م
المقرأةAl-Maqraah

Privacy Policy

How we collect, use, and protect your personal information

Privacy Policy — Al-Maqraah (المقرأة)

Effective date: July 10, 2026

Last updated: July 10, 2026

Al-Maqraah ("we," "us," or "our") operates the Al-Maqraah mobile application (the "App") and the website https://maqraah.sofuf.com (the "Website"). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the App.

By creating an account or using the App, you agree to this Privacy Policy. If you do not agree, please do not use the App.


1. Who We Are (Data Controller)

Al-Maqraah

Maqraah of the Faculty of Sharia and Islamic Studies

Yarmouk University, Irbid, Jordan

Privacy inquiries: privacy@sofuf.com

Support: support@sofuf.com


2. Information We Collect

2.1 Information you provide directly

Account registration (all users):

  • Email address
  • Password (stored securely by our authentication provider; we do not store plain-text passwords)
  • Full name
  • User role (Student or Teacher)

Student profile (optional and required fields as entered by you):

  • Phone number
  • Nationality / country
  • Gender
  • Preferred Qira'at (recitation styles)
  • Learning level
  • Personal notes
  • Guardian name and guardian phone number (optional — for younger students)
  • Profile avatar URL (if applicable)

Teacher profile:

  • Nationality / country
  • Biography
  • Qira'at specializations
  • Languages spoken
  • Availability status (available / unavailable)
  • Working hours / schedule
  • Default video meeting link (e.g., Zoom URL)

Session and booking data:

  • Session requests and booking records
  • Notes you add when requesting a session
  • Session status (pending, accepted, declined, active, completed)
  • Video meeting links shared for sessions
  • Session payment status (pending or confirmed — administrative status only; no payment card data is collected by the App)
  • Teacher ratings
  • Student performance score and learning hours (tracked within the platform)

2.2 Information collected automatically

Authentication session data (stored locally on your device):

  • Access token and refresh token (authentication credentials)
  • User ID
  • Email address
  • User role

These tokens are stored using Android EncryptedSharedPreferences (AES-256 encryption via Android Keystore). They are excluded from cloud backup and device transfer for security reasons.

Network communications:

When you use the App, it communicates with our backend servers over HTTPS to authenticate you, sync your profile, and manage sessions. Standard connection metadata (IP address, request timestamps) may be processed by our hosting provider as part of normal server operations.

Local notifications (Teachers only):

The App periodically checks for new session requests while you are signed in and may display local notifications on your device. No push notification service (such as Firebase Cloud Messaging) is used. Notification content may include the student's name and session notes.

2.3 Information we do NOT collect

The App does not collect, access, or process:

  • Precise or approximate location (GPS)
  • Camera or microphone data
  • Photos or media files from your device
  • Contacts or call logs
  • Device advertising identifiers for tracking
  • Financial or payment card information
  • Health or biometric data
  • Browsing history outside the App

The App does not use third-party analytics, advertising SDKs, or crash reporting services.


3. How We Use Your Information

We use your information solely to:

  1. Provide the service — Create and manage your account; authenticate you; enable session booking between students and teachers
  2. Facilitate Quran recitation sessions — Match students with teachers; manage schedules; share video meeting links; track session status
  3. Personalize your experience — Display your profile, Qira'at preferences, daily Ayah, and learning progress
  4. Send notifications — Alert teachers locally when a student requests a session (with your permission on Android 13+)
  5. Maintain platform integrity — Display teacher availability, ratings, and session records within the educational platform
  6. Respond to your requests — Process password reset emails and account deletion requests
  7. Comply with legal obligations — Where required by applicable law

We do not use your data for advertising, profiling for marketing, or selling to data brokers.


4. Legal Basis for Processing (where applicable)

Depending on your jurisdiction, we process your data based on:

  • Contractual necessity — To provide the App's core features you signed up for
  • Consent — For optional profile fields, notifications, and guardian information
  • Legitimate interests — To maintain platform security and improve the educational service
  • Legal obligation — Where required by law

5. How We Share Your Information

We do not sell, rent, or trade your personal information.

We share information only in these limited circumstances:

5.1 Within the platform (student ↔ teacher)

  • Students can see teacher public profiles (name, Qira'at, rating, availability, bio, languages)
  • Teachers can see student names and session notes when a booking is requested
  • Session participants can access video meeting links shared for their sessions

5.2 Service providers (data processors)

We use trusted third-party services to operate the App:

ProviderPurposeData shared
Supabase, Inc.Authentication, database, and backend API hostingAccount credentials, profile data, session records
Zoom Video Communications, Inc.Video sessions (external link — opened outside the App)Only if you choose to join a Zoom meeting link provided by a teacher; governed by Zoom's privacy policy

These providers process data on our behalf under their respective terms and privacy policies. We recommend reviewing:

Supabase Privacy Policy

Zoom Privacy Policy

5.3 Legal requirements

We may disclose information if required by law, court order, or government request, or to protect the rights, safety, or property of users or the platform.

5.4 No other sharing

We do not share your data with advertisers, social media platforms, or unrelated third parties.


6. Data Storage and Security

  • Server storage: Your account and profile data are stored on Supabase cloud infrastructure. Data is transmitted over encrypted HTTPS/TLS connections.
  • Local storage: Authentication tokens are stored on your device using Android EncryptedSharedPreferences with AES-256 encryption. These tokens are explicitly excluded from Android cloud backup and device-to-device transfer.
  • Password security: Passwords are handled by Supabase Auth and stored using industry-standard hashing; we never see or store your plain-text password.
  • Access controls: Database access is protected by authentication and role-based permissions.
  • No guarantees: While we implement reasonable security measures, no method of transmission or storage is 100% secure. Please use a strong, unique password and keep your device secure.

7. Data Retention

  • Active accounts: We retain your data for as long as your account is active and as needed to provide the service.
  • Account deletion: You may permanently delete your account from within the App (Profile → Delete Account). Upon deletion, your account and associated personal data will be removed from our systems, subject to any legal retention requirements.
  • Session records: Completed session data may be retained in anonymized or aggregated form for educational reporting purposes.
  • Server logs: Standard server logs may be retained for a limited period for security and troubleshooting, then deleted.

8. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access — Request a copy of your personal data (available within the App via your profile)
  • Correction — Update your profile information at any time in the App
  • Deletion — Permanently delete your account and associated data via the in-app "Delete Account" feature
  • Withdraw consent — Disable notifications in your device settings; remove optional profile fields
  • Data portability — Request an export of your data by contacting privacy@sofuf.com
  • Object or restrict processing — Contact us at privacy@sofuf.com

To exercise any of these rights, email privacy@sofuf.com. We will respond within 30 days.


9. App Permissions Explained

The App requests the following Android permissions:

PermissionWhy we need it
InternetConnect to our servers for authentication, profiles, and session management
Post Notifications (Android 13+)Show teachers local alerts when a student requests a session
VibrateProvide haptic feedback with notifications

No other permissions are requested. The App does not access your camera, microphone, location, contacts, or storage.


10. Children's Privacy

The App is designed for Quran education and may be used by students under 18 with guardian involvement. We do not knowingly collect personal information from children under 13 without appropriate guardian consent.

  • Students may optionally provide guardian name and phone number in their profile.
  • If you are a parent or guardian and believe your child has provided personal information without your consent, contact us at privacy@sofuf.com and we will promptly delete such information.
  • We encourage parents and guardians to supervise their children's use of the App and online video sessions.

The App is not directed at children under 13 for independent registration.


11. International Data Transfers

Your data may be processed and stored on servers located outside your country of residence (including Supabase infrastructure). By using the App, you consent to the transfer of your information to countries that may have different data protection laws. We ensure appropriate safeguards are in place through our service providers' standard contractual protections.


12. Third-Party Links and Services

The App may contain links to external video conferencing services (e.g., Zoom). When you leave the App to join a video session, you are subject to that third party's privacy policy and terms. We are not responsible for the privacy practices of external services.


13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. For material changes, we may notify you through the App. Continued use of the App after changes constitutes acceptance of the updated policy.


14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: privacy@sofuf.com

Support: support@sofuf.com

Organization: Al-Maqraah — Faculty of Sharia and Islamic Studies, Yarmouk University, Irbid, Jordan