I am Muslim is a positive affirmation app that delivers Islamic affirmations, duas, and gentle reminders. This Privacy Policy explains what data the app handles, how it is stored, and the rights you have over it. We aim for plain language — if anything is unclear, please get in touch.
Data We Collect
- Account: an anonymous user ID is created automatically the first time you open the app — no email or login is required to use it. You can optionally upgrade to a Google or Apple sign-in via Supabase Auth, which links your data across devices.
- Profile: an optional display name (used only for personalization tokens like "Ya {name}" in affirmations).
- Onboarding answers: about twenty optional choices you make during the welcome flow (age group, faith level, mood, mood factors, mental-health habits, life goals, struggles, improvement goals, time commitment, streak goal, and similar). These power the personalized affirmation feed.
- Engagement: the affirmations you like or save, your daily streak (current, longest, last active), and your recently viewed history.
- Subscription: free or pro status, trial start date, and expiration — synced from RevenueCat after a purchase or restore.
- Analytics events (no name, email, or affirmation content): screen views, onboarding step completions, affirmation likes and shares, category/theme/icon selections, subscription events, and streak milestones. Firebase Analytics also automatically collects a device advertising identifier (IDFA on iOS / GAID on Android) and your IP address — standard behavior for that SDK.
- Crash reports: device model, OS version, app version, a stack trace, your IP address, the anonymous user ID, and a short trail of in-app navigation events (up to 50) leading up to a crash — sent to Sentry when something goes wrong. Crash reports never include affirmation content, onboarding answers, your photo selections, or other free-text input you provide.
- Push notification token (via OneSignal): only created if you grant notification permission, and used to deliver reminder notifications. OneSignal also collects standard delivery metadata — device model, IP address, timezone, locale, and last-active timestamp — which is how SDKs of this kind route notifications reliably.
Where Your Data Is Stored
- Supabase (cloud database) stores your account, profile, onboarding answers, and subscription status. Row Level Security (RLS) means a user can only read their own rows.
- Your device (MMKV local storage) stores everything that does not need a server: favorites, streaks, recently viewed, theme and icon preferences, custom background image, font and color customizations, daily-gift state, and the offline content cache. This data never leaves the device.
- The native iOS Keychain / Android Keystore stores your Supabase session token securely.
Photos & Device Access
When you choose a custom theme background, the app reads one image you select from your photo library. The image is cropped on-device and saved to the app's local storage. It is never uploaded to our servers, never shared with third parties, and never used for analytics.
We do not access the camera, microphone, contacts, location, calendar, or health data. The notification permission is optional.
Third-Party Services
We rely on a small number of trusted services to run the app: