Privacy Policy

PrayPath is a mobile application providing Islamic worship tools including prayer times, dhikr tracking, Quran reading progress, and personal dua management.

This Privacy Policy has been prepared in accordance with the Turkish Personal Data Protection Law (KVKK, Law No. 6698) and the EU General Data Protection Regulation (GDPR).

Data Controller: PrayPath Contact: hello [at] praypath [dot] app

• Email address and password (for account creation) • Location (to calculate prayer times — only while the app is open, stored at city level only) • Dhikr sessions and reading progress data • Preferences and settings (language, notification times, etc.) • Device type and operating system (for technical support and debugging) • Advertising identifier (iOS IDFA / Android Advertising ID) and general network info — only on the Free tier, via Google AdMob for ad delivery. We obtain consent through App Tracking Transparency on iOS and Google User Messaging Platform in the EEA/UK; if you do not consent, only non-personalized ads are shown. Pro subscribers are not subject to this data collection. • Optional — gender and birth date: requested only when you use the missed-prayers (Qada) calculator, so the menstrual-cycle exemption can be computed accurately. You may leave these fields blank or remove them at any time; they are processed as special-category data under KVKK Art.6 / GDPR Art.9 with explicit consent.

We do not store credit card or payment information; subscription payments are processed through Apple App Store or Google Play.

We use the collected data for the following purposes:

• Prayer time calculations and personalized notifications • Saving and syncing your progress (dhikr, hatim, personal duas) • Monitoring app performance and resolving errors • Managing your subscription status • Serving ads on the Free tier (using only the advertising identifier and general network data; see the Advertising section below)

We do not use your personal content (duas, dhikr, intentions, prayer logs) for advertising or marketing, and we do not sell your data to third parties.

We share your data with the following providers to deliver the service:

• Supabase — database and sign-in (AWS Frankfurt / eu-central-1 region) • PostHog — product analytics, hosted on EU Frankfurt servers (on by default; opt-out) • Sentry — error reporting (no personal content or screenshots) • RevenueCat — subscription management • Apple / Google — in-app purchase processing • Google AdMob — ad delivery and performance measurement (Free tier only; Pro subscribers see no ads)

Prayer times are computed locally on your device; your location is not sent to any third party for prayer-time calculation.

Product analytics relies on the legitimate-interest basis (KVKK Art. 5(2)(f) / GDPR Art. 6(1)(f)) — your identity is pseudonymous (a stable user ID, no name/email in events). Only counters and metadata (e.g. "prayer_logged: fajr") are sent. EEA users additionally see a Google UMP consent screen; declining turns analytics off. You can change the preference any time from Settings → Privacy inside the app.

User-written content such as personal duas, intentions, prayer-log notes, and custom dhikr names is never sent to any analytics or advertising service.

KVKK Art. 9 international transfers: Supabase (EU Frankfurt), PostHog Inc. (EU Frankfurt) and Sentry (EU) operate in GDPR-adequate regions; Standard Contractual Clauses (SCCs) in their Data Processing Agreements (DPAs) apply for KVKK transfers. RevenueCat (US) and Apple/Google/AdMob (international) are also covered by SCCs and signed DPAs.

Your data is not shared with any other party unless required by law.

We request access to your device's location to accurately calculate prayer times. Location data:

• Is only used while the app is in the foreground • Is stored locally on your device as a city name • Full coordinates are not stored on our servers • You can switch to manual city entry in settings at any time

Your data is transmitted over encrypted HTTPS connections. Supabase infrastructure is GDPR and SOC 2 compliant.

Data retention periods: • Account data: Until you delete your account • Dhikr and hatim history: Until you delete your account • Location data: Only last city name stored on device • Error logs (Sentry): 90 days • Analytics data: 14 months (Google policy)

Deleting your account permanently removes all personal data.

PrayPath shows ads on the Free tier via Google AdMob. Pro subscribers see no ads at all.

What AdMob collects: • Advertising identifier (iOS IDFA / Android Advertising ID) • General network and device info (IP address, device model, OS version) • Approximate location (derived from IP — not precise GPS) • Ad interaction data (impressions, clicks)

We obtain consent for personalized ads through: • iOS: App Tracking Transparency (ATT) system dialog • European Economic Area + United Kingdom: Google User Messaging Platform (UMP) consent screen

If you do not consent, or if no consent could be obtained in the EU, only non-personalized (contextual) ads are shown. You can reset your advertising identifier or fully opt out of tracking from your device settings (iOS: Settings → Privacy & Security → Tracking; Android: Settings → Google → Ads).

Our AdMob account uses content-rating settings that aim to exclude categories such as alcohol, gambling, dating, and explicit content; however, final ad serving is controlled by the AdMob network.

To remove ads entirely, upgrade to PrayPath Pro.

Under KVKK (Article 11) and GDPR, you have the following rights:

• Learn whether your personal data is being processed • Request access to processed data • Request correction of incomplete or inaccurate data • Request deletion or destruction of your data (Settings → Delete Account) • Request that third parties be notified of processed data • Object to results produced by automated analysis against you

To exercise your rights, contact hello [at] praypath [dot] app.

PrayPath is not intended for children under 13. We do not knowingly collect personal data from children. If we become aware of such a situation, we will promptly delete the relevant data.

By creating an account, you confirm you are at least 13 years old.

We may update this policy from time to time. We will notify you of significant changes via an in-app notification or email. You can always see the current date at the top of this page.

For privacy-related questions:

hello [at] praypath [dot] app