Muhasaba is a private practice. This policy describes — in plain language — what data the app collects, why it exists, who sees it, and how you can erase it. We do not sell your data. We never train AI on your reflections.
What we collect
Account
When you sign in with Apple, we receive an opaque identifier from Apple and (optionally, if you grant it) an email address. We do not receive your real name unless you choose to share it. If you sign in as a guest, we generate a random anonymous identifier and store no personal details.
Your reflections
Anything you write or speak inside the app — your daily journal entries, prompts you answered, the mood you tagged, and the AI guidance returned to you — is stored under your account so you can return to it tomorrow. These entries are stored on Supabase (our database provider) and are readable only by your authenticated session.
Voice
When you use voice journaling, your recorded audio is transmitted to our secure endpoint and then to OpenAI's Whisper API for transcription. The audio is not stored after transcription; only the resulting text becomes part of your reflection. OpenAI does not use this audio to train its models (per their API data policy).
Subscription data
If you subscribe to Muhasaba Pro, your subscription status is managed through Apple's App Store and RevenueCat. We see only whether your subscription is active — never your payment details, billing address, or full card number. Apple handles all billing.
Diagnostics
We log error events (a crash, a failed network call) so we can fix bugs. These logs do not include your reflection text, your name, or your email. We do not run third-party trackers or advertising SDKs.
How we use it
- To show you your past reflections and continue the practice.
- To send your latest entry to Anthropic's Claude API so it can return gentle Islamic guidance shaped to what you wrote. Anthropic does not retain this content beyond the response window and does not train on it (per their commercial terms).
- To remember your reminder time, mood history, and madhab preference.
- To verify your Muhasaba Pro entitlement before unlocking premium features.
Who we share it with
We use a small number of trusted infrastructure providers. They are bound by their own data-protection terms:
- Apple — sign-in identity, App Store billing.
- Supabase — encrypted Postgres database for your account + reflections.
- Anthropic — receives the text of your entry to generate guidance, then discards it.
- OpenAI — receives voice audio for transcription, then discards it.
- RevenueCat — manages the technical layer of subscriptions.
We do not share your data with advertisers. We do not sell it. We do not rent it. We do not use it to train any model, ours or anyone else's.
How long we keep it
Your reflections remain in your account as long as your account exists. Diagnostic logs are kept for 30 days. If you delete your account from Settings → Data, everything tied to your account — entries, profile, AI guidance — is erased permanently within minutes.
Your rights
You can, from inside the app:
- Export your reflections as a JSON file you can keep forever.
- Delete any single reflection.
- Delete your entire account — auth, profile, every entry — in one tap.
- Cancel your subscription via Apple's subscription management.
If you live in a jurisdiction with formal data rights (EU/UK GDPR, California CCPA, etc.), you can also email us and we will respond within 30 days.
Children
Muhasaba is intended for users 13 and older. We do not knowingly collect data from younger children. If you believe a child has signed up, email us and we will erase the account.
Security
All data is encrypted in transit (TLS) and at rest. Database access is gated by row-level security so only your authenticated session can read or write your data. We rotate keys for any third-party service if compromise is suspected.
Changes
If we materially change this policy, we will update the effective date above and notify active accounts via the app on next open. Continued use after a change constitutes acceptance.
Contact
Questions, deletion requests, or anything else: zaman.ishtiyaq@gmail.com.