Qasd.Co

Welcome to Qasd.Co ("we," "our," or "us"). Qasd.Co is a premium Islamic habit tracker. This Privacy Policy explains how we collect, use, and safeguard your information across our website and mobile applications. This policy applies to users in the United States, Canada, and the United Kingdom.

This Privacy Policy and our data processing practices are designed for users located in the United States, Canada, and the United Kingdom. Qasd.Co does not currently target or serve users in the European Union or European Economic Area (EEA). EU/EEA residents are not our intended market at this time.

For users located in the United Kingdom, we process your personal data under the following legal bases:

• Performance of a Contract: To manage your account and provide the habit tracking services.
• Consent: For your voluntarily provided journal entries and spiritual data.
• Legal Obligation: To comply with tax, anti-money laundering, or regulatory requirements.

• Personal Data: Email address, name, and password (stored using bcrypt hashing via Supabase Auth).
• App Data: Your niyyah (intentions), habit categories, tasks, daily ibadah data (salah, fasting, etc.), and journal entries.
• Financial Data: Payments are processed via Stripe, Apple, or Google. We do not store or have access to your full credit card details.
• Cookies: We use "Strictly Necessary" cookies and local storage tokens solely to maintain your active login session and security. We do not use tracking or advertising cookies.

We utilize trusted third-party services to ensure a premium experience:

• Supabase: Database storage and authentication (data is isolated via Row Level Security).
• Stripe: Web-based payment processing.
• Apple App Store / Google Play Store: Mobile in-app purchase processing.
• Google Workspace: Business communications.

Your data is stored securely using industry-standard encryption at rest and in transit (HTTPS). While we exercise reasonable care, no method of electronic storage is 100% secure.

International Transfers: Your data may be transferred to servers located outside your home country. We utilize Standard Contractual Clauses (SCCs) to ensure your data remains protected to the standards required by the UK GDPR and PIPEDA.

Data Retention: We retain your personal data for as long as your account remains active. Following account deletion, your data will be permanently removed within 90 days.

Under the GDPR (UK), PIPEDA (Canada), and CCPA (US), you have the right to access, correct, or delete your data. You may export all your personal data at any time via a JSON file available in the App Settings.

California Residents (CCPA): We do not sell your personal data to third parties, and we never will. You have the right to know what personal information we collect and to request its deletion.

Qasd.Co is not intended for use by children. In accordance with the Children's Online Privacy Protection Act (COPPA), our app is not directed to children under the age of 13 in the United States. In the United Kingdom, our app is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will promptly delete that information.

To exercise your privacy rights or for any privacy-related questions, please contact our Privacy team at:

Email: info@qasdco.com

Website: www.qasdco.com