Privacy Policy
Last Updated: October 2025
PrayBack (“we”, “us”) is a mobile application designed to support Islamic-themed spiritual recovery and help users overcome harmful habits. We are the data controller for information we process in connection with your use of the app.
1.1 You Provide
- Account & Profile: Email address and password (handled by Supabase Auth); basic profile preferences.
- Recovery Progress (optional): Streak counts and milestones if you provide.
1.2 Collected Automatically
- Device/App Info: Device model, OS version, app version.
- Diagnostics: Anonymous crash logs and performance data provided by Apple Diagnostics (only from users who opt in to share with developers).
1.3 Data Stored Locally Only (on your device)
The following stays on your device and is not sent to our servers:
- Relapse logs
- Penalty tasks and reminders
- Custom tasks
- Ghusl status
- Local statistics and insights
- App settings and theme
- Analytics Data: All behavioral analytics, usage patterns, and recovery insights are processed and stored entirely on your device
- AI Recovery Coach History: Conversation history is stored locally on your device only
Important: Local storage is on your device and uses device-level security.
1.4 Data Processed Remotely
Supabase (EU/Ireland):
- Authentication: Secure login/session management
- Minimal Sync: Streak counts and milestones (for cross-device use)
- Basic Profile: Email and preference flags needed for core features
- Current Streak days and XP for backup
- Community Forum: Posts, comments, likes, and interactions you share in the public forum
- Accountability Partnerships: Partnership requests, messages, and accountability check-ins with your partners
- Push Notification Tokens: For delivering app notifications
Vercel (AI Recovery Coach Backend):
- AI Conversations: When you interact with the AI Recovery Coach, your messages, recovery data and scenario analysis logs are sent to our Vercel-hosted backend to generate responses
- Temporary Processing: Messages are processed in real-time and are not permanently stored on Vercel servers
- Privacy: We do not retain your AI conversations on our backend; they remain stored only on your device
- Provide the App: Authentication, account management, and feature delivery
- Sync: Keep streak data consistent across your devices
- Community Features: Enable forum discussions and accountability partnerships between users
- Analytics: Process usage patterns locally on your device to provide personalized insights
- AI Recovery Coach: Provide AI-powered guidance and support entirely on your device
- Reminders: Local notifications for tasks and practice (configured by you)
- Improve & Secure the App: Diagnose crashes and performance issues via Apple Diagnostics
- Support: Respond to queries you send us
Lawful bases (UK GDPR): performance of a contract (to provide the app), legitimate interests (app safety and improvement), and consent (notifications/optional features).
Third-Party Providers
We use carefully selected providers to operate the app:
- Supabase – authentication, community features and synced data storage (region: EU/Ireland)
- Vercel – serverless hosting for AI Recovery Coach backend (processes messages in real-time, does not retain conversation data)
- Anthropic – Claude AI language model API accessed through our Vercel backend to generate AI Recovery Coach responses (subject to Anthropic’s data usage policies)
- Apple Diagnostics – anonymized crash and performance reports (opt-in only)
- Expo Services – build and deployment tooling (no user tracking)
We do not use advertising networks or sell your data.
Data Storage, Security & Transfers
When you post in the community forum or send messages to accountability partners, this information is stored on our servers and visible to other users as intended by the feature. You control what you share.
AI Recovery Coach Privacy
When you use the AI Recovery Coach:
- Your messages are sent to our Vercel-hosted backend for processing
- The backend forwards your message to Anthropic’s Claude API to generate a response
- Messages are processed in real-time and are not permanently stored on our servers
- Your conversation history remains stored only on your device
- Anthropic may process your messages according to their data usage policies (see: https://www.anthropic.com/legal/privacy)
- We implement safeguards to protect the privacy of your recovery journey
Analytics Privacy
Your analytics data (usage patterns, behavioral insights) never leaves your device, ensuring maximum privacy for sensitive recovery information.
International Transfers
Where data is processed outside the UK/EU, we rely on appropriate safeguards (e.g., Standard Contractual Clauses). No method of storage or transmission is 100% secure. We take reasonable measures to protect your information.
Retention
- Local data: You control it; delete in-app or uninstall to remove.
- Cloud data: Retained while your account is active.
Your Rights (UK/EU)
You can request: access, correction, erasure, restriction, portability, or objection to processing where applicable. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
To exercise rights, contact: Support@PrayBack.app.
Children’s Privacy
PrayBack is not directed to children under 17, consistent with the app’s App Store rating. We do not knowingly collect personal information from children. If you believe a child has provided data, contact us to remove it.
Subscriptions & Payments
All purchases are processed by the Apple App Store. We do not receive or store your payment card details. We only receive subscription status (active/inactive) via Apple’s APIs.
Changes to This Policy
We may update this policy. We’ll post changes in-app and update the “Last Updated” date. Material changes may also be notified by email (if provided).
- Email: Support@PrayBack.app
- Company: MIU Labs Ltd (UK Registered Company)