Legal

Privacy Policy

Last updated: 13 June 2026

This Privacy Policy describes how Rukna collects, uses, processes, shares, and protects Your information when You use the Rukna mobile application, website, and related services (collectively, the "Service"). By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Rukna is operated by TA, an individual sole trader based in the United Kingdom (referred to in this Policy as "Rukna," "We," "Us," or "Our"). For all questions, requests, and rights under UK data-protection law, contact support@rukna.app.

1Interpretation and Definitions

1.1 Interpretation

Capitalized terms have the meanings assigned to them in this Policy. Definitions apply regardless of whether the terms appear in singular or plural.

1.2 Definitions

  • Account means the unique profile created for You to access the Service.
  • Application means the Rukna mobile application for iOS.
  • Rukna, We, Us, or Our means the sole trader operating the Service from the United Kingdom, contactable at support@rukna.app.
  • Device means any device used to access the Service.
  • Personal Data means information that identifies or can reasonably be linked to an identifiable individual, as defined in the UK GDPR.
  • Profile Data means information You provide about Yourself, including optional display name, optional date of birth, gender, prayer goals, and reminder preferences.
  • Timetable Data means images of printed prayer timetables You upload to the Service, together with the structured prayer-time information We extract from them.
  • Usage Data means data collected automatically through use of the Service, including device information, activity logs, and analytics events.
  • User Content means images, text, metadata, or other inputs You upload or submit through the Service, including Timetable Data.
  • Sub-processor means any third party that processes Personal Data on Our behalf to help deliver the Service.
  • Website means rukna.app and any associated subdomains.
  • You means the individual using the Service.

2Types of Data We Collect

We collect the categories of data described below.

2.1 Identity Data You Provide

When You create an Account, We collect:

  • Sign-in identifier from Apple (Sign in with Apple) or Google (Sign in with Google), where You choose those options
  • Your email address, used either to sign in with a one-time emailed code or, with Apple sign-in, as the address Apple shares (which You may choose to hide via Apple's private relay)
  • Optional display name

2.2 Profile Data

To personalise the Service, You may provide:

  • Date of birth
  • Gender
  • Prayer goals and reminder preferences
  • Any other Profile Data You choose to enter

You decide which Profile Data to provide. The Service will function without this information, but personalisation features will be limited.

2.3 Timetable Images and Extracted Data

To provide the Service's core feature, You upload images of printed prayer timetables. For each image:

  • The image is transmitted through Our infrastructure to Our AI processing provider for extraction of structured prayer times.
  • We store the structured prayer-time data (mosque name, daily prayer times, month) on Your Account so You can use it across Your devices and restore it after reinstall.
  • We do not store the original image at rest. The image is held only for the duration of the extraction request and then discarded.

2.4 Usage Data

We automatically collect:

  • Device type, operating system version, and Application version
  • Build number, locale region (e.g. "GB"), and time zone
  • Session identifiers and counts
  • Product analytics events describing how features are used (including events generated as You move through onboarding and other in-app flows)
  • Crash diagnostics and performance data (processed by Sentry, see Section 5)
  • A push-notification device token and Your device time zone, used to schedule and deliver prayer reminders (see Section 3)
  • Approximate IP address (visible to Our network sub-processors at the time of a request). We do not store Your raw IP address; for security and abuse-prevention We retain only a salted, rotating one-way hash of it.

This data helps Us secure, improve, and optimise the Service.

2.5 Cookies and Tracking Technologies

The Website does not set first-party tracking cookies and does not include third-party analytics scripts. When You load the Website, Your browser fetches styling and font resources from Tailwind CDN (cdn.tailwindcss.com), Inter (rsms.me), and Google Fonts (fonts.googleapis.com / fonts.gstatic.com); those providers will see Your IP address and User-Agent as part of the request, as is normal for any third-party CDN. The Application does not use web cookies.

3How We Use Your Data

3.1 To Provide and Improve the Service

  • Extract prayer times from Your timetable images
  • Synchronise Your Account, Profile Data, prayer logs, streaks, and reminders across Your devices
  • Schedule prayer reminders, delivered as on-device notifications and, where push notifications are enabled, as push notifications sent through Apple's push service
  • Personalise content and recommendations
  • Operate referral and invitation features, where You choose to use them
  • Manage subscriptions, paywalls, and entitlements
  • Diagnose, debug, and stabilise the Service

3.2 To Improve AI Extraction

We may use anonymised or aggregated User Content, including Timetable images and the data extracted from them, to:

  • Train and improve the AI models We use for extraction
  • Enhance the accuracy of timetable recognition
  • Improve overall product performance

Such use is strictly anonymised or aggregated and not linked to Your identity.

3.3 Communications

We may contact You about:

  • Updates and new features
  • Service-related notifications, including security alerts
  • Customer support responses

3.4 Marketing (Opt-In Only)

We will only send You promotional or marketing messages if You have given Us prior, freely-given, specific, informed, and unambiguous consent (for example, by ticking an opt-in checkbox in Settings). You can withdraw that consent at any time, either from Settings or by contacting Us at support@rukna.app. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

3.5 Legal and Compliance

We may use Your data to:

  • Detect, investigate, and prevent fraud, abuse, or security incidents
  • Comply with applicable law, regulation, and lawful requests from authorities
  • Establish, exercise, or defend legal claims

3.6 Business Transfers

If We are involved in a merger, acquisition, financing, asset sale, or other corporate transaction, Your information may be transferred as permitted by law. You will be notified before Your Personal Data becomes subject to a different privacy policy.

4Legal Bases for Processing

Under the UK GDPR, We rely on the following lawful bases (Article 6 of the UK GDPR):

  • Performance of a contract — to provide the Service to You under these terms (for example, creating Your Account, processing Your timetable images, syncing Your prayer logs).
  • Consent — for marketing communications, optional Profile Data You choose to provide, and any optional analytics where We rely on consent.
  • Legitimate interests — to keep the Service secure, prevent abuse, debug and improve the Service, and operate Our business in a sustainable way. We balance these interests against Your rights and interests.
  • Compliance with a legal obligation — to meet Our obligations under applicable law and regulator guidance.

You have the right to object to, or withdraw consent for, processing — see Section 9 below.

5Sub-processors

We use the following Sub-processors to deliver the Service. Each Sub-processor is bound by contractual obligations to process Personal Data only on Our instructions and to apply appropriate security safeguards.

  • OpenAI, L.L.C. (United States) — performs the AI extraction of prayer times from Your timetable images. Images are transmitted to OpenAI as part of the extraction request. Under OpenAI's API data-handling commitments, customer API inputs are not used to train OpenAI models, but inputs may be retained by OpenAI for up to 30 days for abuse and misuse monitoring before deletion. We do not currently operate under a Zero Data Retention contract with OpenAI.
  • Cloudflare, Inc. (United States; global edge) — hosts and serves the rukna.app Website through its global content-delivery network and provides DNS for the rukna.app domain. Cloudflare sees the IP address and request metadata of visitors to the Website.
  • Supabase Inc. (United Kingdom region, London) — hosts Your Account, Profile Data, prayer logs, streaks, reminders, extracted Timetable Data, and Your push-notification device token.
  • Apple Inc. (United States) — provides Sign in with Apple authentication, processes Your In-App Purchases through the App Store, and delivers push notifications through the Apple Push Notification service. A push notification carries only a generic prayer reminder (for example, the prayer name); it contains no name, email, or account identifier.
  • Google LLC / Alphabet Inc. (United States) — provides Sign in with Google authentication, where You choose that sign-in option.
  • Superwall Inc. (United States) — orchestrates paywall display and entitlement state for In-App Purchases. Superwall receives anonymous engagement signals (session count, streak counts, locale region, days-since-install) and Your account identifier; it does not receive Your name or email.
  • Mixpanel, Inc. (United States) — processes product analytics events, where You have not opted out. Receives an anonymous per-install identifier and event properties such as App version, session count, and feature interactions.
  • Sentry (Functional Software, Inc., United States; data stored in Sentry's EU region) — processes crash reports and a sampled set of performance metrics so We can detect and fix stability problems. Configured to send no IP address, no screenshots, and no view-hierarchy data, and to strip network-request details before transmission. You are identified to Sentry only by an anonymous per-install identifier, never by name or email.

This list may be updated as the Service evolves. Material changes are communicated as described in Section 14.

6User Content and License Rights

By submitting User Content (including timetable images), You grant Rukna a worldwide, royalty-free, sublicensable license to use, store, process, reproduce, modify, and create derivative works from Your User Content solely to operate, maintain, and improve the Service, including internal AI model training and evaluation conducted on anonymised or aggregated content.

We do not publicly display Your User Content without Your express consent.

We do not retain raw timetable images at rest. Once an extraction completes, the original image is discarded.

7Retention of Data

We retain Personal Data only for as long as necessary for the purposes described in this Policy or as required by law:

  • Identity Data and Profile Data — for as long as Your Account is active.
  • Extracted Timetable Data — for as long as Your Account is active or until You delete it.
  • Original timetable images — not retained at rest; held in transit only for the duration of an extraction request.
  • Usage Data and analytics events — retained for the period set by each analytics Sub-processor's default retention policy.
  • Backups — for limited periods as part of standard, industry-typical disaster-recovery practice.

When You delete Your Account, We delete or anonymise Your Personal Data within 30 days, except where We are required by law to retain it (for example, to meet tax or audit obligations).

OpenAI's default 30-day API retention applies to images transmitted for extraction, as described in Section 5.

8International Data Transfers

Your Account data is hosted in the United Kingdom (Supabase's London region), so it is not transferred outside the UK for primary storage. The United Kingdom currently recognises the European Economic Area as providing adequate protection, so any processing in the EEA (for example, Sentry's EU data region) does not require additional safeguards.

Some Sub-processors are based outside the UK and EEA, including in the United States (for example, OpenAI, Apple, Mixpanel, and Superwall). Where Personal Data is transferred to those Sub-processors, We rely on appropriate transfer mechanisms recognised by the UK regulator, including:

  • The UK International Data Transfer Addendum to the European Commission's Standard Contractual Clauses ("UK IDTA"), and
  • The European Commission's Standard Contractual Clauses ("EU SCCs") where applicable.

You can request a copy of the transfer safeguards in place by contacting Us at support@rukna.app.

9Your Rights

Under the UK GDPR and Data Protection Act 2018, You have the right to:

  • Access the Personal Data We hold about You
  • Rectify inaccurate or incomplete Personal Data
  • Erase Your Personal Data ("right to be forgotten")
  • Restrict Our processing in certain circumstances
  • Object to processing based on legitimate interests or to direct marketing
  • Receive a copy of Your Personal Data in a portable, machine-readable format (data portability)
  • Withdraw consent at any time where We rely on consent
  • Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects

You can exercise these rights from Settings → Account in the Application or by emailing support@rukna.app. We will respond within one month, as required by the UK GDPR. We will not charge You a fee for exercising Your rights, except where requests are manifestly unfounded or excessive.

If You are not satisfied with Our response, You have the right to lodge a complaint with the Information Commissioner's Office, the UK supervisory authority for data protection: ico.org.uk.

10Deleting Your Personal Data

You may delete Your Account at any time from Settings → Account → Delete Account. When You do:

  • Your Account, Profile Data, prayer logs, streaks, reminders, extracted Timetable Data, and push-notification device token are deleted from Our backend
  • Your local on-device data is wiped
  • We instruct Mixpanel to delete the analytics profile associated with Your installation
  • Your scheduled notifications, including push reminders, are cancelled

Some data may persist for a limited period in encrypted backups or where We are legally required to retain it; this data is not actively used and is purged on the standard backup-retention schedule. Where We must keep a record that an account was closed (for example, to prevent the re-creation of a banned account or to meet a legal obligation), We retain only the minimum information necessary for that purpose.

11Security

We use administrative, technical, and physical safeguards to protect Your data, including:

  • Encryption in transit (TLS 1.2 or higher) for all network communications
  • Encryption at rest using industry-standard mechanisms provided by Our infrastructure Sub-processors
  • API keys and secrets stored in encrypted secret stores; never embedded in the iOS bundle
  • Verbose diagnostic logs written to the device's system log only and not transmitted off the device; crash reports and sampled performance metrics are sent to Sentry (see Section 5) stripped of personal data
  • Security event logs that store only a salted, rotating one-way hash of Your IP address, never the raw address
  • Principle of least privilege for administrative access

No online system is entirely secure. If You believe Your Account has been compromised, contact Us immediately at support@rukna.app.

12Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect Personal Data from children under 13. If You are between 13 and 17, You may only use the Service with the consent and supervision of a parent or legal guardian, who agrees to be responsible for Your use of the Service.

If We become aware that a person under 13 has provided Us with Personal Data, We will delete that Personal Data and the associated Account. If You believe a child under 13 has provided Personal Data to Us, please contact support@rukna.app.

13Third-Party Links

The Service may contain links to third-party websites or services, including the App Store, social media, and external content. Their privacy practices are their own. We do not control or endorse them and are not responsible for their content or privacy practices. We encourage You to review the privacy policies of any third-party services You use.

14Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updates become effective when posted on this page, with the "Last updated" date refreshed. For material changes, We will notify You through the Application or by other reasonable means before the changes take effect.

15Contact Us

If You have questions, requests, or complaints related to this Privacy Policy or Your Personal Data, You can reach Us at:

You also have the right to lodge a complaint with the Information Commissioner's Office (ico.org.uk) at any time.