Privacy Policy
1. About this policy
Deen Verse ("we", "us", "our", or the "App") is an iPhone app for reading and reflecting on the Holy Quran, hadith, and supplementary Islamic content. This Privacy Policy explains what information we collect when you use the App, how we use it, who we share it with, and what choices you have.
By using Deen Verse you agree to the collection and use of information in line with this policy. If you do not agree, please stop using the App.
Deen Verse is rated 4+ on the App Store and the content (Quran, hadith, duas, themes) is suitable for users of all ages. We do not knowingly collect personal information from anyone under 18 — see section 9 for details on how the App is designed to keep minors out of our data collection.
2. Information you provide directly
During onboarding and from Settings → About You, you may optionally tell us a little about yourself so the App can tailor your reading experience. The fields are:
- Your first name
- Your gender, or "Prefer not to say"
- Your age range (e.g. "25 to 34") — we do not collect a precise birthdate
- Your relationship status
- Your faith practice
- Your closeness to Allah
Every one of these fields is optional and can be skipped or changed at any time in Settings.
These answers are stored two places, both controlled by you:
- On your device, in Apple's
UserDefaults. - Synced privately to your personal iCloud account through Apple's CloudKit private database. Only you can read this data — Apple's CloudKit private database is not accessible to us, to Apple, or to any third party.
We do not transmit your About You answers to our servers, to our analytics provider, to our crash-reporting provider, or to any other third party.
If you save favorites, build collections, or set local reminders, that content lives in the same place — on your device and in your private iCloud database — and is not transmitted to us.
3. Information collected automatically
When you use Deen Verse, a small amount of technical and usage information is sent to the third-party services listed below. None of these services receive your name, your About You answers, or any of your saved content.
a. Crash and performance data — Firebase Crashlytics
We use Firebase Crashlytics (Google LLC) to receive anonymized crash logs and performance metrics so we can find and fix bugs. Crashlytics may collect your device model, operating system version, app version, locale, time zone, a stack trace describing the crash, and an installation identifier (a random UUID generated per install — not your Apple ID, email, or device serial).
Learn more in Google's Firebase privacy documentation.
b. Anonymous product analytics — PostHog
We use PostHog (PostHog Inc.) to understand which features are used so we can prioritize improvements. PostHog receives only event names and a fixed allow-list of generic properties, namely:
- which content topic or theme was opened (
topic_id,theme_id), - whether the user is currently a premium subscriber (
is_premium), - which screen triggered the paywall (
source), - error codes from failed purchases (
error_code,user_cancelled), - which widget size was used (
widget_size), - whether the build is a debug build (
is_debug).
We never call PostHog's identify, alias, setPersonProperties, or register APIs. Your name, your About You answers, the verses or duas you read, and any free-text input you type are never sent to PostHog. PostHog assigns a stable random device identifier so events from the same install can be grouped; this identifier is not linked to any external profile.
Learn more in PostHog's Privacy Policy.
c. Subscription state — RevenueCat
We use RevenueCat, Inc. to validate App Store receipts, check entitlement state, and remember whether your trial or membership is active. RevenueCat receives an anonymous app-user ID (a random UUID generated per install), the App Store transaction details Apple sends us, your device model, and your country code (so it can pick the right offering). RevenueCat does not receive your name, About You answers, or any in-app reading activity.
Learn more in RevenueCat's Privacy Policy.
d. Dynamic content and feature flags — Firebase Firestore and Remote Config
We use Firebase Firestore and Firebase Remote Config (Google LLC) to deliver content (verses, hadith, duas, themes) and to control which paywall copy or feature flags are active for a given release. Reads from Firestore and Remote Config require a Firebase installation identifier; they do not require your About You answers and we do not write your About You answers to either service.
e. Local notifications and AlarmKit
If you enable daily reminders or alarms, those notifications are scheduled and delivered entirely on-device by Apple's UserNotifications framework. On iOS 26 and later we additionally use Apple's AlarmKit for true alarms. The reminder text and schedule never leave your device. We require your permission before scheduling notifications.
f. Apple services
Deen Verse interacts with several Apple services on your behalf — StoreKit (for in-app purchases), CloudKit (for syncing your favorites and settings to your private iCloud), and the App Store (for installing the App). Your interaction with these services is governed by Apple's privacy practices, not ours.
4. How we use information
We use the limited information described above only to:
- operate, secure, and debug the App;
- validate your subscription and grant or revoke premium access;
- deliver content, themes, and feature flags appropriate for your release of the App;
- produce aggregate, anonymous usage statistics so we can prioritize improvements;
- comply with our legal obligations.
We do not sell your personal information. We do not use your information for behavioral advertising. We do not build or sell a marketing profile of you.
5. How we share information
We share information only with the third parties listed in section 3 (Apple, Google/Firebase, PostHog, and RevenueCat), strictly for the purposes described there. We do not share your information with advertisers, data brokers, or social networks.
We may disclose information if required to do so by law, valid legal process, or to protect the rights, property, or safety of our users or the public.
If Deen Verse is involved in a merger, acquisition, or sale of assets, we will notify you before any personal information is transferred or becomes subject to a different privacy policy.
6. Subscriptions and payments
Deen Verse offers an auto-renewing subscription, Deen Verse Premium:
- Length: 1 year, with an optional 3-day free trial for first-time subscribers.
- Price: $29.99 per year (USD). Pricing on storefronts outside the United States may differ; the price displayed in the App at the time of purchase is the price that will be charged.
- Auto-renewal: Your subscription automatically renews each year unless you cancel at least 24 hours before the end of the current period. Your Apple ID will be charged within 24 hours prior to the end of the current period.
- Cancellation: You can cancel at any time from Settings → [Your Apple ID] → Subscriptions in iOS, or from inside Deen Verse → Settings → Manage subscription. Cancellation takes effect at the end of the current billing period.
Payment is processed by Apple, not by Deen Verse. We never see your credit card number or your Apple ID password. Apple may share with us a portion of the purchase information needed to grant your entitlement (for example: the product identifier, the transaction date, and a transaction identifier). RevenueCat handles the receipt validation on our behalf.
7. Data retention
- Your About You answers, favorites, history, and collections live on your device and in your private iCloud database. You can delete them at any time by editing them in the App, by signing out of iCloud, or by uninstalling Deen Verse from each of your devices.
- Crashlytics data is retained for up to 90 days by Google in line with Crashlytics' default retention.
- PostHog event data is retained for up to 12 months.
- RevenueCat subscription transaction history is retained for as long as required to provide the service and to satisfy our tax and accounting obligations.
8. Your rights
Depending on where you live, you may have the right to access the personal information we hold about you, request correction or deletion, restrict or object to certain processing, request portability of your data, or lodge a complaint with your local data-protection authority. These include rights granted by the California Consumer Privacy Act / CPRA (CA residents), the EU General Data Protection Regulation (EEA residents), and the UK Data Protection Act (UK residents).
Because most of your personal data lives only on your device and in your private iCloud database — neither of which we can access — the most direct way to exercise these rights is to delete the data yourself in the App or in iCloud.
For data we can access (Crashlytics installation IDs, PostHog event identifiers, RevenueCat subscription records), email support@deenverse.app with your request and we will respond within 30 days.
California residents: we have not sold or shared personal information for cross-context behavioral advertising in the preceding 12 months and do not intend to. You have the right to opt out of any such sale or share at any time.
9. Children's privacy
Deen Verse is rated 4+ on the App Store and the content is suitable for users of all ages. However, we have intentionally designed the App so that we do not knowingly collect personal information from anyone under 18:
- the age picker in onboarding does not present any option below "18 to 24", so a minor cannot self-disclose an age range to us;
- we never ask for a precise birthdate;
- every About You question is optional and can be skipped;
- we do not run any third-party advertising network and we do not market or advertise the App to minors.
If you are under 18, please use Deen Verse with parental supervision and skip the About You questions. If you are a parent or legal guardian and you believe your child has provided personal information through the App, email support@deenverse.app and we will delete the information from our systems within 30 days.
10. International transfers
Deen Verse is available worldwide. Our processors (Apple, Google, PostHog, RevenueCat) operate servers in the United States and elsewhere. By using the App from outside the United States you understand that your information may be transferred to and processed in the United States. Each of our processors maintains its own GDPR / UK-DPA compliant transfer mechanisms (Standard Contractual Clauses or equivalent).
11. Security
We use TLS for all network requests, App Group sandboxing for the data shared between the App and its widget extensions, and Apple's standard encryption-at-rest for on-device storage and CloudKit. No method of electronic transmission or storage is 100% secure, but we apply commercially reasonable safeguards.
12. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of the document reflects the most recent revision. If we make a material change, we will let you know inside the App before the change takes effect. Continued use of Deen Verse after the effective date constitutes acceptance of the updated policy.
13. Contact
Questions, concerns, or requests about this Privacy Policy? Email support@deenverse.app and we will respond as soon as we reasonably can.