Privacy Policy

Last updated: May 12, 2026

This policy describes what Quran Pods collects, how we use it, and the choices you have. We have written it to be short and specific to what we actually do.

1. What we collect

Account data — email address, password hash, and session records, managed by our authentication library and stored in our database hosted on Cloudflare.
Quran Foundation OAuth tokens — when you link a Quran Foundation account, we store the access token, refresh token, expiry, and the scopes you granted, so we can call the QF API on your behalf.
Pod data — pods you generate, plays, listening duration, and daily companion picks. Used to power your dashboard and recommendations.
Quran Foundation user data — when you trigger an action that calls Quran Foundation (e.g. viewing bookmarks or notes), our server proxies the request with your token. We do not persist the QF response bodies on our servers.

2. What we do NOT collect

We do not run analytics SDKs, third-party error tracking, advertising identifiers, or social-media trackers. We do not sell your data.

3. Cookies

We set one HTTP-only session cookie issued by our authentication library so that we can keep you signed in. We do not set any tracking or advertising cookies.

4. How we use data

We use the data above to operate the Service: authenticate you, generate pods, surface your bookmarks and notes from Quran Foundation, and remember your preferences across devices.

5. Sharing

We share data only as needed to operate the Service: requests to Quran Foundation APIs on your behalf (using the token you authorized), and prompts to our AI text and audio generation providers for the purpose of producing your pods. These prompts include Quran content and the generation parameters you chose, not your personal identifiers beyond what is necessary.

6. Data retention

Account and pod data are retained until you delete your account. Quran Foundation OAuth tokens can be revoked at any time by unlinking the connection from your Settings page or by revoking authorization directly with Quran Foundation; once revoked, the stored tokens are unusable.

7. Your rights

You may request export or deletion of your data, or ask any question about how we handle your data, by emailing moh.agboola@gmail.com.

8. Security

Passwords are hashed before storage. Quran Foundation tokens are stored server-side and are never exposed to browsers. All traffic is served over HTTPS.

9. Changes

We may update this policy from time to time. Material changes will be highlighted on this page.

10. Contact

Questions or concerns? Email moh.agboola@gmail.com.