PocketMusala Privacy Policy

Privacy is part of the product.

PocketMusala is built around a simple principle: collect less, protect what is needed, and give people meaningful control over what they share.

Last updated June 12, 2026 No sale of personal data No third-party ad network

1. Overview

This Privacy Policy explains how PocketMusala collects, uses, shares, protects, and retains information when you use the PocketMusala mobile apps, website, Developer Platform, widgets, TV/display surfaces, APIs, and related services.

PocketMusala includes prayer tools, mosque discovery, community posts, comments, events, announcements, products, dua requests, notifications, direct chat, mosque administration, developer integrations, and related safety and moderation systems.

We do not sell personal information. We do not run a third-party advertising network. We do not collect data because it might be useful someday. Where we need data, it should have a clear purpose tied to operating, securing, improving, or supporting PocketMusala.

This policy describes the product as implemented and operated today. Some features may be gated by platform, region, release version, account type, or moderation state.

2. Information we collect

The exact data collected depends on how you use PocketMusala.

Category Examples Why it is needed
Account and profile data Firebase Auth user id, email address, sign-in method, username, display name, profile photo, bio, website/social links, privacy preference, screenshot preference, account state, verification state, subscription or entitlement status. To create your account, show your profile where you choose, enforce privacy and safety rules, and maintain access to account-specific features.
Community and mosque data Mosque or community name, address, public location, time zone, prayer times, announcements, events, products, amenities, public contact fields, administrators, ownership, and profile media. To display mosque information, support mosque administration, power discovery, and keep official community data current.
Content you create Posts, comments, dua requests, event details, product details, uploaded media, reports, moderation appeals or review context, and public or restricted content visibility choices. To publish, display, moderate, route, and protect user and community content according to your chosen visibility and our safety rules.
Direct chat data Conversation ids, participant ids, device public keys, encrypted message envelopes, encrypted media metadata, generic push notification data, delivery/read operational state, and local encrypted-media cache data. To deliver direct chat while avoiding server-readable message plaintext. Local private keys are not backed up to PocketMusala servers.
Location and prayer context Location permission state, coordinates you allow the app to use for nearby mosque search, Qibla, prayer calculation, address search, and mosque/event/merchant locations you choose to save. To provide prayer, Qibla, discovery, address, time zone, and mosque profile features. We do not need location for every feature.
Device, app, and diagnostics data App version, platform, environment, push token, device registration for chat, Remote Config values, crash reports, app logs, performance events, screen and click analytics, and security signals such as App Check. To operate the app, prevent abuse, debug crashes, measure reliability, and understand whether core flows work.
Payment and subscription data Purchase status, entitlement state, product identifiers, subscription events, and store-side transaction metadata received through app stores or RevenueCat. To unlock paid features, prevent entitlement mistakes, and support subscription management. PocketMusala does not receive full card numbers from app stores.
Developer Platform data Mosque owner account id, integration labels, API key prefix, hashed or encrypted API key records, scopes, widget/display token metadata, request ids, gateway or rate-limit metadata, and audit logs. To let mosque owners manage least-privilege integrations and investigate API activity without exposing raw credentials in logs.

3. How we use information

  • Provide core app features such as prayer times, Qibla, mosque discovery, profiles, posts, comments, events, products, dua requests, chat, notifications, search, widgets, TV/display surfaces, and developer APIs.
  • Authenticate users, maintain sessions, recover account state, enforce account deletion, and prevent unsupported or unsafe sign-up flows.
  • Apply your privacy settings, profile visibility, content visibility, notification preferences, screenshot protection choices, block relationships, and parental or guardian restrictions where available.
  • Operate safety systems, including reports, moderation review, proactive content checks, user restrictions, anti-spam controls, and legal or abuse investigations.
  • Send notifications you request or that are needed for the service, including generic direct-chat pushes that do not include message plaintext.
  • Measure reliability and improve the product with limited analytics, crash reports, performance telemetry, and support diagnostics.
  • Process purchases, subscriptions, entitlements, refunds, and account status related to paid features.
  • Comply with applicable law, platform requirements, tax/accounting obligations, safety obligations, and valid legal requests.

4. When information is shared

We share information only when it is needed to provide PocketMusala, when you direct us to share it, when content is public or intentionally visible to others, or when required for safety, legal, or operational reasons.

Public and community-visible sharing

Your username, display name, profile photo, public profile fields, public posts, public dua requests, public comments, public mosque/community information, events, announcements, products, and other public content may be visible to other users and, in some cases, on public web or widget surfaces. Private, followers-only, author-only, deleted, blocked, or moderated content should be limited according to the applicable product rules.

Service providers

We use service providers to run the product. These may include Google Firebase and Google Cloud services, Firebase Authentication, Firebase Cloud Messaging, Firebase Remote Config, Firebase Crashlytics, App Check, Mixpanel, RevenueCat, Apple App Store, Google Play, Mapbox, Google Places, Algolia, Stream moderation, OpenAI for mosque prayer-schedule parsing, Giphy, Kalimat, Discord moderation notifications, and support/contact tooling. These providers process data for the features they support and may have their own privacy terms.

AI and moderation processors

Mosque prayer schedule import may send extracted schedule text or table cells to OpenAI for parsing. The implementation is designed not to send account identifiers, mosque names, uploader identity, or raw file bytes for that parser flow today. Content moderation may send relevant text, media URLs, snapshots, and context to Stream so unsafe content can be reviewed or restricted.

Legal and safety sharing

We may disclose information if we believe it is necessary to comply with law, enforce our terms, protect users, prevent fraud or abuse, respond to valid legal process, investigate security incidents, or protect the rights and safety of PocketMusala, users, mosques, communities, or the public.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. If that changes, this policy will be updated before the practice begins and any required opt-out controls will be provided.

5. Your privacy controls

  • Account privacy: You can choose Public, Friends Only, or Private profile privacy where the setting is available. This affects follow behavior, profile-related access, and visibility rules for supported surfaces.
  • Content visibility: Supported posts and dua requests can use visibility choices such as public, followers, private, or anonymous, depending on account privacy and content type.
  • Screenshot preferences: Some profile and chat surfaces include screenshot or screen-recording protections. Android can block protected captures with system APIs. iOS cannot block the screenshot gesture itself, but protected content can be excluded from captured output where supported.
  • Notifications: You can manage social notification preferences, followed-author notifications, managed-community notifications, reminders, and device push state where those controls are available.
  • Blocks and safety controls: Blocking, moderation restrictions, account state, and guardian restrictions can limit profile, follow, chat, group, content, and discovery interactions.
  • Location permissions: You can grant, deny, or revoke device location permission through your device settings. Some prayer, Qibla, nearby search, and address features may work differently without location access.
  • Account deletion: Registered users can request account deletion in the app. The current backend deletes the Firebase Auth account and then removes the matching user row from the canonical data store, with database cascade behavior for related rows where configured.

6. Retention and deletion

We keep information only as long as needed for the purpose it was collected, unless a longer period is needed for security, legal, audit, dispute, backup, tax/accounting, or abuse-prevention reasons.

  • Account data is kept while your account is active. Account deletion removes the account and cascades many related records according to the current database model, but some logs, audit records, backups, payment records, legal records, or moderation evidence may remain where necessary.
  • Direct chat private key material is stored locally on your device, not backed up by PocketMusala. Logout, account switch, account deletion, or explicit app data reset may delete local chat key material and make old encrypted messages unreadable.
  • Mosque prayer schedule source uploads are private to authorized mosque managers. Source file bytes are designed to auto-delete after the import stops progressing, generally within 90 days, with a storage lifecycle backstop around 97 days. Extracted raw text and tables are not persisted by design.
  • Developer Platform audit records, key status history, request metadata, and security records may be retained to protect mosque owners, investigate integration issues, and prevent credential abuse.
  • Local app caches may store content on your device to make the app faster or usable during refreshes. You can remove local data by using app or device controls, signing out, deleting your account, or clearing app data where available.

7. Children and guardians

PocketMusala is not intended to knowingly collect personal information from children under 13 without appropriate parent or guardian consent. If you believe a child has provided personal information without the required consent, contact us so we can review and delete or restrict the information as appropriate.

Where parental controls are available, guardians may manage child safety settings, chat/contact permissions, social feature access, allowlists, and audit history. The current product design intentionally avoids storing date of birth unless a later legal or privacy review explicitly requires it.

Guardian permissions do not override bans, suspensions, blocks, moderation restrictions, deleted accounts, or other safety gates.

8. Security

We use technical, organizational, and product safeguards intended to protect information, including authenticated access, server-side permission checks, Firebase and Google Cloud security controls, least-privilege developer credentials, key hashing or encryption, moderation gates, storage rules, and limits on sensitive logging.

No service can guarantee perfect security. Keep your login credentials private, protect your devices, do not share API keys or display/widget tokens publicly, and tell us quickly if you believe your account or integration has been compromised.

9. Your privacy rights

Depending on where you live, you may have the right to request access to personal information, deletion, correction, portability, restriction or objection to certain processing, withdrawal of consent, or an appeal of a privacy decision. Some rights have exceptions, including security, legal, fraud-prevention, audit, and free-expression exceptions.

California residents may have rights to know, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and be free from discrimination for exercising privacy rights. PocketMusala does not sell personal information or share it for cross-context behavioral advertising.

To make a request, contact us using the method below. We may need to verify that you control the account or email address connected to the request before acting on it.

10. International use

PocketMusala may process and store information in the United States or other countries where our service providers operate. Those countries may have data protection laws different from the laws where you live. We use service providers and safeguards intended to protect information according to this policy.

11. Changes to this policy

We may update this Privacy Policy as PocketMusala changes. If a change materially affects your privacy rights or how we use personal information, we will update the effective date and provide additional notice when required.

12. Contact

For privacy questions, deletion requests, access requests, safety concerns, or support, contact PocketMusala through the public contact form or community channels linked from the website.

Contact PocketMusala