سياسة الخصوصية

Privacy Policy

Effective: 2026-05-18 — Quran in the Shell (athanapp.site)

هذا الموقع وقف رقمي. لا نبيع بياناتك، ولا نشاركها مع أطراف خارجية. نحترم اختيار عدم التتبع (DNT/GPC).

This site is a digital waqf. We do not sell your data, and we do not share it with third parties. We respect Do-Not-Track (DNT) and Global Privacy Control (GPC) signals.

What we collect

Email address — if you voluntarily join the waitlist. Stored hashed (SHA-256 with daily salt) and in plain text for sending your welcome email.
Name (optional) — only if provided in the waitlist form.
Interest tags (optional) — scholar / general reader / developer, if selected.
IP address hash — HMAC-SHA-256 with a daily-rotating salt. The raw IP is never stored. Used only for per-IP rate-limiting (1 signup per IP per day).
User-agent hash — HMAC-SHA-256 with the same daily salt. Raw user-agent string is never stored.
Analytics events — page view, scroll depth, UI interaction signals. Stored as hashed (IP + UA) records. No cross-site tracking. Raw IPs are never persisted.
Session cookies — when you use the agent chat interface (quran.athanapp.site), a session cookie (qits_session) is issued as a UUIDv4 for the duration of your session. It is HttpOnly, Secure, SameSite=Lax. It expires at the end of your browser session.

Do-Not-Track & GPC

When your browser sends a DNT: 1 or GPC signal, we honour it server-side: analytics events are dropped before storage. The waitlist form itself is exempt — it is a voluntary opt-in action, not passive tracking.

Retention

Waitlist entries: retained until you request removal, or until the project closes.
Analytics events: rolling 90-day window. Older records are automatically deleted.
Session JSONL (agent conversations): retained for 90 days for service-quality analysis, then deleted. Transcripts are stored encrypted on-server, never transmitted to third parties.
IP hashes and UA hashes: same 90-day rolling window as events. Daily salt rotation means hashes older than 24h cannot be correlated even with the current salt.

Third parties

No advertising networks. No social media tracking pixels. No analytics CDNs. Fonts are served from fonts.googleapis.com on the landing page only — if you want to avoid this, the page is fully readable without JavaScript enabled and falls back to system serif fonts.

Data storage location

All data is stored on our VPS (srv823348.hstgr.cloud, Hostinger EU infrastructure). No data is transmitted outside this server unless you are using the agent chat feature, which sends your query to the Anthropic API (Claude) under Anthropic’s own privacy policy.

Access and deletion

To request deletion of your waitlist entry or session data, contact us at the address in security.txt. We will process your request within 72 hours.

Contact

See /.well-known/security.txt for the current security and privacy contact address.

This policy is short by design. If you have a question it does not answer, please ask directly. — and Allah knows best.