted at this URL with a new "Last updated" date. Continued use of the App after changes constitutes acceptance of the revised policy.
10. Contact Us
- Developer: DCMM
- Email: dcm700@proton.me
- Website: www.duasalaam.org