Privacy Policy
Last updated: July 2026
1. Overview
Dhikr is built as a distraction-free, respectful Quran reading application. We respect your privacy and are committed to protecting it. This Privacy Policy explains our practices regarding data collection, storage, and transfer.
2. Data Collection & Local-First Storage
Dhikr is designed with an Offline-First / Local-First architecture:
- All bookmarks, folders, prayer logs, tasbih counts, and reading progress are stored locally on your device's secure storage.
- We do not operate a database server, and we do not collect, read, or catalog your personal usage statistics.
- No advertisements, analytics libraries, or telemetry trackers are integrated into the application.
3. Google OAuth & Cloud Syncing
If you decide to connect your Google Account to back up your data:
- Hidden Sandbox Space: Backups are placed inside Google Drive's private
appDataFolder. This folder is hidden from your regular Drive files and cannot be accessed by other applications. - OAuth Scopes: The application requests access to
drive.appdata(to save and restore the JSON backup), and basic profile details (email,profile) to display your Gmail photo and name in the settings screen. - Secure Token Storage: All OAuth tokens (access tokens, refresh tokens) are saved locally inside your device's hardware-backed secure storage (iOS Keychain / Android Keystore) via
expo-secure-store. They are never sent to third-party servers. - Manual Operations: Cloud synchronization is entirely manual. The app will never silently run background sync operations to Google Drive without your explicit action.
4. Third-Party Integrations
The app communicates with Google APIs directly for sign-in and backup features, and optionally with public APIs for downloading surah exegesis (Tafseer) or translation text. These requests are made directly from your device to the API endpoints. No intermediary servers are involved.
5. Children's Privacy
Because the application does not collect personal data from users of any age, it is safe for use by children. No registration, credentials, or tracking details are required.