Privacy Policy

Last Updated: March 14, 2025

Welcome to Aruuri! We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how Aruuri ("we," "us," or "our") collects, uses, stores, and safeguards your data when you use our Quran class management platform ("the Service").

1. Information We Collect

We collect the following types of information to provide and improve the Service:

1.1 Personal Information

User Account Data: When you sign up or use Aruuri via Google OAuth, we collect:
- Name (display name from Google)
- Email address
- Unique user ID (generated by Supabase)
- Subscription details (e.g., plan type, Stripe customer ID, subscription end date)
Student Data: If you’re a teacher, we store:
- Student names
- Unique student IDs (generated by Aruuri)
- Active/inactive status

1.2 Usage Data

Attendance Records: We track:
- Student ID
- Date
- Status (e.g., present, late)
Progress Tracking: For educational purposes:
- Student ID
- Surah ID, start/end ayah numbers, date of progress
App Interaction: General usage data (e.g., clicks, page views) to improve the Service.

1.3 Cookies and Similar Technologies

We use the following cookies to enable secure sign-in via Google OAuth, managed by Supabase:

Supabase Authentication Cookies:
- Names:
  - sb-fuwecshipxulywpstsay-auth-token.0
  - sb-fuwecshipxulywpstsay-auth-token.1
- Purpose: These cookies store your authentication token in two parts to manage your login session securely. They’re set after signing in with Google OAuth and allow Aruuri to verify your identity with Supabase.
- Duration: Session-based (expire when you close your browser or sign out).
- Category: Strictly necessary for the Service to function.
Google OAuth Cookies:
- Name: Managed by Google (e.g., NID, SID, or similar).
- Purpose: Facilitates Google sign-in and session persistence during the OAuth process.
- Duration: Varies (session-based or persistent, per Google’s settings).
- Category: Strictly necessary; Google may also use them for analytics (see Google Privacy Policy).
Note: We don’t use additional analytics or tracking cookies beyond what’s required for authentication.

1.4 Local Storage

We store user data (e.g., your ID, email, display name, subscription plan, and Stripe details), student information, attendance, and progress in your browser’s local storage using a key like user-storage. This enables offline functionality, preserves your session state across page reloads, and improves performance. This data mirrors what’s listed above and is tied to your session, persisting until you clear your browser cache or sign out.

2. How We Use Your Data

Provide Services: Manage accounts, track attendance, and monitor student progress.
Authentication: Use cookies to keep you signed in securely.
Subscriptions: Process payments and manage plans via Stripe.
Improvement: Analyze usage to enhance features (anonymized where possible).
Communication: Send updates about your account or subscriptions.

3. How We Store and Protect Your Data

Local Storage: Persists in your browser until cleared or you sign out. It’s device-specific and not synced across devices without sign-in.
Cookies: The Supabase auth cookies are encrypted and stored securely in your browser.
Server Storage: Account and student data are stored in Supabase’s cloud database; subscription data is linked to Stripe.
Security: We use encryption, access controls, and Supabase’s security features. However, no system is 100% secure, and we cannot guarantee absolute protection.

3.1 Third-Party Services

Supabase: Handles authentication and data storage (see Supabase Privacy Policy).
Stripe: Manages payments and subscriptions (see Stripe Privacy Policy).
Google: Facilitates OAuth sign-in (see Google Privacy Policy).

4. Sharing Your Data

We don’t sell or share your personal data, except:

Service Providers: With Supabase, Stripe, and Google as needed for the Service.
Legal Obligations: If required by law or to protect our rights.

5. Your Rights and Choices

Last Updated: March 14, 2025

1. Information We Collect

We collect the following types of information to provide and improve the Service:

1.1 Personal Information

User Account Data: When you sign up or use Aruuri via Google OAuth, we collect:
- Name (display name from Google)
- Email address
- Unique user ID (generated by Supabase)
- Subscription details (e.g., plan type, Stripe customer ID, subscription end date)
Student Data: If you’re a teacher, we store:
- Student names
- Unique student IDs (generated by Aruuri)
- Active/inactive status

1.2 Usage Data

Attendance Records: We track:
- Student ID
- Date
- Status (e.g., present, late)
Progress Tracking: For educational purposes:
- Student ID
- Surah ID, start/end ayah numbers, date of progress
App Interaction: General usage data (e.g., clicks, page views) to improve the Service.

1.3 Cookies and Similar Technologies

Supabase Authentication Cookie:
- Name: sb-<database-code>-auth-token (e.g., sb-fuwecshipxulywpstsay-auth-token)
- Purpose: Manages your login session securely via Supabase.
- Duration: Session-based (expires when you close your browser or sign out).
- Category: Strictly necessary for the Service to function.
Google OAuth Cookies:
- Name: Managed by Google (e.g., NID, SID).
- Purpose: Facilitates Google sign-in and session persistence.
- Duration: Varies (session-based or persistent, per Google’s settings).
- Category: Strictly necessary; Google may also use them for analytics (see Google Privacy Policy).
Note: We don’t use analytics or tracking cookies beyond what’s required for authentication.

1.4 Local Storage

We store user data, student information, attendance, and progress in your browser’s local storage for offline functionality and performance. This data mirrors what’s listed above and is tied to your session.

2. How We Use Your Data

Provide Services: Manage accounts, track attendance, and monitor student progress.
Authentication: Use cookies to keep you signed in securely.
Subscriptions: Process payments and manage plans via Stripe.
Improvement: Analyze usage to enhance features (anonymized where possible).
Communication: Send updates about your account or subscriptions.

3. How We Store and Protect Your Data

Local Storage: Persists in your browser until cleared or you sign out. It’s device-specific and not synced across devices without sign-in.
Cookies: The Supabase auth cookie is encrypted and stored securely in your browser.
Server Storage: Account and student data are stored in Supabase’s cloud database; subscription data is linked to Stripe.
Security: We use encryption, access controls, and Supabase’s security features. However, no system is 100% secure, and we cannot guarantee absolute protection.

3.1 Third-Party Services

Supabase: Handles authentication and data storage (see Supabase Privacy Policy).
Stripe: Manages payments and subscriptions (see Stripe Privacy Policy).
Google: Facilitates OAuth sign-in (see Google Privacy Policy).

4. Sharing Your Data

We don’t sell or share your personal data, except:

Service Providers: With Supabase, Stripe, and Google as needed for the Service.
Legal Obligations: If required by law or to protect our rights.

5. Your Rights and Choices

Cookies: Adjust browser settings to block or delete cookies (may disrupt sign-in).
Local Storage: Clear your browser cache to remove local data (may log you out).
Account Deletion: Email us to delete your account and data from our servers.
Access: Contact us to request a copy of your data.

6. Children’s Privacy

Aruuri isn’t designed for children under 13. We don’t knowingly collect their data without parental consent. Contact us if you believe we have such data.

7. International Data Transfers

We use Supabase and Stripe, which may process data outside your country (e.g., in the US). We rely on their compliance with data protection laws.

8. Changes to This Policy

We may update this policy as the Service evolves. Check the “Last Updated” date. Significant changes will be notified via email or in-app.

9. Contact Us

Questions? Email us at asknasarissa@gmail.com.