What we collect
Supabase (encrypted at rest)
Supabase
On-device only. Apple's Family Controls framework — we never see the actual app bundle identifiers.
On-device only. Never transmitted.
Supabase. We do not store which app you bypassed.
Supabase. Only totals — never per-app, per-hour, or per-intention data.
Stripe (PCI-compliant). We never see your card number.
RevenueCat + Supabase mirror
What we never collect
- Your contacts, calendar, photos, mic, or camera. The app does not request these permissions.
- Location data — except for the Qibla compass + prayer times, which run entirely on-device and never transmit your coordinates.
- Browsing history. Sadd does not see, intercept, or log anything you do outside the apps you've asked it to block.
- The contents of your niyyah. The text you write before opening a blocked app stays on your phone.
- Which specific apps you bypass. We log that a bypass happened, never what you opened.
- Advertising identifiers. There is no IDFA collection. There are no ads.
Apple Family Controls
The blocking engine uses Apple's Family Controls / Screen Time API. This is a special framework with strict privacy guarantees from Apple:
- Sadd cannot see which apps you select to block. Apple gives us opaque tokens.
- Sadd cannot see which apps you launch outside of our blocking flow.
- The blocking enforcement happens entirely on your device. No app launch data ever leaves your phone.
Service providers
- Supabase (database + auth) — hosts the data described in §1. Encrypted at rest, TLS in transit.
- Stripe (payments) — processes sadaqah donations. Cards are tokenized; we never see PANs.
- RevenueCat (subscriptions) — verifies your Pro subscription with Apple's StoreKit.
- Apple Push Notification Service — delivers prayer reminders and halaqa nudges.
- Sentry (error monitoring) — records anonymous crash reports. Scrubbed of all user identifiers.
We do not sell, rent, or share your data with any party outside this list.
Your rights
Export
You can request a JSON export of everything we store on you by emailing salam@sadd.app. We respond within 30 days.
Deletion
You can delete your account at any time from Settings → Danger Zone → Delete Account inside the app. This irreversibly removes:
- Your profile, kunya, and halaqa memberships
- All bypass events, sadaqah history, niyyah counts
- Your Supabase auth record
- Your RevenueCat customer profile
Anonymized aggregate statistics (e.g. total weekly bypass count for a halaqa) may persist if other members are still active in that circle.
Stripe transaction records
Sadaqah donations are charitable transactions. Stripe is legally required to retain payment records for tax / audit purposes (typically 7 years). These records contain amount + timestamp + charity recipient, not your blocked-app data.
Children
Sadd is rated 4+ and is suitable for use by minors with parental setup. We do not knowingly collect personal data from children under 13 beyond what is required for authentication. If a parent wishes to delete a child's account, email salam@sadd.app.
Security
- All traffic between the app and our servers is TLS 1.2+.
- Supabase data is encrypted at rest.
- Row-level security policies ensure you can only access your own records.
- Apple Sign In is the only authentication method — no passwords stored.
Despite reasonable safeguards, no system is perfectly secure. If you suspect a security issue, please email salam@sadd.app.
International users
Sadd is operated from the United States and our servers are in the US. If you use the app from the EU/UK, GDPR applies — see §5 for your access/deletion rights. If you use the app from California, CCPA applies — same rights.
Changes to this policy
If we materially change what we collect or how we use it, we will notify you in-app before the change takes effect. Minor edits (typos, clarifications) will simply update the "last modified" date below.
Contact
For any privacy question, write to salam@sadd.app. We try to respond within 3 business days.