Privacy Policy – Momin AI
We collect limited data to run the app (location for prayer/Qibla/nearby features, purchases, diagnostics, analytics). No ads; no data sale. Tracking identifiers (IDFA/GAID) run only after consent. AI chat text and images you attach/capture are sent to OpenAI to generate replies—don’t include sensitive data.
Table of Contents
1. What Information We Collect
2. Sources of Data
3. Why We Use Data (Purposes & Legal Bases)
4. Tracking/Identifiers & Your Choices
5. Data Sharing & Processors
6. International Transfers
7. Retention
8. Security
9. Your Rights
10. Children
11. Data Deletion & Opt-Out
12. Do Not Track
13. Changes
14. Contact
15. Annex A – Apple App Privacy
16. Annex B – Google Play Data Safety
1) What Information We Collect
- Precise location (GPS/Wi‑Fi/BLE) for prayer/Qibla/nearby features.
- Coarse location signals inferred from IP by Firebase/Facebook analytics.
- Device/app identifiers: device ID, IDFA/GAID (only after consent), app instance ID, push token, installation ID.
- Network metadata: IP address, locale/region (fraud, geolocation rules, analytics).
- App usage data: screens viewed, taps, feature usage, session timestamps, performance metrics.
- Chat content to AI assistant: prompts/context you type and images you attach or capture; avoid sensitive personal data.
- Crash & diagnostics: crash logs, stack traces, device model/OS version, app version.
- Purchase/subscription data: RevenueCat IDs, product IDs, receipts, entitlements, refunds/cancellations.
- Consent records: Usercentrics status, timestamp, region/rule set.
- Remote config/feature flags from Firebase Remote Config.
- Push tokens & delivery metadata for notifications.
We do not collect contacts, microphone audio, health/fitness, calendars, or SMS data. Photos/camera are accessed only if you choose AI image attachments/capture. Other than AI chat text/images you provide, we do not collect user-generated content. We do not intentionally collect special-category/sensitive data (health, biometric, racial/ethnic origin, religious beliefs, sexual orientation); please do not submit these in chat.
2) Sources of Data
- Directly from you (chat text, chat image attachments/camera captures, support emails).
- Automatically from your device/app usage (analytics, crashes, location if permitted).
- App stores/payment platforms (Apple/Google) via RevenueCat for purchase validation.
- No data from data brokers or unrelated third parties.
3) Why We Use Data (Purposes & Legal Bases)
| Purpose | Examples | Legal basis (EEA/UK/CH) |
|---|---|---|
| Core app functions | Prayer/Qibla/nearby features, navigation, notifications | Contract / Legitimate interest |
| Purchases & subscriptions | Entitlements, receipts, refunds, fraud checks | Contract / Legal obligation |
| Consent management | Usercentrics banner, recording choices | Legal obligation / Legitimate interest |
| Analytics & product improvement | Firebase/Facebook events, feature adoption | Consent (for tracking IDs) / Legitimate interest (aggregated/non-tracking) |
| Crash & reliability | Crashlytics, Sentry diagnostics | Legitimate interest |
| Security & abuse prevention | IP/country checks, throttling, fraud | Legitimate interest / Legal obligation |
| Remote config/experiments | Feature flags, A/B tests | Legitimate interest / Consent when tracking IDs used |
| AI assistant responses | Send prompts and attached/captured chat images to OpenAI to generate replies | Consent |
| Support communications | Handling requests, deletion inquiries | Legitimate interest / Legal obligation |
4) Tracking/Identifiers & Your Choices
- IDFA/GAID and Facebook analytics run only after consent (Usercentrics + iOS ATT).
- Withdraw/disable: in-app privacy/consent (where available); iOS Settings → Privacy & Security → Tracking; Android → Google → Ads (“Delete advertising ID”/“Opt out”); or email us to disable tracking for your device ID.
- No web cookies in the mobile app; SDKs may store local data (e.g., MMKV/AsyncStorage) for functionality, not ads.
5) Data Sharing & Processors (no sale; no third‑party ads)
- Firebase (Google): Analytics, Remote Config, Crashlytics, Cloud Messaging; may receive IP/coarse location. (privacy)
- RevenueCat: Purchases/subscriptions. (privacy)
- Facebook SDK (analytics only): Event logging; may receive IP/coarse location if included. (privacy)
- Usercentrics: Consent management. (privacy)
- Sentry: Error monitoring. (privacy)
- OpenAI (ChatGPT API): Process AI chat text and AI chat image attachments/camera captures to generate replies; may receive IP/device metadata. (OpenAI)
- Apple/Google push services: Notification delivery. (Apple · Google)
- App Store / Google Play billing: Payment processing.
We do not sell or “share” data for cross-context behavioral advertising. We may disclose data if required by law or to protect rights/safety.
6) International Transfers
Data may be processed globally (e.g., US/EU) by the processors above. Where required, we rely on SCCs, adequacy decisions, or equivalent safeguards.
7) Retention
- Consent records: as required by law/regulation.
- Purchases/subscriptions: as needed for tax, accounting, chargebacks.
- Crash logs: typically 90–180 days unless needed longer for an incident.
- Analytics: per provider defaults, generally aggregated.
- Location: only for the active feature/session.
- AI chat logs (our storage, if any): minimal and only as needed to provide the feature; attached image thumbnails may be stored in local chat history on your device (including restored older/saved sessions) until you clear chat data; providers may retain submitted content per their policies.
- When no longer needed, data is deleted or anonymized.
8) Security
TLS in transit; access controls and least-privilege; monitoring and logging; restricted backups. No method is 100% secure—contact us if you suspect an issue.
9) Your Rights & How to Exercise Them
- EEA/UK/CH (GDPR): access, rectification, erasure, restriction, objection, portability, withdraw consent.
- US state laws (e.g., CA/CO/CT/VA/UT and similar): access/know, delete, correct, portability, opt out of sale/share/targeted ads (we do not sell/share), limit sensitive data (we don’t collect it), appeal a denial.
- Canada/other regions: access and correction; withdraw consent where relied upon.
- How: email quantumapps25@gmail.com with your request and device ID/receipt (to locate records). We may verify identity and will respond within legal timelines. You may appeal a denied request via the same email.
10) Children
General-audience app; not directed to children under 13 (or under 16 where applicable). If you believe a child provided data, contact us for deletion.
11) Data Deletion & Opt-Out
- Email quantumapps25@gmail.com with subject “Data Deletion – Momin AI” and your device ID or purchase email.
- To stop tracking quickly: withdraw consent in-app (where offered), use OS tracking controls, or uninstall the app.
- AI chat: do not include sensitive data; request deletion as above. You can also clear chat history in-app to remove locally stored chat thumbnails/content.
12) Do Not Track / Global Privacy Control
Mobile apps lack a uniform DNT standard. If a platform-level signal (e.g., GPC) becomes supported for mobile, we will honor it consistent with law. Currently we rely on in-app consent controls and OS settings.
13) Changes
If we update this policy, we will change the “Effective date” and, where required, provide in-app/store notice. Continued use after changes means acceptance.
14) Contact
Mohammad Rabi
Email: quantumapps25@gmail.com
15) Annex A – Apple App Privacy (Summary)
| Data Category | Data Types | Linked to You | Used for Tracking | Purpose |
|---|---|---|---|---|
| Purchases | Purchase history, subscription status | Yes | No | App functionality, fraud prevention |
| Location | Precise location; coarse location may be inferred by analytics providers | Yes | No | Core features (prayer/Qibla/nearby) |
| Identifiers | Device ID, IDFA/GAID (post-consent), app instance ID, push token | Yes | Yes (IDFA/GAID only, after consent) | Analytics/measurement, notifications |
| Usage Data | App interactions, performance metrics | Yes | No | Analytics, product improvement |
| Diagnostics | Crash logs, performance data | Yes | No | App reliability and support |
| User Content | Text and images you submit in the AI assistant | Yes | No | Provide AI responses/support |
Notes: Contacts, microphone audio, health/fitness, and financial account numbers are not collected. Photos/camera are accessed only when you choose AI image attachments/capture. Tracking applies only to advertising identifiers when you have granted consent/ATT.
16) Annex B – Google Play Data Safety (Summary)
- Data collected: precise location; coarse location inferred from IP by Firebase/Facebook; app activity (interaction events); device/other IDs (device ID, IDFA/GAID after consent, push token); diagnostics (crash/performance); purchase/subscription history; consent signals; user-provided AI chat text and chat image attachments/camera captures.
- Data sharing: processed by Firebase/Google services, RevenueCat, Facebook analytics (events only), Usercentrics, Sentry, OpenAI for chat, and push providers; not sold.
- Purposes: app functionality, analytics, security/fraud, developer communications, subscription management, AI responses.
- Security: encrypted in transit.
- Deletion: request via quantumapps25@gmail.com; uninstalling stops new collection.
- Account: no account required.
- Data sale/ads: no sale; no third-party advertising.