1. Introduction

At HijriMinder, we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and share your personal information when you use our Hijri calendar management service.

By using HijriMinder, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Full name
Email address
Password (encrypted)
Account creation date

2.2 Calendar Data

To provide our service, we collect:

Hijri event details (titles, descriptions, dates)
Event recurrence patterns
Notification preferences
Calendar sync settings
Default calculation method preference
Timezone preference (for email reminder scheduling)

2.3 Subscription and Billing Information

For subscription management, we collect:

Subscription tier (Basic, Standard, Premium)
Subscription status and billing history
Trial period start and end dates
Payment method information (processed by payment provider, not stored by us)

2.4 Google OAuth Data

When you connect your Google Calendar, we receive:

Google account email
OAuth access and refresh tokens
Calendar read/write permissions
Limited profile information (name, photo)

2.5 Chrome Extension Data (Premium Users)

If you use our Chrome Extension (Premium tier), we collect:

Browser information and extension usage patterns
Calendar overlay interactions
Quick-add event data

This data is used solely to provide and improve the extension functionality.

2.6 Usage Analytics

We automatically collect:

IP address and device information
Browser type and version
Pages visited and features used
Error logs and performance metrics

3. How We Use Your Information

We use your information to:

Provide the Service: Sync Hijri events to your Google Calendar, send notifications, and manage your account
Improve the Product: Analyze usage patterns to enhance features and fix bugs
Customer Support: Respond to your inquiries and resolve technical issues
Security: Detect and prevent fraud, abuse, and unauthorized access
Communications: Send important updates, newsletters (with your consent), and transactional emails
Legal Compliance: Meet our legal obligations and enforce our Terms of Service

We do not sell your personal information to third parties.

4. Data Sharing and Disclosure

4.1 Third-Party Services

We share data with trusted service providers:

Google Calendar API: To sync your Hijri events (requires your explicit permission)
Supabase: Our database and authentication provider (encrypted storage, may store data in multiple regions)
Dodo Payments: Payment processing (we do not store card details)
Resend: Transactional emails and notifications (email delivery service)

4.2 Legal Requirements

We may disclose your information if required by law or to:

Comply with legal processes (court orders, subpoenas)
Protect our rights and property
Prevent fraud or abuse
Ensure user safety

4.3 Family Sharing (Premium Tier)

Premium tier users may share their account with up to 5 family members. When you share your account:

All family members can view and manage events in the shared account
Event details, calendar sync settings, and preferences are visible to all family members
Each family member's individual account information (email, password) remains private
You can remove family members at any time from Settings → Account

4.4 No Selling of Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Security

We implement industry-standard security measures to protect your data:

Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
Access Controls: Strict role-based access to production systems
Regular Audits: Security reviews and vulnerability assessments
Secure Infrastructure: Hosted on Supabase with enterprise-grade security
Password Security: Passwords are hashed using bcrypt (never stored in plaintext)

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but commit to following best practices.

6. Your Rights (GDPR Compliance)

Under GDPR and similar privacy laws, you have the following rights:

6.1 Right to Access

Request a copy of all personal data we hold about you. To exercise this right, contact us at [email protected] with the subject "Data Access Request". We will provide your data in a structured format within 30 days.

6.2 Right to Rectification

Correct inaccurate or incomplete data. Update your information in Settings → Account → Profile Information, or contact us at [email protected] for assistance.

6.3 Right to Erasure ("Right to be Forgotten")

Delete your account and all associated data. To request account deletion, contact us at [email protected] with the subject "Account Deletion Request". Deletion is permanent and cannot be undone. We will process your request within 30 days.

6.4 Right to Data Portability

Export your data in a structured, machine-readable format (CSV or JSON). To request a data export, contact us at [email protected] with the subject "Data Export Request". We will provide your data within 30 days.

6.5 Right to Restrict Processing

Temporarily suspend processing of your data by disabling your account or specific features.

6.6 Right to Object

Opt out of email marketing by clicking "Unsubscribe" in any marketing email or adjusting preferences in Settings → Notifications.

To exercise any of these rights, contact us at [email protected] or [email protected]. We will respond within 30 days.

7. Data Retention and Deletion

We retain your personal data for as long as your account is active or as needed to provide our services. Specifically:

Active Accounts: Data is retained while your account is active and for 30 days after account deletion request
Deleted Accounts: Most data is permanently deleted within 30 days of account deletion. Some data may be retained longer if required by law or for legitimate business purposes (e.g., fraud prevention)
Billing Records: Financial transaction records are retained for 7 years as required by tax and accounting laws
Legal Requirements: We may retain certain data longer if required by law, court order, or to resolve disputes

After the retention period, data is securely deleted or anonymized. For more information about data deletion, contact us at [email protected].

8. International Data Transfers

Your data may be stored and processed in countries outside your country of residence, including:

Supabase: Data may be stored in multiple regions (United States, European Union, Asia-Pacific) depending on your account settings
Google Calendar API: Data is processed according to Google's data processing terms
Resend: Email service provider with servers in multiple regions
Dodo Payments: Payment processing may involve international transfers

We ensure that all international data transfers comply with applicable data protection laws, including GDPR. By using our service, you consent to the transfer of your data to these locations.

9. Children's Privacy

HijriMinder is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will delete such information.

If you are between the ages of 13 and 18, you may use our service with the consent and supervision of a parent or guardian.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Essential Cookies: Required for authentication and session management (cannot be disabled)
Functional Cookies: Remember your preferences and settings
Analytics Cookies: Understand how you use our service (anonymized)

You can control cookies through your browser settings. Disabling essential cookies may affect functionality.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

We will update the "Last Updated" date at the top
We will notify you via email or in-app notification
Continued use after changes constitutes acceptance

We encourage you to review this policy periodically. Major changes will be announced prominently.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

Email: [email protected]

Support: [email protected]

Response Time: Within 24-48 hours