Privacy Policy

Last updated: April 20, 2026

Mudakir ("we", "our", or "the app") respects your privacy. This policy explains what we collect, why we collect it, how long we keep it, and the rights you have. It applies to the Mudakir mobile app and the supporting backend.

1. Data Controller

Mudakir is operated as an independent project by Mohammed Pharaon, an individual based in Riyadh, Saudi Arabia, trading as "Mudakir / مُدَّكِر". At this stage there is no incorporated legal entity behind the app; Mohammed Pharaon acts as the data controller for the purposes of the KSA PDPL, GDPR and CCPA.

Contact: app.mudakir@gmail.com

Location: Riyadh, Saudi Arabia. A full postal address is not publicly published and is available on written request to the email above.

2. Information We Collect

• Account data (only if you create an account): username, email address, and a securely hashed password.
• Progress data (only if you sign in): verses studied, practice scores, streaks, achievements, favorites, daily goals, and completion of quizzes and challenges. This is synced to our server so you can use multiple devices.
• Device preferences: language, font, theme, and daily targets. Stored locally on your device.
• Diagnostics: anonymous crash reports and basic in-app event counts (for example, "quiz started") that help us find bugs and improve the app. No message content, no Quran reading content, and no personal identifiers are sent.
• Feedback you send us: the message you type into the feedback form, plus your email if you provide it.

We do not collect voice recordings. We do not run speech recognition. We do not record or analyze your recitation.

3. Legal Basis for Processing (GDPR / KSA PDPL)

• Performance of a contract: running your account, syncing your progress, and providing the practice features you signed up for.
• Consent: optional features such as push notifications and analytics events. You can withdraw consent at any time in Settings or in your device settings.
• Legitimate interest: keeping the app secure, fixing bugs, and preventing abuse.

4. Purposes of Processing

• Provide the memorization and quiz features.
• Sync your progress across your devices when you are signed in.
• Send the practice reminders you have enabled.
• Generate quiz answer choices and other AI-assisted content.
• Diagnose crashes and improve the app.

5. Guest Mode (No Server Sync)

You can use Mudakir fully without creating an account. In guest mode all your progress and preferences stay on your device. Nothing is sent to our server, and nothing is synced. If you later create an account, your local progress can be merged into that account.

6. Third-Party Services and International Data Transfers

Mudakir relies on the following processors. Their servers are located outside Saudi Arabia, so using these features involves an international transfer of the data listed.

• OpenAI (United States): generates quiz answer choices and powers AI-assisted text features. Receives the Arabic word, verse, or short prompt needed for that request. No account identifier is attached.
• Resend (United States / EU): delivers transactional and feedback emails. Receives the recipient email address and the message body.
• Al-Quran Cloud CDN: delivers Quran text and translations. Receives standard request metadata (IP address, user agent).
• QuranCDN and Islamic Network CDN: deliver recitation audio and the Mushaf font files. Receive standard request metadata (IP address, user agent).
• Sentry (United States / EU): collects anonymous crash reports and stack traces.
• Replit (United States): hosts our backend and database.

For transfers outside KSA we rely on the user's consent to use the feature, on contractual safeguards with each processor, and on the processor's own published security and data-protection commitments.

7. Data Retention

• Account and progress data: kept while your account is active. If you ask us to delete your account, we remove it within 30 days.
• Feedback emails: kept for up to 24 months so we can follow up with you.
• Crash reports and analytics events: kept for up to 12 months, then deleted.
• Server access logs: kept for up to 90 days for security and abuse prevention.
• Local data on your device: stays until you uninstall the app or clear its storage.

8. Security

Passwords are hashed and never stored in plain text. All traffic between the app and our servers uses HTTPS. Sessions use signed tokens.

9. Account Deletion

You can delete your account from inside the app: Profile → Delete my account. Deletion is immediate and removes your account, sessions, progress, practice history, favorites, achievements, challenge data, recitation attempts and competition records. Feedback you submitted is retained but unlinked from your account.

You can also request deletion from the public account deletion page or by emailing app.mudakir@gmail.com with the subject "Delete my account". Email requests are completed within 30 days.

10. Children

The app is suitable for all ages and can be used fully in guest mode without giving any personal information. We do not ask for a date of birth and we do not knowingly build profiles of children. If a parent or guardian believes a child has created an account with personal data, contact us and we will delete it.

11. Your Rights

Depending on where you live, you have some or all of the following rights: access your data, correct it, delete it, export it, restrict or object to processing, and withdraw consent. To use any of these rights, email app.mudakir@gmail.com.

GDPR (EU / EEA / UK):

• You can lodge a complaint with your local data protection authority.
• EU representative under Article 27: not applicable. Mudakir is operated from outside the EU and does not currently have an establishment in the EU/EEA, and at our current scale and processing profile we have not designated an Article 27 representative. Users in the EU/EEA can reach the data controller directly at app.mudakir@gmail.com.
• Transfer mechanism: where personal data is transferred outside the EU/EEA to our processors (for example OpenAI, Resend, Sentry, Replit), we rely on the appropriate safeguards published by each processor — primarily the European Commission's Standard Contractual Clauses (SCCs) included in their data processing terms — and, for transfers carried out at the user's direct request to use a feature, on the Article 49(1)(b) derogation (transfer necessary for the performance of a contract with the data subject).

KSA PDPL: you can lodge a complaint with the Saudi Data & AI Authority (SDAIA).

CCPA (California): we do not sell or share your personal information. You have the right to know what we hold about you, to delete it, and to correct it. We do not discriminate against you for using these rights.

12. Data Breach Notification

If a breach affects your personal data, we will notify affected users without undue delay and, where required, notify SDAIA and any other competent authority within the legally required timeframes.

13. Changes to This Policy

We may update this policy. The "Last updated" date at the top of this document always reflects the current version. Material changes will be announced in the app.

14. Contact

For privacy questions or to use any of your rights: app.mudakir@gmail.com