Privacy Policy

We collect only what we need to make MishMish work for you, and nothing more. The categories of information we collect are:

• Account information you provide when you sign up, your name and email address.
• Usage data generated as you use MishMish, your streak count, completed daily verses, reflections completed, dua history, preferences, and notification settings.
• Device information necessary for app functionality, device type, operating system version, app version, language, time zone, and crash diagnostics.

We do not collect your contacts, your photos, your location, or your browsing activity outside of MishMish.

We use the information we collect for a small, defined set of purposes:

• To provide and operate the service, including syncing your streak and progress across your devices.
• To send you reminders that you have opted into, streak nudges, daily verse notifications, and prayer time reminders. You can disable any of these in the app settings.
• To improve the service through anonymized, aggregated usage statistics. These statistics never identify you individually.
• To respond to support requests you send us.

Some commitments we hold as non-negotiable:

• We never sell your data to third parties. Not now, not ever.
• We never show advertisements inside MishMish.
• We never share your spiritual journey data, your reflections, journal entries, dua history, or streak record, with anyone, including advertisers, brokers, or partners.
• We never track you across other apps or websites. MishMish has no third-party advertising trackers, no fingerprinting, and no cross-app identifiers.

Your data is encrypted at rest on our servers and encrypted in transit between your device and our infrastructure using TLS 1.2 or higher.

We use industry-standard access controls, audit logs, and least-privilege practices to protect the systems where your data is stored. No system is perfectly secure, but we treat your trust as a sacred amanah.

Your reflections, journal entries, and personal notes are private to your account and end-to-end encrypted with a key derived from your account credentials. We cannot read them. Our employees cannot read them. They are between you and Allah.

If you ever delete your account, this content is permanently and irreversibly destroyed.

You are in full control of your data:

• Export your data at any time from Settings → Privacy → Export My Data. We provide a complete copy in a portable JSON format.
• Delete your account at any time from Settings → Privacy → Delete Account. All personal data is removed from our active systems within 30 days and from backups within 90 days.
• Opt out of analytics at any time from Settings → Privacy → Analytics. MishMish will continue to work normally.
• Request a copy of any personal information we hold about you by emailing us at the address below.

If you reside in a jurisdiction with specific privacy rights (such as the EU under GDPR or California under the CCPA), those rights apply to you in full.

We use a small number of trusted infrastructure and analytics providers to operate the service. Each is bound by a data processing agreement that prohibits them from using your data for their own purposes.

• Cloud infrastructure: Amazon Web Services and Cloudflare, used to host the application and database.
• Analytics: PostHog, used for anonymized product usage statistics. No personally identifiable information is sent.
• Crash reporting: Sentry, used to diagnose app crashes. IP addresses are scrubbed.
• Payments: Apple App Store and Google Play, which handle all subscription billing. We never see your payment card information.

MishMish is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with information, please contact us and we will delete it.

If we make material changes to this policy, we will notify you via email and through an in-app notification at least 30 days before the changes take effect. Continued use of MishMish after the effective date constitutes acceptance of the updated policy.

Minor clarifications and non-material edits may be made at any time and reflected in the "Last updated" date at the top of this page.

If you have any questions or concerns about this policy, or if you want to exercise any of your rights, please reach out to us at support@mishmishcompanion.app. We respond to every email personally.