Your Privacy, Our Commitment

Qurantology is an AI-powered Quranic vocabulary learning platform serving 28,394+ scholars across 75 countries. As a platform grounded in Islamic values of trust (amanah) and accountability, we take the protection of your data as a core responsibility.

This policy applies to all users of our web platform, mobile apps (iOS & Android), API services, and any other products or services that link to this Privacy Policy. It does not apply to third-party websites or services that we may link to, which are governed by their own privacy policies.

We collect different types of information depending on how you use our platform. Below is a transparent breakdown of every category of data we may collect.

We do not collect sensitive information such as racial or ethnic origin, political opinions, religious beliefs beyond what you voluntarily share, biometric data, or financial account details beyond what is required for payment processing.

Every piece of data we collect has a specific, documented purpose. We do not use your data in ways you would not reasonably expect.

• To provide and personalize our AI-powered Quranic vocabulary learning experience, including spaced repetition scheduling and progress tracking.
• To operate competitions, verify eligibility, calculate scores, distribute prizes, and maintain fair leaderboards.
• To process payments securely through our PCI-DSS compliant payment processor (Stripe) and manage your subscription.
• To communicate important platform updates, security notices, and service announcements. Marketing emails require your opt-in consent.
• To improve our AI models and platform features using aggregated, anonymized analytics — never individual user profiling for advertising.
• To detect and prevent fraud, abuse, unauthorized access, and other illegal activities that could harm our community of scholars.
• To comply with applicable legal obligations, enforce our Terms of Service, and protect the rights and safety of our users.

We use cookies and similar tracking technologies to keep you logged in, remember your preferences, and understand how the platform is being used. We do not use advertising cookies or sell cookie data to third parties.

You can manage your cookie preferences at any time via the Cookie Settings panel in your account, or through your browser settings. Note that disabling essential cookies will affect your ability to log in and use the platform.

We do not sell, rent, or trade your personal data to any third party — ever. We only share data with trusted service providers who are contractually bound to protect it, and only to the extent necessary to deliver our service.

• Stripe — Secure payment processing. They receive billing information necessary to process subscriptions. Governed by Stripe's Privacy Policy.
• AWS (Amazon Web Services) — Cloud infrastructure hosting our platform. Data is encrypted at rest and in transit.
• Resend — Transactional email delivery (password resets, notifications). No marketing access.
• Sentry — Error monitoring for crash reports and debugging. Personal identifiers are scrubbed from logs.
• Legal Authorities — Only when required by a valid court order, subpoena, or applicable law. We will notify you when legally permitted to do so.

We implement industry-standard security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. Our security practices include:

• All data is transmitted over HTTPS using TLS 1.3 encryption.
• Passwords are hashed using bcrypt with a minimum cost factor of 12 — we never store plaintext passwords.
• Databases are encrypted at rest using AES-256 and accessible only via private networks.
• Two-factor authentication (2FA) is available and recommended for all accounts.
• Regular third-party security audits and penetration testing are conducted annually.
• Access to user data is restricted to authorized personnel on a strict need-to-know basis with full audit logging.

Depending on your location, you have the following rights regarding your personal data. You can exercise most of these directly from your account settings, or by contacting us.

To exercise any of these rights, visit your Account Settings → Privacy or email privacy@qurantology.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Qurantology is designed for users of all ages, including students and young learners. We take additional care when our service is used by children.

• Users under 13 years old require verifiable parental consent before creating an account, in compliance with COPPA (USA) and equivalent laws.
• Users aged 13–17 have restricted data processing — their data is not used for analytics beyond core service delivery.
• Parents and guardians may request access to, correction of, or deletion of their child's data at any time by contacting us.
• We do not knowingly display targeted content, competitions with cash prizes, or advertising to users under 18 without explicit parental consent.

Qurantology serves users in 75 countries. Your data may be processed in countries outside your own, including the United States and European Union, where our infrastructure is hosted.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure all cross-border data transfers are protected by one of the following safeguards: EU Standard Contractual Clauses (SCCs), adequacy decisions by the European Commission, or binding corporate rules where applicable.

For users in other regions, including Pakistan, the Middle East, and Southeast Asia, we apply equivalent data protection standards regardless of local requirements, as a commitment to our global community of scholars.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Last updated" date at the top of this page.
• Send an email notification to all registered users for material changes that affect your rights.
• Display a prominent in-app notice for significant changes with a 30-day review period before they take effect.
• Maintain an archive of previous versions of this policy, accessible upon request.

Your continued use of the platform after policy changes come into effect constitutes your acceptance of the updated policy. If you do not agree with the changes, you may delete your account before the effective date.

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern, please contact our Data Protection Officer (DPO):