NoorBloom (“we”, “us”, or “our”) operates the NoorBloom mobile application (the “App”). We are committed to protecting your privacy, particularly given the deeply personal and faith-based nature of our services. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights over it.
By downloading or using NoorBloom, you agree to the collection and use of information as described in this Policy. Where applicable law requires consent as the legal basis, your continued use constitutes consent only after you have been presented with the required consent mechanism.
1. Information We Collect
1.1 Account Information
When you create a NoorBloom account, we collect:
- Email address — used to authenticate your account and send service communications.
- Display name — used to personalize your experience (e.g., greeting you and customizing duas).
- Encrypted password — stored as a one-way hash; never accessible in plain text by us or any third party.
- Authentication token from Apple or Google — if you use Sign In with Apple or Sign In with Google, we receive only a unique identifier; we do not receive your Apple or Google password.
- Subscription status — to determine which features you are entitled to access.
Sign In with Apple
If you choose to hide your email address via Apple’s private relay, we respect and honor this choice. We will never attempt to identify or link a hidden Apple email to your real identity.
1.2 Location Data
We request access to your device location only for two specific religious features:
- Prayer Times — to calculate accurate Fajr, Sunrise, Dhuhr, Asr, Maghrib, and Isha times for your location.
- Qibla Compass — to determine the direction of the Kaaba relative to your position.
✓ Our Location Commitment
Your precise location coordinates are used only in-app at the time of your request to compute prayer times and Qibla direction. We do not store a history of your location on our servers. We do not sell, share, or use your location for advertising, tracking, or any surveillance purpose whatsoever.
1.3 Content You Create
- Dua requests — when you use “Dua for Loved Ones,” you enter a name and context (e.g., “Zehra — exam motivation”). This text is sent to our AI backend to generate a personalized dua. This input is not retained on our servers after generation.
- Affirmation mood selections — your selected mood (e.g., Happy, Sad, Anxious) is used to retrieve relevant Islamic affirmations. See Section 2 for sensitive data treatment.
- Reflections Diary entries — your diary entries are written and stored locally on your device only. We do not proactively upload your diary to our servers.
Important qualification regarding AI Reflection: If you choose to tap the AI reflection button for a specific diary entry, the text of that entry is transmitted to our AI service to generate an Islamic reflection. This transmission is user-initiated, one-time, and the text is immediately discarded by our service upon returning the reflection. It is never stored, indexed, or associated with your identity on our servers.
1.4 Usage and Analytics Data
To understand how the app is used and improve it, we collect automatically:
- Features accessed and frequency of use
- App version, device type, operating system, and language
- Session duration and navigation patterns (anonymous)
- Crash reports and error logs
- In-app purchase events (subscription activation, renewal)
This data is collected via Firebase Analytics and Firebase Crashlytics and is pseudonymized or aggregated before analysis. It is not linked to your identity without separate disclosure.
1.5 Payment Information
All payments for NoorBloom Premium are processed exclusively through Apple’s App Store. We do not collect, store, or have access to your credit card or payment details. Apple’s payment processing is governed by Apple’s own privacy policy and terms.
2. Sensitive Data Categories
Certain data we process falls into legally protected “special categories” that require heightened care and, in most jurisdictions, your explicit consent before we may process them.
| Data Type |
Why It’s Sensitive |
How We Handle It |
Legal Basis |
Religious Belief Data
Inferred from use of Islamic features |
GDPR Art. 9(1); KVKK Art. 6 |
Used solely to power Islamic features. Never sold. Never shared with advertisers. |
Explicit consent (GDPR Art. 9(2)(a)); performance of contract |
Emotional / Mental Health Data
Mood selections in Affirmations |
Health-adjacent data; reveals psychological state |
Used only to retrieve relevant affirmations in-session. Not stored beyond session. |
Explicit consent at onboarding; can be withdrawn at any time |
Personal Diary Content
Reflections Diary entries |
Highly personal intimate thoughts |
Stored locally on device only. Never uploaded unless AI reflection requested. |
User-initiated action; explicit consent for AI processing |
Third-Party Personal Data
Names in “Dua for Loved Ones” |
Personal data of individuals who have not consented |
Used only to generate the requested dua. Not stored. |
User’s responsibility; our processing is strictly transient |
Your Responsibility for Third-Party Data
When you enter another person’s name and personal circumstances into the Dua for Loved Ones feature, you are the data controller for that individual’s data. Please ensure you have permission to share another person’s personal details with our service.
3. AI-Powered Features & Data Processing
NoorBloom uses artificial intelligence to power three features. We are committed to full transparency about how your data is used in these features.
3.1 Dua Generator (AI)
- Input: Name of the person the dua is for; context you provide.
- Processing: Input is sent to our AI service to generate a personalized Islamic supplication.
- Retention: Input data is not stored on our servers after generation.
- AI Training: Your dua inputs are not used to train AI models without separate explicit opt-in consent.
3.2 Reflections Diary AI
- Input: When you tap the AI reflection button, you share the entry focus and your diary text with our AI service.
- Processing: The text is processed to generate an Islamic reflection enriched with Quran and Hadith.
- Retention: Diary text shared for AI reflection is immediately discarded upon returning the reflection.
- Default: Diary entries not shared for AI reflection are never transmitted from your device.
3.3 Affirmations (AI-Assisted)
- Your mood selection is used to retrieve relevant affirmations.
- Mood selections are not stored linked to your long-term profile beyond the current session.
✓ Our AI Commitment
We do not use your personal spiritual data, diary entries, or emotional state to train AI models without your separate and explicit consent. If we ever consider this in the future, we will ask for your opt-in at that time.
4. How We Use Your Information
| Purpose |
Legal Basis (GDPR) |
Data Used |
| Provide and maintain the App | Performance of contract (Art. 6(1)(b)) | Account info, location, content, usage data |
| Authenticate your account | Performance of contract (Art. 6(1)(b)) | Email, password hash, authentication token |
| Personalize your experience | Consent (Art. 6(1)(a)); legitimate interest | Name, usage patterns, content preferences |
| Process subscription payments | Performance of contract (Art. 6(1)(b)) | Subscription status via Apple |
| Send prayer time notifications | Consent (Art. 6(1)(a)) | Location, push token |
| Improve app performance and fix bugs | Legitimate interest (Art. 6(1)(f)) | Crash logs, aggregated usage data |
| Process religious/mood sensitive data | Explicit consent (Art. 9(2)(a)) | Mood selections, dua inputs, shared diary text |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) | Account info, transaction records |
| Notify you of material policy changes | Legal obligation / legitimate interest | Email address |
We Do NOT Use Your Data For:
- Targeted or behavioral advertising
- Selling your data to third parties, data brokers, or marketers
- Profiling based on your religious practices
- Government surveillance or intelligence purposes (except when legally compelled)
- Any purpose beyond what is described in this Policy
App Store Privacy “Nutrition Labels” — Reference Guide
Data Linked to You: Contact Info (email); Identifiers (Firebase user ID); Purchase History (subscription status); Usage Data.
Data Not Linked to You: Diagnostics (crash logs); Analytics (anonymous metrics); Approximate Location.
Data Not Collected: Health & Fitness; Financial Info; Browsing History; Contacts; Messages.
Sensitive Mood Data: Collected in-session only, not stored linked to your identity.
5. How We Share Information
We do not sell, rent, or trade your personal data. We share your information only in the following limited circumstances:
5.1 Service Providers (Data Processors)
- Google Firebase — authentication, cloud database, analytics, crash reporting (US-based; SCCs in place)
- Apple Inc. — payment processing, Sign In with Apple authentication
- AI Processing Provider — temporary processing of dua and diary inputs (data not retained post-generation)
5.2 Legal Requirements
We may disclose your data if required by law, court order, or governmental authority.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity with advance notice.
5.4 With Your Consent
For any sharing not covered above, we will ask for your explicit consent.
✓ We Will Never Share Your Data With:
Data brokers · Advertisers · Political organizations · Government intelligence agencies (absent a lawful order) · Marketing companies · Any entity that will use it contrary to this Policy
6. Third-Party Services
6.1 Firebase by Google
Firebase provides authentication, cloud database (Firestore), analytics, and crash reporting. Firebase is certified under SOC 2 and ISO 27001.
Firebase Privacy: https://firebase.google.com/support/privacy
6.2 Sign In with Apple
Apple provides a unique identifier. If you hide your email, Apple’s private relay manages the email.
6.3 Sign In with Google
Google provides your email and basic profile information.
6.4 Apple In-App Purchases
Payment is handled entirely by Apple. We receive only confirmation of purchase and subscription status.
7. Data Security
We implement industry-standard technical and organisational security measures:
- All data in transit is encrypted using TLS 1.2 or higher
- Passwords are stored as one-way cryptographic hashes (bcrypt)
- Firebase data is encrypted at rest (AES-256)
- Diary entries never leave your device in unencrypted form
- Access to production systems is on a strict need-to-know basis
- Regular security reviews of third-party integrations
While we implement these measures, no method of transmission over the Internet is 100% secure. In the event of a data breach, we will notify you and relevant supervisory authorities within required timeframes.
8. Data Retention & Deletion
8.1 Retention Periods
| Data Type | Retention Period |
|---|
| Account information | Until account deletion + 30 days |
| Reflections Diary entries | Device-only; deleted when you delete the app or your account |
| Dua inputs (AI processing) | Immediately discarded after generation |
| Mood selections | Session only; not persisted to server |
| Firebase Analytics (anonymous) | Up to 14 months; then aggregated/deleted |
| Crash logs | 90 days |
| Transaction records | As required by applicable law (typically 5–7 years) |
8.2 How to Delete Your Account
You may delete your account at any time:
- Open NoorBloom → Profile
- Tap Settings
- Select Delete Account
- Confirm deletion
All personal data will be permanently erased within 30 days, except where retention is required by law. Alternatively, email noorbloomapp@gmail.com.
9. Your Privacy Rights
Subject to applicable law, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your data.
- Data Portability: Receive your data in a portable format (JSON or CSV).
- Withdraw Consent: Withdraw any consent at any time.
- Object to Processing: Object to processing based on legitimate interests.
- Restrict Processing: Request restriction in certain circumstances.
- Opt Out: Disable location, notifications, or analytics through device Settings.
Contact: noorbloomapp@gmail.com. Response within 30 days (extendable to 90 for complex requests).
10. Children’s Privacy
NoorBloom is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you are a parent and believe your child has provided data, contact us at noorbloomapp@gmail.com and we will delete it promptly.
11. International Data Transfers
Your data may be transferred to and processed in the United States (Firebase/Google Cloud). We safeguard such transfers by:
- EU/EEA/UK users: Standard Contractual Clauses (SCCs) with Firebase/Google.
- Turkish users: KVKK Article 9 compliance, including explicit consent.
- All users: Service providers certified under SOC 2 and ISO 27001.
12. Additional Rights — EEA, UK, Switzerland (GDPR)
12.1 Data Controller
The data controller is the company operating NoorBloom as identified in the Contact section.
12.2 Additional Rights
- Right to Object (Article 6(1)(f)) at any time.
- Right to Restrict Processing (Article 18 GDPR).
- Right to Lodge a Complaint with your national supervisory authority: edpb.europa.eu
GDPR Art. 9 — Explicit Consent for Sensitive Data: How It Works
Before processing your religious and emotional/mental health data, we obtain explicit consent through a dedicated consent screen at onboarding. This screen:
- Identifies the specific types of sensitive data
- Explains the purpose of processing
- Provides clear Yes/Consent and No/Decline options (no pre-ticked boxes)
- Explains that declining limits certain features but does not prevent basic use
Withdrawing consent: Via Profile → Settings → Privacy Preferences → Manage Consent, or email
noorbloomapp@gmail.com.
13. Additional Rights — California (CCPA / CPRA)
- Right to Know: Request info about categories and specific pieces of personal information collected.
- Right to Delete: Request deletion of your personal information.
- Right to Correct: Request correction of inaccurate information.
- Right to Opt Out: We do not sell personal information or share it for cross-context behavioral advertising.
- Right to Limit Sensitive Data: Limit use of sensitive personal information.
- Non-Discrimination: We will not discriminate for exercising these rights.
Contact: noorbloomapp@gmail.com with “California Privacy Request” in the subject line.
14. Additional Rights — Turkey (KVKK)
- Data controller: the operator of NoorBloom identified in the Contact section.
- Religious belief data: special category under KVKK Article 6, processed only with explicit consent.
- KVKK Article 11 rights: learn whether data is processed; request information; request correction, deletion, or destruction; object to adverse outcomes from automated processing.
- Contact: noorbloomlegal@gmail.com
- International transfer: per KVKK Article 9 with your explicit consent.
15. Changes to This Privacy Policy
We may update this Policy periodically. We will notify you of material changes by:
- Posting an in-app notification
- Sending an email to your registered address
- Updating the “Effective Date” at the top
If changes require fresh consent, we will present a new consent request.