Privacy Policy
Effective date: June 28, 2026
Application: Hira — a Quran companion app for reading and listening to the Quran, prayer times and Qibla, spiritual habit tracking, and Arabic learning (the "App").
Data controller: Dzianis Maliush, an individual entrepreneur (IE) registered in Georgia, "we", "us", or the "Controller".
Privacy contact: support-yantra.group.inc@gmail.com
Address: Georgia, Batumi, Giorgi Leonidze Street, N 4e, Building 2, Apartment 75
This Privacy Policy explains what data we process when you use the Hira mobile application on iOS and Android, for what purposes and on what legal bases, and what rights you have.
Primary language. This English Policy is the official, legally binding version for international users. Any non-English translation is provided for convenience only; if there is a conflict, this English version prevails, except where mandatory consumer law in your country of residence requires otherwise.
1. Privacy-first design (summary)
Hira is built to minimize data collection:
- Local-first. Most of what you create (reading position, bookmarks, memorization, habits, app settings) is stored on your device. It is synced to our servers only if you choose to sign in for cross-device sync.
- On-device prayer and Qibla. Prayer times and Qibla direction are calculated on your device from your location. Your precise location is not sent to our servers for this purpose.
- No advertising, no tracking. The App contains no advertising SDKs and no cross-app tracking. We do not sell your data.
- Anonymous by default. You can use the App without creating a named account.
2. Categories of data
2.1. Account and authentication data
When you first open the App we create an anonymous account via Firebase Authentication (an anonymous user identifier). If you later choose to enable sync, you may sign in with Apple or Google; we then process the identifiers and email those services provide and that you authorize. We process session tokens needed for secure access.
2.2. App content you create
Data you generate in the App, such as reading progress, bookmarks, memorization (Hifz) items, habit logs and streaks, saved du'as, and preferences. This data is stored on your device and is uploaded to our servers only when you are signed in and use sync.
2.3. Location data
Used only on your device to compute prayer times and the Qibla direction. We do not transmit or store your precise location on our servers. You may instead set a city manually.
2.4. App settings
Language, theme, accent color, reciter and translation choices, reminder and notification settings, and your consent choices (including enabling or disabling AI features).
2.5. Subscriptions and payments
Subscription status, transaction identifiers, and product identifiers are processed by the Apple App Store and/or Google Play and validated on our server. We do not collect or store full payment card numbers.
2.6. AI features and related processing
Optional features generate informational content using automated processing (AI):
| Feature | What is processed | Purpose |
|---|---|---|
| "Explain in simple words" | The selected ayah reference and your language | To show a short, plain-language explanation |
| Learning assistant (chat) | Your questions and the lesson/ayah context you provide | To help you learn Arabic and tajweed rules |
AI text inference runs through Firebase AI Logic (Google Gemini) and related Google Cloud infrastructure acting as our processor. AI outputs are informational only and are not a religious ruling (fatwa) or official tafsir; this is also shown in the App. A voice-based recitation review feature is not included in this version; if added later, audio would be processed transiently for analysis and not stored, and only with your explicit consent.
2.7. Technical and diagnostics data
- Device and OS type/version, device model, app version, and app identifiers.
- Pseudonymized usage events (e.g. screen views) to understand feature use.
- Crash and error diagnostics to improve stability.
- Server logs from requests to our infrastructure (e.g. IP address, timestamps) for service delivery and security.
We do not process advertising identifiers and do not perform App Tracking Transparency tracking.
2.8. Notifications
Reminders (prayer times, habits) are scheduled locally on your device. If push notifications are introduced later and you opt in, we would process a device push token for delivery.
3. Purposes and legal bases
| Purpose | Legal basis (GDPR, where applicable) |
|---|---|
| Provide core App functionality (reading, prayer times, habits) | Performance of a contract / our legitimate interest |
| Optional cloud sync between your devices | Your request / performance of a contract |
| Optional AI features | Your consent |
| Subscriptions and purchase validation | Performance of a contract; legal obligation |
| Security, abuse prevention, diagnostics | Our legitimate interests; legal obligation |
Where we rely on consent, you may withdraw it at any time in the App settings, without affecting prior processing.
4. Recipients and subprocessors
We share data only with providers that process it on our behalf, including: - Google (Firebase) — anonymous authentication, crash reporting, configuration. - Google (Firebase AI Logic / Gemini, Google Cloud) — AI inference for explanation/assistant features. - Sentry — crash and error diagnostics. - Apple App Store / Google Play — subscription processing and validation. - Hosting/infrastructure providers for our backend.
The specific providers may change over time while this Policy continues to apply to the described purposes. We do not sell personal data and do not share it for cross-context behavioral advertising.
5. International transfers
Our providers may process data in countries other than yours. Where required, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) for international transfers.
6. Retention
- On-device data remains until you delete it or uninstall the App.
- Server data (for signed-in users) is retained while your account is active.
- When you delete your account, your server-side data is permanently and irreversibly deleted immediately (it cannot be restored from the App). Diagnostic logs are kept only for a limited period for security and reliability.
7. Security
We use technical and organizational measures appropriate to the risk, including encryption in transit (TLS), restricted access, and secure storage of credentials on the device. No method of transmission or storage is fully secure, but we work to protect your data.
8. Your rights
Depending on your location, you may have the right to access, rectify, delete, restrict, or object to processing, to data portability, and to withdraw consent. In the App you can: - Delete your account and data (immediate, irreversible) from Profile / Settings. - Export your data. - Toggle AI and analytics consents.
To exercise other rights, contact us at the address above. You may also lodge a complaint with your local data protection authority.
9. Children
The App is not directed to children under the age required by your jurisdiction (generally 13, or 16 in parts of the EEA). We do not knowingly collect personal data from children below that age. If you believe a child has provided us data, contact us and we will delete it.
10. Changes to this Policy
We may update this Policy from time to time. Material changes will be indicated by updating the effective date and, where appropriate, by an in-app notice. Continued use after changes take effect constitutes acceptance.
11. Contact
For privacy questions or requests: support-yantra.group.inc@gmail.com.