Privacy Policy

1. Collection of sensitive personal information

Given the nature of Sidrat as an Islamic lifestyle platform, we may collect and process information that reveals religious beliefs — including prayer habit tracking, Zakat calculations, Quran reading history, dhikr counts, and spiritual goals.

By using Sidrat, you provide explicit consent for us to process this sensitive data to provide the app’s core spiritual features. This processing is governed by your consent under PIPEDA Principle 3 and GDPR Article 9(2)(a). You may withdraw consent at any time by deleting your account, which removes all associated data from our systems.

2. Data we collect

• Identity data: name, email address, and profile preferences.
• Spiritual practice data: prayer events, Quran reading position, sunnah deed completion, dhikr counts, tree state, and reflections. Stored locally on your device by default; cloud sync is opt-in.
• Financial data: information you enter for Zakat calculations is stored encrypted in our Canadian database. We never store bank login credentials. If you connect financial accounts through our integrations (e.g., AltaMark), we store only encrypted access tokens in Microsoft Azure Key Vault — we never see or store your bank usernames or passwords.
• Location data: we request location access solely to provide accurate prayer times and Qibla direction. Location is used in real-time and not stored or transmitted to our servers unless you explicitly enable location history.
• Usage data: anonymous analytics on how you interact with the app to improve user experience. We never associate spiritual practice data with analytics events.
• Device data: device type, operating system version, and language preferences for technical support and bug investigation.

3. How we use your data

• To provide and personalize the app’s core functionality
• To deliver notifications you have requested (prayer reminders, sunnah suggestions, reading reminders)
• To improve the app through anonymized usage analysis
• To respond to your questions and support requests
• To comply with legal obligations

We do not sell your data. We do not share your spiritual practice data with advertisers, marketers, or any third party. We do not use your spiritual data for behavioral profiling or targeted advertising.

4. Third-party processors

To deliver our service, we use the following third-party processors, each operating under data processing agreements with Sidrat Digital Inc.:

• Supabase Inc. — database hosting in the Canada Central region (ca-central-1)
• Microsoft Azure — application hosting, key vault for encrypted credentials, and application monitoring, all in Canada Central
• Microsoft 365 — email infrastructure for our info@sidrat.io address
• Cloudflare Inc. — DNS and content delivery for our website
• Apple Inc. and Google LLC — app store distribution and subscription processing

All processors are bound by contractual obligations to handle your data only as we instruct. We do not authorize processors to use your data for their own purposes.

5. Data storage and residency

As a Canadian corporation, your data is processed in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). All data is stored in Canada (Canada Central region). We use industry-standard encryption (AES-256) for all data in transit and at rest.

Spiritual practice data is stored locally on your device by default. Cloud sync to our Canadian servers is opt-in through the app’s settings.

6. Data retention

We retain your personal data for as long as your account is active. If you delete your account, we permanently erase all your data within 30 days. Anonymized analytics data with no link to your identity may be retained for product improvement purposes.

7. Your rights

Under PIPEDA, GDPR (where applicable), and other privacy laws, you have the following rights:

• Right to access — you may request a copy of your personal data
• Right to correction — you may request correction of inaccurate data
• Right to deletion — you may request permanent erasure of all your data
• Right to portability (PV-07 commitment) — you may export all your spiritual practice data as JSON and PDF at any time, free of charge, from the app’s Settings
• Right to withdraw consent — you may withdraw consent for sensitive data processing at any time

To exercise any of these rights, contact us at info@sidrat.io. We will respond within 30 days.

8. Children’s privacy

Sidrat is intended for users aged 13 and older. Children under 13 may use Sidrat only as part of a Family Plan account with explicit parental consent and parental oversight of all data collection, in compliance with the Children’s Online Privacy Protection Act (COPPA) and the GDPR-K rules for European users. Family Plan child accounts have minimal data collection, no behavioral tracking, no location tracking, and no targeted notifications.

If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information immediately.

9. Security and breach notification

We implement industry-standard technical and organizational measures to protect your data, including AES-256 encryption, secure key management via Azure Key Vault, and regular security reviews. No system is perfectly secure, however. In the event of a data breach that creates a real risk of significant harm, we will notify affected users and the Office of the Privacy Commissioner of Canada as required under PIPEDA Section 10.1.

10. International users

If you use Sidrat from outside Canada, your data is transferred to and processed in Canada under Canadian privacy law (PIPEDA). By using Sidrat, you consent to this transfer.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified through the app and via email if you have provided one. The “Last Updated” date at the top of this policy reflects the most recent changes. Continued use of Sidrat after changes constitutes acceptance of the updated policy.

12. Contact

For questions about this Privacy Policy, to exercise any of your privacy rights, or to file a complaint, please contact us:

You may also file a complaint with the Office of the Privacy Commissioner of Canada if you believe we have violated your privacy rights.