Privacy Policy

Last updated: January 17, 2025

Introduction

FirstSalah ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our prayer times calendar synchronization service.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (stored securely using industry-standard hashing)

Location Information

To calculate accurate prayer times, we store:

  • City and country
  • Latitude and longitude coordinates
  • Timezone

This information is provided by you and is not automatically collected through device location services.

Calendar Data

When you connect your Google Calendar or Microsoft Outlook account, we access:

  • The ability to create, update, and delete calendar events (prayer time blocks only)
  • Your calendar list to allow you to select which calendar to sync to

We do not read, store, or access any of your existing calendar events. We only write prayer time events that we create and manage the events we have created.

Prayer Preferences

We store your prayer calculation preferences:

  • Calculation method (e.g., Muslim World League, ISNA, Umm al-Qura)
  • Madhab preference for Asr time (Shafi'i or Hanafi)
  • Which prayers to sync (Fajr, Dhuhr, Asr, Maghrib, Isha)
  • Prayer event duration
  • Privacy preferences (showing as "Personal Time" vs prayer names)

How We Use Your Information

We use the collected information solely to:

  • Calculate accurate prayer times for your location
  • Create and manage prayer time events on your connected calendars
  • Maintain and improve our service
  • Communicate with you about your account or service updates

We do not sell, rent, or share your personal information with third parties for marketing purposes.

Google Calendar Integration

FirstSalah's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we:

  • Only request the minimum permissions needed (calendar.events scope)
  • Only use calendar access to create and manage prayer time events
  • Do not use Google data for advertising purposes
  • Do not allow humans to read your calendar data unless you explicitly consent
  • Store OAuth tokens securely and use them only for the stated purposes

Microsoft Outlook Integration

When connecting Microsoft Outlook, we request the Calendars.ReadWrite permission to:

  • Create prayer time events on your selected calendar
  • Update events when prayer times change
  • Delete events we created when you disconnect or change settings

We do not access, read, or store your existing Outlook calendar events.

Data Storage and Security

We take the security of your data seriously:

  • All data is stored securely using Supabase with encryption at rest
  • OAuth tokens are encrypted and stored securely
  • All communications use HTTPS/TLS encryption
  • We implement row-level security to ensure users can only access their own data
  • Passwords are hashed using industry-standard algorithms

Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • Your account information and preferences will be permanently deleted
  • Your OAuth tokens will be revoked and deleted
  • Prayer events created on your calendars will remain (you can delete them manually)

Your Rights

You have the right to:

  • Access your personal data stored in our service
  • Correct inaccurate data in your settings
  • Delete your account and all associated data
  • Disconnect calendar integrations at any time
  • Export your data upon request

Third-Party Services

We use the following third-party services:

  • Supabase: Database and authentication hosting
  • Vercel: Application hosting
  • AlAdhan API: Prayer time calculations (we send only location coordinates, no personal data)
  • Google Calendar API: Calendar event management
  • Microsoft Graph API: Outlook calendar event management

Children's Privacy

FirstSalah is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: privacy@firstsalah.com