Privacy Policy

Last updated: 18 February 2026

Mutabaah Amal ("we", "our", "the app") is a personal ibadah (worship) tracking application. Your privacy matters to us. This policy explains what data we collect, how we use it, and your choices.

1. Data We Collect

Data you provide:

• Task data — the worship activities you add, complete, or delete. This is stored locally on your device in your browser's localStorage.
• Recurring tasks — tasks you set to repeat daily, stored locally and synced to the cloud if signed in.
• Ramadan data — fasting status, Quran progress (juz count), and Tarawih prayer tracking during Ramadan, stored locally and synced to the cloud if signed in.
• Settings — your language preference, dark mode setting, Hijri date offset, and sound effects preference.

Data collected when you sign in (optional):

• Google account info — your name, email address, and profile photo, provided by Google when you sign in. We use this solely to identify your account and display it in the app.
• Cloud-synced data — if you sign in with Google, your task data, recurring tasks, Ramadan progress, and settings are synced to Google Cloud Firestore so you can access them across devices.

Data collected automatically:

• Analytics — we use Google Analytics 4 to collect anonymous usage data such as page views, feature usage, and general device/browser information. This helps us understand how the app is used and improve it. No personally identifiable information is sent to Google Analytics.

2. How We Use Your Data

• To provide the core functionality of tracking your daily ibadah and Ramadan progress
• To sync your data across devices when you opt in by signing in with Google
• To remember your preferences (language, theme, Hijri offset, sound effects)
• To provide recurring daily tasks across sessions
• To understand usage patterns and improve the app through anonymous analytics

3. Data Storage & Security

Local storage: Your task data, Ramadan progress, and recurring tasks are stored in your browser's localStorage. This data never leaves your device unless you sign in with Google.

Cloud storage: If you sign in, your data is stored in Google Cloud Firestore under your authenticated user account. Firestore security rules ensure that only you can read and write your own data. Data is encrypted in transit and at rest by Google Cloud.

Content Security Policy: The app enforces a Content Security Policy (CSP) to restrict which external resources can be loaded, reducing the risk of cross-site scripting attacks.

Subresource Integrity: External scripts are loaded with integrity hashes to ensure they have not been tampered with.

4. Third-Party Services

• Firebase Authentication — for Google Sign-In. Subject to Firebase Terms of Service.
• Cloud Firestore — for cloud data storage. Subject to Google Cloud Terms.
• Google Analytics 4 — for anonymous usage analytics. Subject to Google Privacy Policy.
• Lucide Icons — icon library loaded from unpkg.com CDN. No user data is shared with this service.

5. Data Sharing

We do not sell, trade, or share your personal data with any third parties. Your data is only accessible to you through your authenticated account.

6. Your Choices

• Use without signing in — the app works fully offline with localStorage only. No data is sent to any server.
• Sign out — you can sign out at any time from Settings. Your local data remains on the device.
• Sound effects — audio feedback can be toggled on or off in Settings. No audio data is collected or transmitted.
• Delete your data — clear your browser's localStorage to remove all local data. To delete cloud data, contact us at the email below.

7. Children's Privacy

This app is not directed at children under 13. We do not knowingly collect personal information from children.

8. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected by updating the "Last updated" date above.

9. Contact

If you have questions about this privacy policy, please contact us at syahmi.my.