Privacy Policy

PrayPath is a mobile application providing Islamic worship tools including prayer times, dhikr tracking, Quran reading progress, and personal dua management.

This Privacy Policy has been prepared in accordance with the Turkish Personal Data Protection Law (KVKK, Law No. 6698) and the EU General Data Protection Regulation (GDPR).

Data Controller: PrayPath Contact: hello@praypath.app

• Email address and password (for account creation) • Location (to calculate prayer times — only while the app is open, stored at city level only) • Dhikr sessions and reading progress data • Preferences and settings (language, notification times, etc.) • Device type and operating system (for technical support and debugging)

We do not store credit card or payment information; subscription payments are processed through Apple App Store or Google Play.

We use the collected data for the following purposes:

• Prayer time calculations and personalized notifications • Saving and syncing your progress (dhikr, hatim, personal duas) • Monitoring app performance and resolving errors • Managing your subscription status

We do not sell your data to third parties or use it for advertising.

We may share your data with the following trusted service providers:

• Supabase (database and authentication — EU GDPR compliant, SOC 2) • Firebase Analytics (anonymous usage statistics — Google, US) • Sentry (error reporting — technical logs only, no personal data) • Aladhan API (prayer time calculation — only location coordinates are sent) • RevenueCat (subscription management — Apple/Google purchase ID) • Apple / Google (in-app purchase processing)

Your data is not shared with any other party unless required by law.

We request access to your device's location to accurately calculate prayer times. Location data:

• Is only used while the app is in the foreground • Is stored locally on your device as a city name • Full coordinates are not stored on our servers • You can switch to manual city entry in settings at any time

Your data is transmitted over encrypted HTTPS connections. Supabase infrastructure is GDPR and SOC 2 compliant.

Data retention periods: • Account data: Until you delete your account • Dhikr and hatim history: Until you delete your account • Location data: Only last city name stored on device • Error logs (Sentry): 90 days • Analytics data: 14 months (Google policy)

Deleting your account permanently removes all personal data.

Under KVKK (Article 11) and GDPR, you have the following rights:

• Learn whether your personal data is being processed • Request access to processed data • Request correction of incomplete or inaccurate data • Request deletion or destruction of your data (Settings → Delete Account) • Request that third parties be notified of processed data • Object to results produced by automated analysis against you

To exercise your rights, contact hello@praypath.app.

PrayPath is not intended for children under 13. We do not knowingly collect personal data from children. If we become aware of such a situation, we will promptly delete the relevant data.

We may update this policy from time to time. We will notify you of significant changes via an in-app notification or email. You can always see the current date at the top of this page.

For privacy-related questions:

hello@praypath.app