Legal

Privacy Policy

Effective date: 1 May 2026  ·  Last updated: 1 May 2026
Applies to: D24 Android application and dhikr24.com

01

Who We Are

D24 (operating at dhikr24.com) is a Quran reading accountability application. We are an independent developer and are not affiliated with any institution or organisation. Questions may be directed to shadab.ux@gmail.com.

02

Data We Collect

We collect only what is necessary to provide the accountability features of D24.

  • Account data — email address and display name, provided when you sign up via Supabase Auth.
  • Reading activity — which paras you have marked complete, cycle participation, and streak history.
  • Group data — groups you create or join, your role (member or admin), and assignment history.
  • Location data (optional) — coarse GPS coordinates used only to find masjid reading circles near you and to calculate the Qibla direction. Location is requested only when you use the Masjid Finder or Qibla features and is never stored on our servers.
  • Quran.com account (optional) — if you choose to connect your Quran Foundation account, we store an access token in your device's secure storage. We use it to sync your reading activity to your Quran.com profile. You may disconnect at any time from Account Settings.
  • Device identifiers — anonymous push notification tokens if you enable reminders. No device identifiers are linked to your identity in our database.

We do not collect payment information, contacts, browsing history, or any data unrelated to Quran reading.

03

How We Use Your Data

  • To authenticate you and maintain your account.
  • To track your reading progress and display it to you and your group members.
  • To assign paras within reading circles and display group activity.
  • To send reminders you have configured (optional; can be disabled at any time).
  • To sync reading sessions to your Quran.com profile (only if you have connected your account).
  • To improve the app by reviewing aggregate, anonymised usage patterns.

We do not use your data for advertising, sell it to third parties, or use it to build profiles for any purpose beyond the features described above.

04

Third-Party Services

D24 uses the following sub-processors to operate:

  • Supabase (supabase.com) — database, authentication, and file storage. Your account data and reading history are stored on Supabase infrastructure hosted on AWS (us-east-1). Supabase's privacy policy: supabase.com/privacy.
  • Quran Foundation / Quran.com — Quran text and audio are fetched from the public Quran.com API v4. If you connect your Quran Foundation account, your reading sessions are also posted to their API under your account. Quran Foundation's privacy policy: quran.com/privacy.
  • Formspree (formspree.io) — processes waitlist form submissions on dhikr24.com. Submissions are stored by Formspree and forwarded to our email.
  • Expo / EAS — used to build and distribute the Android application. No user data is passed to Expo beyond standard app telemetry.

No other third parties receive your personal data.

05

Data Retention

Your data is retained for as long as your account remains active. If you delete your account via Account Settings → Delete Account, your profile, reading history, and group memberships are permanently deleted from our database. Residual copies in backup snapshots are overwritten within 30 days.

Location data is never stored — it is used on-device in real time and discarded. Quran Foundation access tokens are stored in your device's secure storage and are cleared when you disconnect or delete your account.

06

Your Rights

Regardless of where you are located, you have the right to:

  • Access — request a copy of the data we hold about you.
  • Correction — update your display name or email via Account Settings.
  • Deletion — delete your account and all associated data at any time.
  • Portability — request an export of your reading history in a standard format.
  • Opt-out — disable reminders, disconnect Quran.com, or revoke location access at any time through your device or app settings.

To exercise any right, contact us at shadab.ux@gmail.com. We will respond within 14 days.

07

Security

All data is transmitted over HTTPS. Supabase enforces Row-Level Security (RLS), meaning database queries are restricted per authenticated user — no user can read another user's private data except through explicitly defined group-sharing rules. Access tokens for Quran Foundation are stored in your device's encrypted secure storage (Android Keystore), not in plain storage.

No security measure is perfect. If you discover a vulnerability, please report it to shadab.ux@gmail.com.

08

Children

D24 is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with data, contact us and we will delete it promptly.

09

Changes to This Policy

We may update this Privacy Policy as D24 evolves. Material changes will be communicated via in-app notification or email before they take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continuing to use D24 after changes take effect constitutes acceptance.

10

Contact

D24 / dhikr24.com

Email: shadab.ux@gmail.com

WhatsApp: +92 322 2944855

We are a small team. We read every message and respond personally.