Privacy Policy
Last updated: June 9, 2026 (v2.0.2)
Waqtify ("we," "our," or "us") is a Muslim productivity app built around your prayer times. This policy describes what data we collect, why we collect it, who we share it with, and the rights you have over it. We try to keep this document concrete and short — if anything is unclear, email team@waqtify.app.
1. Information we collect
Account & profile
- Name and email address (from email registration or your Google / Apple sign-in).
- Profile picture, if your Google or Apple account provides one.
- A password hash (bcrypt) when you register with email. Plaintext passwords are never stored.
- For Sign in with Apple: an Apple-issued refresh token, kept solely so we can revoke it on your behalf when you delete your account (required by Apple App Store Guideline 5.1.1(v)).
Your content
- Tasks, events, routines, notes, thoughts, countdowns, and any text or images you attach to them.
- Prayer completion logs and Sunnah prayer tracking.
- Fasting records (Ramadan, Sunnah, and custom fasts).
- Cycle-tracking entries (period dates, predictions, and related notes), if you choose to use that feature.
- Evening reflections and Daily Check-In responses.
- App preferences, theme, calculation method, and other settings.
- Memory facts you ask the AI assistant to remember (e.g. "I'm a student in Toronto").
- Chat history with the AI Planner and AI Personal Assistant.
Device & usage
- Device location, only while you have granted permission, used to compute prayer times and weather context. We do not store a location history; only the most recent coordinates are retained.
- Expo push notification token (so we can deliver prayer, task, and AI nudge notifications).
- Time zone and locale (so prayer times and dates render correctly).
- Onboarding and feature-usage analytics events (aggregated, used to improve the app — see Section 3).
- AI usage counters (number of requests per day) so we can enforce fair-use limits.
- Device model, OS version, and app version, included automatically when you submit feedback or a bug report through the in-app screenshot feedback feature. Used only for debugging and support purposes.
Voice data
- Audio recordings created when you use voice dictation in the AI Planner or other voice features. See Section 5 for retention details.
- Transcripts of those recordings, only kept if you explicitly save the resulting message or note.
Shared content (Share Sheet capture)
- Text, URLs, and calendar (
.ics) files you send to Waqtify from another app via the iOS Share Extension or Android share intent. These are parsed locally on your device and turned into tasks or events. The raw shared payload is not transmitted to our servers — only the resulting task or event record syncs.
Support & feedback
- When you submit feedback or a bug report via the in-app screenshot prompt, we collect: the description you wrote, your name and email (if you choose to include them for follow-up), and the type of report (bug / idea / positive).
- Automatically, without any additional input from you, we also capture the screen you were on, the app version, your device model, and your OS version at the time of submission. This technical context is used solely to investigate and respond to your report.
- If you turn off the follow-up toggle, your name and email are not included in the report and we will not contact you about it.
Calendar & subscriptions
- OAuth tokens for Google Calendar and / or Microsoft Outlook, if you connect those accounts. Tokens are stored encrypted at rest and used only to read events you've authorized.
- Subscription state (active / cancelled, trial dates, billing source) when you subscribe to Waqtify Premium on the web (Stripe) or on iOS / Android (RevenueCat).
2. Health & wellbeing data
Some Waqtify features collect information that may be considered Health & Fitness data under Apple's App Privacy framework or Google Play's Data Safety form. Specifically:
- Cycle tracking (period start / end dates, predictions, symptom notes). Used only to adjust prayer and fasting reminders for you, and to display your history on your own device. It is stored in our database under your account and is never shared with advertisers, sold, or sent to any third party. It is purged when you delete your account.
- Prayer completion logs and fasting records. Used for streaks, stats, and reminders.
- Daily Check-In reflections (mood, intention, gratitude, sleep wind-down). Used to render your check-in history and (optionally) provide AI suggestions.
We do not write to Apple Health or Google Health Connect, and we do not read data from them.
3. Service providers (sub-processors)
We use the following providers to operate Waqtify. Each row lists exactly what data leaves your device and reaches that provider.
| Provider |
Purpose |
Data we send |
Retention |
| Cloud database provider (US region) |
Primary database for storing account data. |
All account data, content, settings, and OAuth tokens. |
For the life of your account. Deleted within 30 days of account deletion (most rows immediately). |
| Application hosting provider |
Hosts the backend API and marketing site. |
Standard request metadata (IP, user-agent, path, timing) for the duration of each request. |
Standard hosting log retention (≤ 30 days). |
| Anthropic (Claude) |
Powers the AI Daily Planner and AI Personal Assistant. |
Your prompts, the assistant's previous turns in the conversation, and any context Waqtify attaches (e.g. today's tasks, prayer times, your memory facts). |
Not used for model training. Anthropic may retain inputs/outputs for up to 30 days for trust & safety review. |
| Open-Meteo |
Weather context (temperature + forecast) shown in the Daily Check-In and AI assistant. |
Coarse-bucketed latitude / longitude only (rounded to roughly the nearest city block). No account identifier, no name, no email. |
Cached server-side for 15 minutes; not retained per-user. |
| Google (Sign-In + Calendar API) |
Sign in with Google and (optionally) sync your Google Calendar events into Waqtify. |
Sign-in: your Google profile (name, email, picture). Calendar: read-only access (calendar.readonly) to list and read events from the calendars you authorize, plus write access (calendar.events) used only to update an event when you reschedule or edit it from inside Waqtify. We do not create new events on your Google Calendar, modify access controls, or touch calendars you have not explicitly enabled. |
OAuth token kept until you disconnect or delete your account. Events are fetched on demand and not stored. |
| Microsoft (Graph API) |
Optional Microsoft Outlook calendar sync. |
Read-only access to the Outlook calendars you authorize. |
OAuth token kept until you disconnect or delete your account. Events are fetched on demand and not stored. |
| Apple (Sign in with Apple) |
iOS authentication. |
Apple's anonymized user identifier; your real or relay email if you choose to share it. |
Refresh token retained so we can revoke your Apple session when you delete your account. Revoked and deleted at that point. |
| Stripe |
Subscription billing on the web. |
Your email and the Waqtify customer ID. Payment card details are entered directly into Stripe — we never see them. |
Per Stripe's policy. Subscription metadata is retained for tax and dispute purposes per applicable law. |
| RevenueCat |
Subscription management for iOS (App Store) and Android (Google Play) in-app purchases. |
A pseudonymous Waqtify user ID, the product purchased, and entitlement status. We do not send your name, email, or payment info. |
Retained by RevenueCat per their policy for billing reconciliation. |
| Apple App Store / Google Play |
Processes iOS / Android in-app purchases. |
Handled entirely by Apple or Google under their terms. Waqtify does not see your payment method. |
Per Apple / Google policy. |
| Expo Push Service |
Delivers push notifications (prayer reminders, task reminders, AI nudges). |
Your Expo push token, the notification title, body, and metadata. |
Push tokens are deleted when you sign out or delete your account. |
| Transactional email provider |
Delivers transactional email (password reset, account notifications) and support emails when you submit in-app feedback. |
Your email address and the message content. |
Retained only as long as required to deliver the message; we do not use this provider for marketing email. |
| Al Quran Cloud API |
Fetches Quranic verses for the Focus Mode and Daily Check-In. |
No personal data is sent — only the verse reference being requested. |
n/a |
We do not sell, rent, or trade your personal information. We do not use any analytics or advertising SDKs.
4. How we use this information
- To run the core product: timeline, scheduling, prayer times, reminders, and tracking.
- To sync your data across the devices signed into your account.
- To process subscription payments and apply your Premium entitlement.
- To deliver push notifications you've opted into.
- To answer your questions via AI features when you ask them.
- To investigate and respond to feedback and bug reports you submit through the app.
- To detect abuse, prevent fraud, and enforce our Terms of Service.
- To comply with legal obligations.
5. Voice data
Waqtify includes a text-to-speech narration feature for the Daily Check-In modal (optional; off by default). When you enable voice narration:
- The text content of each check-in slide (e.g. Names of Allah, Quran verses, weather context, your task list) is sent to Google Gemini TTS for synthesis into audio.
- The resulting audio is streamed to your device and played. Waqtify does not record your voice. This is one-way synthesis only — text in, audio out.
- To reduce API calls and improve load speed, synthesised audio may be cached on Waqtify's servers for up to 7 days and reused for identical text. Cached audio does not contain any personal identifiers.
- Text sent for synthesis may include content you have entered (task titles, note excerpts, names). No other personal data (email, account ID, cycle data, prayer logs) is included in TTS requests.
- Google processes TTS requests under the Google Cloud Data Processing Terms. Google does not use these inputs to train its models.
The AI Planner and AI Personal Assistant also support voice input (speech-to-text) for composing messages. When you use the microphone button:
- Your audio is processed on-device by the operating system's built-in speech recognition (iOS or Android). Waqtify does not transmit raw audio to any server.
- The transcribed text is then sent to Anthropic (Claude) as a normal chat message under the same terms described in Section 3.
6. Data security
Data in transit uses TLS. Passwords are hashed with bcrypt at cost factor 12. OAuth tokens for connected calendars are stored encrypted at rest. Our backend enforces per-route rate limits, request size caps, a strict CORS allow-list, and structured request logging that excludes auth and admin response bodies.
The Waqtify web app uses browser localStorage to store your authentication token. This is strictly necessary for the web app to function and does not require consent. We do not set advertising cookies, tracking pixels, or any third-party cookies.
7. Data retention & account deletion
We keep your personal data for as long as your account is active. You can permanently delete your account at any time from Settings → Account → Delete Account inside the app. When you do:
- Your account row and all linked content (tasks, events, fasting, prayer logs, cycle records, notes, AI memory, chat history, calendar links, push tokens, subscription history) are hard-deleted from our database. Most rows go immediately; any residual logs are purged within 30 days.
- If you signed in with Apple, your Apple refresh token is revoked with Apple's revoke endpoint, ending Sign in with Apple from our side.
- If you have an active web subscription, it is cancelled immediately.
- If you have an active iOS or Android subscription, it continues to renew until you cancel it in the App Store or Play Store — Apple and Google control that billing.
- An audit row is written to record that a deletion occurred (deletion timestamp, billing source, whether Apple revoke and Stripe cancel succeeded). This row contains no name, email, or other personal data.
8. Your rights
You have the right to:
- Access the personal data we hold about you (email team@waqtify.app).
- Correct inaccurate data — most fields are editable directly in the app.
- Delete your account and associated data using the in-app flow described above.
- Withdraw permission for location, notifications, calendar access, or voice features at any time from your device settings.
- Object to or restrict processing where applicable under your local law.
9. International transfers
Our servers and most of our processors are hosted in the United States. If you use Waqtify from outside the US, your data will be transferred to and processed in the US under standard contractual terms with our processors.
10. Children's privacy
Waqtify is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please email us and we will delete it.
11. Changes to this policy
We will update the "Last updated" date at the top whenever this policy changes. For material changes, we'll surface a notice in the app on your next launch.
12. Contact
Questions or requests: team@waqtify.app