TR EN Open a conversation
Legal Documents Mümin360 Privacy

Mümin 360 — Privacy Policy

Effective
14 May 2026
Scope
Mümin360
Document
Privacy
Language
English TR

Last Updated: 14 May 2026 Data Controller: Burak Arslan / Türk Otağ — privacy@turkotag.com — turkotag.com

1. Introduction and Overview

At Mümin 360 (the “application”), we take the privacy of our users seriously. This Privacy Policy explains what information is collected, where it is stored, with which third parties it is shared and how it is protected when you use the application.

Our core principle: the application requires no account; almost all of your personal data stays on your device. The only thing we keep on our servers is an anonymous push-notification token.

This policy is aligned with the Turkish Personal Data Protection Law (KVKK) No. 6698, the EU GDPR, the California CCPA, Apple’s App Store Privacy and Google Play’s Data Safety frameworks.

2. Data We Collect

A. Stored Locally on Your Device (Never Sent to Our Servers)

Application preferences:

  • The name you provide (optional — you may choose “Continue without a name”)
  • Prayer-time calculation preferences (madhhab, calculation method)
  • Your chosen city/district (Diyanet mode) or GPS coordinates (automatic mode)
  • Language, theme, sound, notification settings, high contrast

Worship records:

  • Prayer completion status, daily prayer report
  • Dhikr counts, custom dhikrs and sets
  • Tahajjud tracking and pre-dawn intentions
  • Spiritual journey, khatm (Qur’an completion) plans
  • Journal and mood notes
  • Mentor conversation state, favourites (verses, hadith, prayers)
  • Qur’an reading history and favourite surahs

This data is held in a Zustand store plus AsyncStorage on your device only; encryption is provided by the operating system’s app sandbox.

B. Limited Data Sent to Third Parties

  • Location (only in automatic mode): computed locally by the Adhan library; in some cases a one-time lat/lng lookup may be sent to the fallback time source (Aladhan API). It is never written to our servers.
  • District ID (Diyanet mode): the city/district code is sent to the Diyanet EzanVakti service to fetch a 30-day timetable.
  • Anonymous push-notification token: a device identifier produced by APNs/FCM with no personal data attached; held in a single Supabase table.
  • Crash data (Sentry): when stack traces are sent, personally identifying information (name, e-mail, location, journal content, mentor messages) is automatically masked.
  • Advertising identifier (IDFA/GAID): free-tier users only; if ATT consent is denied you will see non-personalised ads.
  • Subscription status (RevenueCat): an anonymous app-user ID; payment details are not transmitted to us.

C. Data We Never Collect

E-mail, phone, photos or videos, credit-card information, biometric data, browsing history, contact/SMS/call logs, social-media accounts.

3. Purposes of Data Use

To calculate prayer times accurately, indicate the qibla, deliver notifications on time, store your preferences, compute the spiritual score and statistics, and personalise mentor suggestions locally. Data is never used for ad profiling, sale or marketing.

4. Data Storage and Locality

All user data lives on your device (in AsyncStorage). Mümin 360 has no account system and does not transfer personal data to the cloud. If iOS iCloud or Android automatic backup is enabled, the data may be included in that device-level backup. The sole exception is the anonymous push token, which is stored on the server.

5. Data Security

  • iOS Keychain / Android Keystore device encryption
  • AsyncStorage app-sandbox isolation
  • TLS/SSL for all network traffic
  • Regular security review of third-party dependencies
  • Principle of minimum data collection
  • Policy of no hard-coded secrets in source code

6. Application Permissions

  • Location (While in Use): prayer times and qibla. There is NO background location access.
  • Notifications: prayer-time reminders, holy nights and festivals, tahajjud, daily dhikr.
  • Motion/Compass: magnetometer access for the qibla compass.
  • Audio (background): uninterrupted playback of Qur’an recitations.

All permissions are optional; if you decline one, the related feature simply will not work and the rest of the application is unaffected.

7. Third-Party Services

Content and data sources:

  • Diyanet EzanVakti API — Türkiye prayer-time tables
  • AlQuran.cloud — Qur’an text, multiple Turkish translations, recitation audio
  • HadeethEnc.com — Riyâz al-Sâlihîn hadith collection
  • Aladhan API (fallback) — alternative times in GPS mode

Infrastructure:

  • RevenueCat — subscription management (revenuecat.com/privacy)
  • Google AdMob — ads for free users; tracking domains: googleads.g.doubleclick.net, pagead2.googlesyndication.com, googleads4.g.doubleclick.net, app-measurement.com (policies.google.com/privacy)
  • Sentry — crash reporting, PII masked (sentry.io/privacy)
  • Supabase — anonymous push token (supabase.com/privacy)
  • Expo Push / Updates — notification delivery and OTA (expo.dev/privacy)

Not used: Google Analytics, Firebase Analytics, AppsFlyer, Mixpanel, Amplitude, FullStory, Hotjar, social-media SDKs.

8. Advertising and Tracking

  • On iOS 14.5+, the ATT consent prompt is shown approximately 5 seconds after the home screen opens; if you decline, you will only see non-personalised ads.
  • The advertising identifier (IDFA/GAID) is used solely for ad delivery.
  • Premium turns off all ads entirely.
  • We do not build any additional user profile and we do not sell behavioural data.

9. Children’s Privacy

The application is intended for users aged 13 and over. No account is required and no identity information is requested directly. We do not knowingly collect data from children under 13; parents are responsible for supervising their children’s use. The policy aligns with COPPA and GDPR Article 8.

10. User Rights

Under KVKK and GDPR you have rights of information, access, rectification, erasure, objection, portability and complaint.

  • Erasure: Settings → “Delete All Data” clears local data instantly. Uninstalling the application has the same effect. To delete the anonymous push token, write to privacy@turkotag.com.
  • Objection to advertising processing: decline ATT on iOS; “Reset/Delete Advertising ID” on Android.
  • Portability: there is no in-app export; on request to privacy@turkotag.com we will provide your data in JSON format.
  • Complaint: KVKK (kvkk.gov.tr) or the data-protection authority in your country.

Requests are answered within 30 days.

11. International Data Transfers

Because user data is stored locally on the device, no international transfer takes place. Push tokens and advertising requests may travel to servers in the United States or the European Union; appropriate safeguards under the GDPR Standard Contractual Clauses are in place.

12. Changes to This Policy

Material changes are announced through an in-app notice and the “Last Updated” date is changed. Continued use signifies acceptance of the revised policy.

13. Contact

Data Controller: Burak Arslan / Türk Otağ Privacy: privacy@turkotag.comSupport: support@turkotag.comWeb: turkotag.com KVKK: kvkk.gov.tr

Open a conversation