Salahly (“we”, “us”, “our”) helps you build and keep a consistent prayer habit. We are a worship app and we treat your data with the seriousness that deserves. This policy explains what we collect, why, who we share it with, and the control you have. We do not sell your personal data and we do not use your worship activity for advertising.
What we collect
| Account | Email, display name, and a securely hashed password. Optional profile photo. |
|---|---|
| Location | Your approximate location to calculate prayer times, the qibla direction, and show nearby mosques. Used on-device; coarse coordinates may be sent to find mosques near you. |
| Worship activity | Prayer logs, streaks, reflections, sunnah/fasting entries, and mosque check-ins you create. |
| Social content | Groups you join, duas you post, prayer-buddy pairing, and messages you send within the app. |
| Device & notifications | A device identifier (to keep your sessions secure) and a push token (to deliver reminders and notifications you opt into). |
| Subscription | Whether you hold an active premium/lifetime entitlement. Payments are processed by Apple, Google, and RevenueCat — we never see your card details. |
How we use your data
- Calculate prayer times and qibla, and show mosques near you.
- Record and display your prayer logs, streaks, achievements and reflections.
- Deliver the reminders and notifications you opt into.
- Power community features you choose to use (groups, dua board, prayer buddy).
- Provide Premium features, including AI coaching when you subscribe.
- Keep your account secure, prevent abuse, and operate and improve the Service.
Legal bases
Where data-protection law applies (such as the EU/UK GDPR), we process your data on these bases: to perform our contract with you (providing the Service you sign up for); your consent (for example, push notifications and location, which you can withdraw any time); our legitimate interests (keeping the Service secure and improving it); and to meet legal obligations. In Malaysia, we handle your personal data in line with the Personal Data Protection Act (PDPA).
Service providers we share data with
We rely on a small set of trusted processors strictly to operate the app:
- Hosting & database — our server provider and managed database store your account and activity data.
- Cloudflare — content delivery, security/WAF, and image storage.
- Firebase Cloud Messaging (Google) — to deliver push notifications.
- Apple, Google & our payments partner — to process and validate purchases. Payment details go to Apple/Google; we only learn whether your subscription is active.
- Our email provider — to send transactional emails (verification, password reset, and replies to your messages).
- Our AI provider — only if you use Premium AI coaching, relevant prayer-pattern data is sent to generate coaching responses.
Location data
Location is used to calculate accurate prayer times, the qibla direction, and to find nearby mosques. Prayer-time and qibla calculations happen on your device. You can change or disable location access at any time in your device settings; some features will then ask you to set a location manually.
Data retention
We keep your data for as long as your account is active. When you delete your account we remove or anonymise your personal data, completing the purge within 30 days, except where we must retain limited records to meet legal obligations or resolve disputes. Backups are rotated and expire automatically.
Your rights & choices
- Access & export — request an export of your data from within the app.
- Correction — edit your profile and preferences any time.
- Deletion — delete your account in-app (see below).
- Notifications & location — control or withdraw these in Settings and your device settings.
- Objection / restriction — where the law provides, you may object to or restrict certain processing.
To exercise any right, contact [email protected]. You also have the right to lodge a complaint with your local data-protection authority.
How to delete your account & data
Open the app → Settings → Account → Delete account. This permanently removes your profile, prayer logs, reflections, social content, and notification tokens, and the purge completes within 30 days. If you cannot access the app, email [email protected] from your account address and we will action it for you.
Children & family use
Salahly is intended for a general audience. The app includes a restricted mode for younger family members within Family features. We do not knowingly collect personal data from children below the age of digital consent in their region without appropriate parental consent. If you believe a child has provided data without consent, contact us and we will remove it.
International transfers
Your data may be processed in countries other than your own (for example, where our servers and providers operate). Where required, we use appropriate safeguards — such as standard contractual clauses — for those transfers.
Security
We protect your data with measures appropriate to its sensitivity: encrypted connections (HTTPS), hashed passwords, device-bound and rotating sessions, access controls, and rate limiting. No method of transmission or storage is perfectly secure, but we work continuously to safeguard your information.
Changes to this policy
We may update this policy as the app evolves. We will post the new version here and update the effective date; significant changes will be communicated in-app or by email.
Contact us
Questions about privacy? Email [email protected] or use our contact form.
Note for the operator: before launch, confirm your legal entity name and the identity of the data controller, and have this policy reviewed against Malaysia PDPA, EU/UK GDPR, and Apple/Google store requirements. Delete this note once reviewed.