Privacy Policy

Last updated: March 16, 2026

Introduction

SalahLock (“we,” “our,” or “us”) is operated by MOMEN TECHNOLOGIES LLC. This Privacy Policy explains how we collect, use, and protect your information when you use the SalahLock iOS application (“the App”).

We are committed to transparency about our data practices. SalahLock stores your data locally on your device by default, but certain features transmit data to external services as described below. We do not use any third-party advertising SDKs, analytics platforms, data brokers, or tracking services.

Data We Collect and Transmit

SalahLock communicates with external services in the following ways. We want to be transparent about exactly what data leaves your device and when.

1. Cloud Sync (Automatic for All Users)

When you complete onboarding, SalahLock creates an anonymous profile on our cloud backend (hosted on Supabase) using a randomly generated anonymous user ID. This sync happens automatically and does not require Apple Sign In. The following data is transmitted to our Supabase backend:

  • Profile information — Name, age range, and gender (if you provide them during onboarding).
  • Location data — GPS coordinates (latitude/longitude), city, country, and timezone. Used for prayer time accuracy and synced to your cloud profile.
  • Device information — Device model, iOS version, app version, build number, timezone, and locale.
  • Prayer data — Prayer completions (which prayers were completed and when), current and best streaks, Barakah points earned and spent, and unlock method used (Honor, Snooze, Emergency Bypass, or Islamic Excuse).
  • App settings — Prayer calculation method, madhab, shield configuration (snooze quota, grace period settings, adaptive blocking), adhan/sound/vibration preferences, and manual location settings.
  • Permission states — Location, notification, and Screen Time permission statuses and when they were granted.
  • Selected apps for blocking — Encoded as opaque FamilyActivitySelection tokens. We cannot see the names of apps you select; we only store the encrypted token data needed to restore your blocking preferences across devices.
  • Subscription information — Plan name, status, start/end/renewal dates, trial period status, and transaction identifiers.
  • Good deed entries — Deed type, description, timestamp, and associated Barakah points.
  • Donation milestone records — Streak milestones (30, 60, 90+ days) for our charitable giving program.
  • Usage statistics — Total prayers logged, honor unlocks, snoozes used, emergency bypasses, Islamic excuses used, qada prayers logged, and feature usage flags (e.g., whether you have used the Qibla compass, Islamic calendar, analytics, widgets, or Watch app).

If you sign in with Apple, your email address and Apple authentication ID are additionally linked to your anonymous profile. This enables account recovery and multi-device access.

2. Telemetry and Diagnostics (Opt-In, Disabled by Default)

Diagnostic logging to our admin portal is disabled by default. You must explicitly enable it in Settings → Privacy. When enabled, the following data is sent to admin.momentechnologies.com:

  • Log entries — Structured event logs including category, message, severity level, and contextual metadata (e.g., error codes, network status, battery level, memory usage).
  • Device information — Device model, iOS version, app version, build number, vendor device token, timezone, and permission states.
  • User information — Name, age, gender, email (if provided), push notification token, prayer calculation method, madhab, and notification preferences.

You can disable telemetry at any time in Settings → Privacy. When disabled, logs are stored locally on your device only and are never transmitted.

3. Prayer Times API (Automatic)

To calculate accurate prayer times, your GPS coordinates (latitude and longitude) are sent to the Aladhan API (api.aladhan.com). No personal identification data, account information, or device identifiers are included in these requests. Only your coordinates and calculation method parameters are transmitted.

4. Hadith Content (Automatic, Read-Only)

The app fetches inspirational hadith text from cdn.jsdelivr.net (primary) and islamapi.vercel.app (fallback). These are anonymous, read-only API requests. No user data, device identifiers, or personal information is sent to these services.

5. Data That Stays on Your Device

The following data is stored locally and is never transmitted to any server:

  • Health data (menstruation tracking) — Used solely within the Islamic Excuse feature to respect valid prayer exemptions. This data is never sent to Supabase or any other service. While our cloud database schema includes menstruation fields, the app explicitly sets them to null in all cloud sync operations.
  • Camera and AR data — Qibla compass AR features process camera data entirely on-device.
  • FamilyControls shield state — Active blocking state is managed locally between the main app and its device extensions via on-device App Group storage.

How We Use Your Data

  • App functionality — Calculate prayer times, manage app blocking schedules, track prayer streaks, and provide personalized reminders.
  • Cloud backup and restore — Your prayer history, streaks, settings, and good deeds are synced to Supabase so they can be restored if you reinstall the app or sign in on a new device.
  • Account recovery — If you sign in with Apple, your data can be recovered and linked across devices.
  • Subscription management — Verify subscription status through Apple StoreKit and sync subscription state for cross-device consistency.
  • App improvement — When you opt in to telemetry, diagnostic logs help us identify and fix crashes, errors, and performance issues.
  • Charitable giving — Streak milestones trigger donation records that feed our community giving program.

External Services and Domains

SalahLock communicates with the following external services. We do not use any third-party advertising SDKs, analytics platforms (such as Google Analytics, Firebase, or Mixpanel), data brokers, or tracking services.

  • Supabase (cloud backend) — Stores user profiles, prayer completions, streaks, deeds, donation milestones, and subscription data. All data is encrypted in transit (TLS) and at rest. Row-level security policies restrict each user to their own data. Sync is automatic for all users via an anonymous user ID generated on install.
  • api.aladhan.com — Receives GPS coordinates to compute prayer times and Islamic calendar data. No personal data is shared.
  • admin.momentechnologies.com — Receives diagnostic logs and telemetry only when you opt in via Settings → Privacy. Disabled by default.
  • cdn.jsdelivr.net and islamapi.vercel.app — Serve hadith text content. Anonymous read-only requests; no user data is sent.
  • Apple StoreKit — Subscription and purchase management handled entirely by Apple's infrastructure.
  • Apple Sign In — Optional authentication for account recovery. Handled by Apple's identity service; we receive only the email and identity token you authorize.

Data Storage and Security

Local data is stored on your device using iOS Keychain (for authentication tokens) and encrypted UserDefaults. Cloud data is transmitted securely via TLS encryption and stored on Supabase with row-level security policies that ensure each user can only access their own records.

Your anonymous user ID is generated locally on first install. If you sign in with Apple, your authenticated identity is linked to this anonymous ID for account recovery purposes. Authentication tokens are stored securely in the iOS Keychain.

Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes. Your data may be shared only in these circumstances:

  • With Apple, as part of the standard App Store subscription and review process.
  • With our cloud backend (Supabase) for data sync and backup, as described above.
  • With our admin portal (admin.momentechnologies.com), only when you opt in to telemetry.
  • If required by law or legal process.

Data Tracking

SalahLock does not track you across other companies' apps or websites. We do not participate in any cross-app tracking or advertising identifier programs. Our app does not request the App Tracking Transparency (ATT) permission because we do not track users.

Your Rights

  • Access — All your prayer data is visible within the app at any time.
  • Deletion — You can delete your account and all server-side data by going to Settings → Account → Delete Account. If you are not signed in, the Delete Account option will prompt you to sign in with Apple first to verify ownership. All synced data (user profile, prayers, streaks, deeds, donations) is permanently removed from our servers. Uninstalling the app removes all local data.
  • Portability — Your prayer data can be exported from the app.
  • Opt-out of telemetry — Diagnostic logging is disabled by default and can be toggled at any time in Settings → Privacy.
  • Health data control — Menstruation tracking is entirely optional and stays on-device. It can be disabled at any time.

Children's Privacy

SalahLock is suitable for users of all ages. We do not knowingly collect personal information from children under 13 without parental consent. Family plan features are managed through Apple Family Sharing, which includes parental controls.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through the app or by posting the updated policy on our website. Your continued use of the app after changes constitutes acceptance.

Contact Us

If you have questions about this Privacy Policy or your data, please contact us at: development@momentechnologies.com

MOMEN TECHNOLOGIES LLC