Privacy Policy

Effective Date: March 4, 2026

This Privacy Policy ("Policy") describes the practices of Hifzan ("Company," "we," "us," or "our") regarding the collection, use, disclosure, and protection of personal information obtained through the Hifzan mobile application ("Application" or "Service"). By accessing or using the Application, you ("User" or "you") acknowledge that you have read, understood, and agree to be bound by the terms of this Policy. If you do not agree with any part of this Policy, you must discontinue use of the Application immediately.

1. Information We Collect

1.1 Account Information

When you create an account or authenticate using third-party identity providers (including but not limited to Google and Apple), we may collect your name, email address, unique user identifier, and profile photograph as provided by the respective authentication service. This information is collected solely for the purpose of account creation, authentication, and account management.

1.2 Audio Data

The Application provides recitation analysis features that require access to your device's microphone. When you voluntarily initiate a recitation session, audio data is captured and transmitted to our servers for the sole purpose of speech recognition and recitation accuracy analysis. Audio data is processed on our own servers and is not transmitted to any third-party service providers. Audio recordings may be retained on our servers for the purpose of improving the accuracy and quality of our speech recognition service. You may request the deletion of any stored audio data at any time by contacting us as described in Section 12, or by using the account deletion process described in Section 5.

1.3 Usage and Activity Data

We collect information relating to your use of the Application, including but not limited to memorization progress, session activity, feature interactions, user-configured preferences, device identifiers, device model, operating system version, and application version. This data is collected to enable personalized features, including AI-assisted memorization planning, progress tracking, and adaptive learning recommendations, as well as to diagnose technical issues and improve the Service.

1.4 Device-Local Data

Certain data, including but not limited to Quranic text, audio references, and user preferences, is stored locally on your device to enable offline functionality. This locally stored data is not transmitted to our servers unless synchronization is expressly initiated by the User.

2. Use of Collected Information

We use the information collected for the following purposes:

  • To provide, operate, maintain, and improve the Application and its features;
  • To authenticate your identity and manage your account;
  • To process and analyze recitation audio for the purpose of providing real-time feedback;
  • To generate personalized memorization plans, goals, and recommendations through AI-assisted features;
  • To synchronize your progress and preferences across multiple devices;
  • To communicate with you regarding service-related matters, including updates and policy changes;
  • To diagnose technical issues and monitor Application performance;
  • To comply with applicable legal obligations and enforce our terms of service.

3. Disclosure of Information and Third-Party Service Providers

We do not sell, rent, or trade your personal information to third parties. We do not engage in cross-application or cross-site tracking of users. We may share or disclose your information only in the following circumstances and with the following identified third parties:

  • Google: When you authenticate via Google Sign-In, your name, email address, and profile photograph are exchanged with Google solely to facilitate account authentication. Google's privacy policy governs their handling of this data;
  • Apple: When you authenticate via Sign in with Apple, your name and email address (which you may choose to keep private) are exchanged with Apple solely to facilitate account authentication. Apple's privacy policy governs their handling of this data;
  • OpenAI: We utilize OpenAI's services to power the AI-assisted memorization coaching features of the Application. Text-based interactions with the AI coaching assistant may be transmitted to OpenAI for processing. OpenAI is contractually prohibited from using your data to train or improve their models. No audio recordings or recitation data are transmitted to OpenAI;
  • Legal Compliance: We may disclose personal information where required by applicable law, regulation, legal process, or enforceable governmental request;
  • Protection of Rights: We may disclose information where we reasonably believe it is necessary to protect the rights, property, or safety of the Company, our users, or the public.

4. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, use, alteration, or disclosure. All data transmissions between the Application and our servers are encrypted using TLS 1.2 or higher. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee the absolute security of your information.

5. Data Retention and Account Deletion

We retain your personal information for as long as your account remains active or as necessary to provide the Service. Audio data may be retained as described in Section 1.2 and will be deleted upon account deletion or upon request.

You may delete your account at any time through the account settings within the Application. Upon account deletion, we will remove your personal information from our active systems within thirty (30) days, subject to any legal obligations requiring extended retention. Certain anonymized or aggregated data that cannot be used to identify you may be retained for analytical purposes.

6. International Data Transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you reside. In particular, our servers and third-party service providers (including OpenAI) may operate in the United States. If you are accessing the Application from the European Economic Area ("EEA"), United Kingdom, or other jurisdiction with data protection laws, you acknowledge that your information may be transferred to jurisdictions that may not provide the same level of data protection as your home jurisdiction. We rely on appropriate legal mechanisms, including standard contractual clauses and your consent, to lawfully transfer personal data across borders.

7. Children's Privacy

The Application is not directed to children under the age of thirteen (13), and we do not knowingly collect personal information from children under 13. In compliance with the Children's Online Privacy Protection Act ("COPPA") and equivalent international regulations, if we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take commercially reasonable steps to delete such information promptly. Parents or guardians who believe that a child under 13 has provided us with personal information may contact us at the address set forth in Section 12 to request review or deletion of such data.

8. Your Rights and Choices

Subject to applicable law, you may have the following rights with respect to your personal information:

  • Right of Access: You may request a copy of the personal information we hold about you;
  • Right of Rectification: You may request correction of any inaccurate or incomplete personal information;
  • Right of Erasure: You may request the deletion of your personal information, subject to certain legal exceptions;
  • Right to Restrict Processing: You may request that we limit the processing of your personal information under certain circumstances;
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw such consent at any time without affecting the lawfulness of processing prior to withdrawal;
  • Right to Data Portability: Where technically feasible, you may request a copy of your data in a structured, commonly used, and machine-readable format;
  • Right to Object: You may object to the processing of your personal information for certain purposes, including automated decision-making and profiling.

To exercise any of these rights, please contact us using the information provided in Section 12 below. We will respond to all verifiable requests within thirty (30) days, or within the timeframe required by applicable law.

9. European Economic Area, United Kingdom, and Swiss Residents (GDPR)

If you reside in the European Economic Area, United Kingdom, or Switzerland, the following additional provisions apply:

  • Lawful Basis for Processing: We process your personal data on the following legal bases: (a) your consent, where you have provided it; (b) the performance of a contract with you (i.e., providing the Service); (c) compliance with legal obligations to which we are subject; and (d) our legitimate interests, provided such interests are not overridden by your fundamental rights and freedoms;
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority if you believe that our processing of your personal data violates applicable data protection law;
  • Data Transfers: Transfers of personal data outside the EEA are conducted in accordance with Section 6 of this Policy and are safeguarded by appropriate legal mechanisms as required by the General Data Protection Regulation ("GDPR").

10. California Residents (CCPA/CPRA)

If you are a resident of California, the following additional provisions apply pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"):

  • Categories of Personal Information Collected: In the preceding twelve (12) months, we have collected the following categories of personal information: identifiers (name, email address, unique user ID); internet or electronic network activity information (usage data, feature interactions, device information); audio information (recitation audio, retained for service improvement and deletable upon request); and inferences drawn from the above (memorization progress, personalized recommendations);
  • Sale of Personal Information: We do not sell and have not sold your personal information in the preceding twelve (12) months, as "sell" is defined under the CCPA/CPRA;
  • Sharing for Cross-Context Behavioral Advertising: We do not share your personal information for cross-context behavioral advertising purposes;
  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you;
  • Right to Delete: You have the right to request that we delete your personal information, subject to certain exceptions;
  • Right to Correct: You have the right to request correction of inaccurate personal information;
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a verifiable consumer request, please contact us using the information provided in Section 12. We will respond to verifiable requests within forty-five (45) days as required by the CCPA/CPRA.

11. Changes to This Policy

We reserve the right to modify this Policy at any time. Any changes will be effective upon posting of the revised Policy, with an updated "Effective Date" indicated at the top of this page. Your continued use of the Application following the posting of changes constitutes your acceptance of such changes. We encourage you to review this Policy periodically for any updates. In the event of material changes, we will make commercially reasonable efforts to notify you via the Application or other appropriate means.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or wish to exercise any of your rights described herein, please contact us at:

Hifzan
Email: [email protected]