Privacy Policy

Last updated: 25 May 2026

Ameen ("we", "us", "the app") is a Muslim couples & families app for sharing du'as and memorising the Sunnah together. This policy explains what data we collect, how we use it, and your rights.

If you have questions, email salaam@ameenapps.com.

1. What we collect

Account data (when you sign up)

• Your name (or chosen display name)
• Your email address
• An anonymous unique ID generated by our auth provider

Content you create

• Du'as you share with your groups (which du'a you sent, when, optional note)
• Custom "asked for du'a" messages you post to your groups
• Groups you create or join, including the group name and your role
• Your memorisation progress for individual du'as

Address book (only if you explicitly tap "Find people you know")

• Email addresses and phone numbers from your iOS Contacts app are one-way hashed (SHA-256) on your device before any lookup
• We never transmit, store, or see the original contact details — only the hash
• The hash is matched against other Ameen users so we can suggest mutual connections

Device data

• An Apple Push Notification token, so we can notify you when a family member sends you a du'a
• Crash reports and diagnostic logs (no personal content)

What we don't collect

• Location
• Photos or photo metadata (the screenshot OCR feature runs entirely on your device — no image leaves your phone)
• Browsing or web activity
• Any analytics or tracking SDKs (no Google Analytics, no Facebook SDK, no third-party trackers)

2. How we use it

• To make the app work — show you your groups, sync du'as you've shared, deliver push notifications when someone sends you one
• To match contacts you already know — only when you tap "Find people you know" and only against hashed values
• To authenticate you — verify it's you signing in
• To support you — respond to bug reports or questions you send us
• To improve the app — debug crashes (no personal content in crash reports)

We do not sell your data. We do not use it for advertising. We do not share it with third parties for marketing.

3. Where it lives

• Accounts, du'a content, group membership, and memorisation progress are stored on Supabase (PostgreSQL) — our backend provider, hosted in the EU
• Push notifications are delivered via Apple Push Notification service (APNs)
• The app caches your data locally on your device for offline access

Supabase and Apple act as data processors under our instructions. Their privacy commitments apply alongside this policy.

4. Who can see what

• Du'as you send to a specific person are visible to that person only
• Du'as you send to a group are visible to every member of that group at the time of sending
• Your group memberships are private to you — other people only see groups they're also in
• Your memorisation progress is private to you

We (the operators) have technical access to the database for support and security purposes, but we don't read individual content unless we have to (e.g. investigating a bug you reported).

5. How long we keep it

• Account data: as long as your account exists
• Du'a content: indefinitely while your account exists, so your family can re-read it
• Push tokens: refreshed each time you launch the app; old tokens are auto-cleaned when Apple rejects them
• Hashed contact lookups: not stored — used only for the one-off match

If you delete your account (see section 7), all of the above is wiped within 30 days.

6. Children

Ameen is intended for users aged 13 and over (the App Store minimum age category). We don't knowingly collect data from children under 13. If you believe a child has signed up, email us and we'll delete the account.

7. Your rights

You can:

• See your data — most of it is visible in the app. Email us if you want a full export.
• Edit your data — change your display name, leave groups, remove individual du'as from your inbox
• Delete your account — Settings (in the People tab) → Sign out + reset local data, then email us asking for full deletion. We'll wipe your server-side data within 30 days.
• Withdraw consent for contact matching — just don't tap "Find people you know". We never auto-scan contacts.

Under GDPR / UK GDPR you also have rights to data portability, restriction of processing, and lodging a complaint with your local data protection authority.

8. Security

• All data in transit is encrypted (TLS)
• Passwords are stored hashed (bcrypt via Supabase Auth)
• Contact emails/phones are SHA-256 hashed on your device before being sent for matching
• The APNs signing key is stored as an encrypted secret in our backend
• We follow the principle of least privilege for who can access production data

If you find a vulnerability, email us and we'll fix it fast.

9. Changes to this policy

If we change this policy materially, we'll update the "Last updated" date at the top and notify active users via a one-time in-app banner.

10. Contact

Email: salaam@ameenapps.com
App: Ameen — Muslim families share du'as
Bundle ID: com.ameenapp.ios

Home · Terms · salaam@ameenapps.com