Legal

Privacy Policy

We believe you have a right to know exactly what data we collect, why, and how it is protected. No legalese — plain language.

Last updated: April 2026

01 Data We Collect

We collect the minimum data necessary to operate the platform. We do not build advertising profiles and we do not sell personal data to any party.

When you visit without signing in:

  • Standard server logs: IP address (truncated to /24), browser user agent, requested URL, timestamp. These are retained for 14 days for security monitoring then deleted.
  • Performance metrics (page load time, error rates) collected in aggregate, non-personally-identifiable form via Cloudflare Analytics.

When you sign in (Google OAuth):

  • Your name, email address, and profile photo as provided by Google.
  • A unique user ID generated by AlHudah (separate from your Google ID).
  • Reading progress, bookmarks, and personal notes you explicitly create.
  • Theme preference and language selection (stored locally in your browser and optionally synced to your account).
We never receive or store your Google password. Authentication is handled entirely by Google's Identity Services using industry-standard OAuth 2.0.

02 How We Use Your Data

We use collected data for the following purposes only:

  • Providing the core service: displaying the Quran, translations, and tafsir.
  • Syncing your reading progress and bookmarks across devices when signed in.
  • Personalising your reading experience (font size, theme, preferred translation).
  • Detecting and preventing abuse, spam, and unauthorised access.
  • Understanding aggregate usage patterns to improve the platform — always in non-identifiable, statistical form.
  • Sending transactional emails you explicitly request (e.g., password reset, account notifications).

We do not use your data to train AI models, target advertisements, or share with marketing partners.

03 Cookies & Local Storage

AlHudah uses browser cookies and localStorage to store your preferences locally on your device. These are divided into two categories:

Strictly necessary (always active):

  • alhudah-theme — stores your light/dark theme choice.
  • alhudah-cookie-consent — records your cookie consent decision.
  • Session authentication token when signed in (httpOnly, secure flag set).

Optional (require consent):

  • Reading progress and last-opened surah (stored locally).
  • Cloudflare performance cookies for edge caching optimisation.

You can withdraw consent at any time by clicking "Decline optional" in the cookie banner or by clearing your browser storage. Declining optional cookies does not affect your ability to read the Quran or use core features.

04 Third-Party Services

AlHudah integrates with the following third-party services. Each has its own privacy policy:

  • Supabase — our database and authentication backend, hosted on AWS infrastructure. Data is stored in a region you can enquire about. Supabase's privacy policy applies to data at rest and in transit.
  • Google Identity Services — used for "Sign in with Google" functionality. Google's privacy policy governs the authentication flow. We only receive the data Google provides after your explicit consent.
  • Cloudflare Pages & CDN — our hosting and global content delivery provider. Cloudflare may process your IP and request metadata as part of its edge network operations.
  • OpenAI — used for AI-powered semantic search queries. Search queries you submit may be processed by OpenAI's API. We do not send personally identifiable information with search queries. OpenAI's data usage policy applies.
We have not integrated any advertising networks, social tracking pixels, or analytics services that build personal profiles.

05 Data Storage & Security

Account data is stored in Supabase with encryption at rest (AES-256) and in transit (TLS 1.3). Access to the database is restricted to authenticated server processes — no employee has routine access to individual user data.

Backups are performed daily and retained for 30 days. Backup files are encrypted and stored separately from the primary database.

We use row-level security policies in Supabase so that each user's data is only accessible to their own authenticated session. Even in the event of a misconfiguration, no user can access another user's reading history or notes.

In the event of a data breach affecting personal information, we will notify affected users by email within 72 hours of becoming aware, in accordance with GDPR obligations.

06 Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of all personal data we hold about you.
  • Correction — request correction of inaccurate or incomplete data.
  • Deletion — request deletion of your account and all associated personal data. This is processed within 30 days.
  • Portability — receive your bookmarks, notes, and reading history in a machine-readable format (JSON).
  • Objection — object to any processing of your data that you believe is not justified.

To exercise any of these rights, contact us at ehsaasradio@gmail.com with "Privacy Request" in the subject line.

07 Children

AlHudah does not knowingly collect personal data from children under the age of 13. The platform's content is appropriate for all ages, but account registration requires a Google account, which itself requires users to meet minimum age requirements. If you believe a child has created an account without parental consent, contact us and we will delete the account promptly.

08 Changes to This Policy

We may update this Privacy Policy as our services evolve or legal requirements change. When we make material changes, we will notify signed-in users by email and update the "Last updated" date at the top of this page. Continued use of AlHudah after the effective date of any change constitutes acceptance of the updated policy.

We will not retroactively change how we use data you have already provided without your explicit consent.

09 Contact

For any privacy-related enquiries, requests, or concerns, reach us at:

ehsaasradio@gmail.com

AlHudah operates as an independent platform. This policy was last reviewed and updated in April 2026. It is intended to comply with GDPR (EU), UK GDPR, and applicable data protection laws in other jurisdictions where our users are located.