Privacy Policy

1. Who we are

ZikrFlow is operated by NadaSofts. This Privacy Policy explains what information we collect when you use the ZikrFlow mobile or web application ("the Service"), how we use it, and the rights you have over it. By using the Service you accept this Policy.

2. Information we collect

We collect only what is needed to run the features you use. This falls into four buckets:

• Account information. When you create an account or sign in with Google, we receive your name, email address, and (for Google sign-in) profile photo. We never see or store your Google password.
• Worship and activity data. Prayer logs, dhikr sessions, recorded feelings, habits, custom remembrance items, AI chat messages, favorite duas, and similar in-app activity. This data lives on your device and, if you sign in, is synced privately to your account in Google Firebase.
• Technical data. Device model, operating system, app version, and anonymous crash reports. We use this strictly to fix bugs and improve performance.
• Advertising identifiers. When ads are shown, the Google Mobile Ads SDK collects your device's Advertising ID (AAID on Android, IDFA on iOS), IP address, coarse location, and limited device information. See Section 5 for how this is used.

3. How we use your information

Your data is used to:

• Authenticate you and protect your account.
• Sync your worship data across your devices when you are signed in.
• Personalise the experience — for example, surfacing a dua that matches a feeling you have recorded.
• Generate AI replies in the in-app chat, where your message and your relevant worship context are sent to our backend running on Google Cloud.
• Send you optional reminders, such as prayer-time or daily-remembrance notifications, only when you have enabled them.
• Diagnose crashes and improve reliability via anonymous telemetry.
• Display advertising that helps keep the app free (see Section 5).

4. What we do NOT do

For clarity, the things we explicitly do not do:

• We do not sell your personal data to anyone.
• We do not share your worship records or AI conversations with other users or advertisers.
• We do not use your data to train any public machine-learning model.

5. Advertising

ZikrFlow displays advertisements through Google AdMob (provided by Google LLC) to keep the app free. AdMob and its certified advertising partners process the following to serve, measure, and improve ads:

• Your device's Advertising ID (AAID on Android, IDFA on iOS).
• IP address and approximate (coarse) location derived from it.
• Device information such as model, OS, language, and app version.
• Interaction data with ads (impressions, clicks).
• Where required by law (EEA, UK, Switzerland), we will request your consent for personalized ads through a Google-certified consent message before any personalized ads are served. You may withdraw or change your choice at any time.
• You can limit ad personalization on Android via Settings → Google → Ads, and on iOS via Settings → Privacy & Security → Tracking.
• Learn more at policies.google.com/technologies/partner-sites and policies.google.com/privacy.

6. Where your data lives

Personal data, when synced, is stored in Google Firebase services (Cloud Firestore, Firebase Auth, Firebase Cloud Messaging). AI chat requests are processed by our backend hosted on Google Cloud Run using Google's Vertex AI Gemini service. Advertising data is processed by Google AdMob and its certified partners. These providers comply with major international privacy standards and do not retain your prompts for model training.

7. Data retention

Your data is kept for as long as your account is active. You can delete your account at any time from Settings → Account → Delete account. When you do, your profile, synced worship data, and AI chat history are permanently removed from our servers within 30 days. Anonymous crash reports may persist for diagnostic purposes and are not linked to your identity.

8. Your rights

Regardless of where you live, you have the right to:

• Access the data we hold about you.
• Correct anything that is wrong.
• Export your data in a portable format.
• Delete your account and associated data.
• Object to specific processing, including advertising personalization, and withdraw consent at any time.

9. Family-friendly use

ZikrFlow is an Islamic worship companion and is suitable for general audiences. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA) without verifiable parental consent. The app is not directed primarily at children, and any ads served are configured to comply with applicable family policies. We encourage parents and guardians to supervise account creation for younger children and to use Guest Mode (no account) when an email address is not desired. If you believe personal information has been provided to us without consent, please contact us and we will delete it.

10. Security

We use industry-standard safeguards: HTTPS for all traffic, Firebase App Check on the AI backend, encrypted storage on Google's infrastructure, and secure storage on your device for sensitive tokens. No system is perfectly secure, however; we encourage you to use a strong account password and to sign out on shared devices.

11. Changes to this Policy

When we update this Policy we will revise the "Last updated" date at the top of this screen. Material changes will be announced in-app before they take effect so you have a chance to review them.