Privacy Policy

PRIVACY POLICY Last Updated: February 20, 2026 1. Introduction and Overview At Mumin 360 ("App"), we greatly value our users' privacy. This Privacy Policy explains what information is collected when you use the App, how it is used, and how it is protected. This policy fully complies with the Turkish Personal Data Protection Law No. 6698 (KVKK), the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Apple App Store and Google Play Store policies. Data Controller: Burak Arslan / Türk Otağ Email: privacy@turkotag.com Web: turkotag.com 2. Data We Collect Automatically Processed Data: - Location: Your device location is used to calculate accurate prayer times and show Qibla direction. This data is processed only on your device and is never sent to any server. - Device Sensors: Magnetometer and accelerometer data for the Qibla compass are processed only on your device in real-time. - Push Token: An anonymous device token is stored to enable notification delivery. This token contains no personal information. User-Created Data: - Prayer records and completion status - Journal entries and mood notes - Dhikr counts and custom dhikr - Tahajjud prayer tracking and dawn intentions - Spiritual journey progress records - App preferences and settings Data We Do NOT Collect: - Name, surname, or username - Email address or phone number - Photos, videos, or media files - Payment or credit card information - Biometric data (fingerprint, face recognition) - Browsing history or browser data - Contacts, SMS, or call logs 3. Purpose of Data Use - Calculating prayer times accurately based on your location - Determining Qibla direction - Sending timely notifications (prayer reminders, Kandil, Eid, etc.) - Saving your app preferences (language, theme, sound, calculation method) - Calculating spiritual score and statistics - Generating worship tracking and progress reports - Personalizing AI-powered mentor suggestions Your data is never used for advertising, marketing, profiling, or sharing with third parties under any circumstances. 4. Data Storage and Locality All user data is stored ONLY on your device (AsyncStorage). Mumin 360 does not use an account system and does not transfer your personal data to any cloud server. Exception: Your push notification token (an anonymous device identifier containing no personal information) is stored on a secure server for notification delivery. 5. Data Security - Device-level encryption via Keychain (iOS) and Keystore (Android) - App sandbox isolation on AsyncStorage - TLS/SSL encryption (HTTPS) for network communications - Regular security audits of third-party libraries - Data minimization principle 6. App Permissions - Location (While Using): Required to calculate prayer times and show Qibla direction. - Notifications: Prayer reminders, Kandil/Eid notifications, Tahajjud alarms, verse notifications. - Motion and Compass Sensors: Qibla compass function. - Background Audio: Quran recitation continuation. All permissions are optional and can be disabled from device settings. 7. Third-Party Services - RevenueCat: Subscription management (anonymous app user ID only) - Google AdMob: Ads for free users (disabled for premium) - Expo Push Notifications: Remote notification delivery (anonymous push token only) - Expo Updates: App update checks - Supabase: Anonymous push token storage NOT used: Analytics tools, user behavior tracking, social media SDKs. 8. Advertising and Tracking - iOS ATT permission requested; non-personalized ads shown if denied - IDFA/GAID used only for ad serving - All ads removed for premium subscribers - No user profiles created or shared 9. Children's Privacy - No personal data knowingly collected from children under 13 - COPPA compliant - All content is Islamic and educational 10. User Rights (KVKK/GDPR) Right to Information, Access, Rectification, Erasure, Objection, Portability, and Complaint. Contact: privacy@turkotag.com (response within 30 days) 11. International Data Transfers No international transfers for user data (stored locally). Push tokens and ad services may use EU/US servers (GDPR SCC compliant). 12. Policy Changes Significant changes announced via in-app notification. 13. Contact Data Controller: Burak Arslan / Türk Otağ Privacy: privacy@turkotag.com | Support: support@turkotag.com | Web: turkotag.com