Privacy Policyسياسة الخصوصية

The Irab (إعراب) app is developed and operated by Mansoor Hassan, an independent developer. This Privacy Policy explains how we collect, use, and protect your personal information when you use the Irab app on iOS or Android.

For applicable data protection law (including GDPR), Mansoor Hassan is the data controller for personal data collected through this app.

Questions? Contact us at mansourshakla@gmail.com

Account & Identity

• Email address — provided during sign-up
• Display name — chosen by you, shown on leaderboards
• Profile photo URL — optional, from Google if using Google Sign-In
• Firebase UID — anonymous internal identifier

Learning Progress

• XP points, ranks, badges, streak records
• Practice session results (accuracy, correct/incorrect counts)
• Challenge history, power-up counts, stage stars
• Daily challenge attempts and scores
• Saved favorites, Irab Library entries, Grammar Certificates

Usage & Analytics

• Feature usage events (practice started, challenge completed, premium gate hit)
• Daily usage counts per feature (for free-tier limits)
• Session metadata collected by Firebase Analytics (app version, OS, device type)
• Crash reports and performance diagnostics

Search History

• Arabic words and sentences submitted for irab/dictionary analysis
• Timestamps of each query

Device & Technical

• FCM push token (for notifications you opt into)
• Firebase Installation ID and Android Device ID (for analytics)
• IP address — processed transiently by Cloudflare, not stored by us

We use data solely to provide, maintain, and improve the Irab app:

• Core service: Authenticate your account, process grammar analysis, store your progress, serve content
• Gamification: Award XP, calculate rank, maintain streaks, display leaderboards
• Personalization: Show saved favorites, library entries, practice history
• Notifications: Send daily reminders and streak alerts (opt-in only)
• Subscription: Verify premium entitlement and gate features
• Abuse prevention: Enforce usage limits via Cloudflare rate limiting
• App improvement: Analyze aggregated, anonymized analytics to identify issues
• Legal compliance: Maintain records required by law

What Is Sent to Gemini

• Arabic sentences submitted for irab analysis
• Arabic words for dictionary lookups
• Images (base64) when using OCR / camera
• Sentences and user analysis during practice grading
• Wrong words for explanation generation (premium)

How We Protect Your Data in AI Calls

• All requests route through our Cloudflare Workers proxy — Gemini API keys are never exposed to your device
• Firebase ID tokens are verified server-side on every request
• All communication is encrypted via HTTPS/TLS

What Gemini Does NOT Do

• Does not use your text to train or improve AI models (per Google's API Terms)
• Images sent for OCR are not stored after processing
• We do not store raw images on our servers

See Google's privacy policy at policies.google.com/privacy

With your explicit permission, we send push notifications via Firebase Cloud Messaging (FCM). We send two types:

• Daily Practice Reminder — sent ~6 PM Gulf Time if you haven't practiced that day
• Streak-at-Risk Alert — sent ~8 PM Gulf Time if your streak is at risk

You can revoke permission any time via device Settings → Notifications or from the app's Settings screen. On logout, your FCM token is removed from our servers. We do not send marketing push notifications.

Irab offers optional premium subscriptions. All purchases are processed by Apple App Store (iOS) or Google Play (Android). We do not receive or store payment card details.

Subscription management is handled by RevenueCat, which receives your purchase receipt and User ID to verify entitlement. When you subscribe, RevenueCat notifies our server via webhook, updating your subscription status in Firestore. This status determines which premium features are unlocked.

Subscription status (tier, plan) is stored in Firestore linked to your account and deleted when you delete your account.

• Account data (email, display name, profile): until account deletion
• Learning progress, favorites, history: until account deletion
• Daily usage counters: auto-deleted after 30 days
• XP award logs: auto-deleted after 60 days
• Certificates: until account deletion (stored in Cloudflare R2)
• FCM token: deleted on logout
• Firebase Analytics data: up to 26 months (Google's retention)

When you delete your account, a Cloud Function removes all associated data from Firestore and Cloudflare R2 within 24 hours.

To exercise rights, delete your account via Settings → Account → Delete Account or email mansourshakla@gmail.com. We respond within 30 days.

The Irab app is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you are a parent and believe your child has provided us with personal information, contact us immediately at mansourshakla@gmail.com and we will delete it promptly.

Users aged 13–17 should use the app with parental knowledge where required by law.

Our primary Firestore database is in asia-southeast1 (Singapore). Services including Firebase, Gemini, RevenueCat, and Cloudflare are operated primarily in the United States.

If you are in the EEA, your data may be transferred outside the EEA. These transfers are made under appropriate safeguards: Standard Contractual Clauses (SCCs) with Google, RevenueCat, and Cloudflare.

• Encryption in transit: All data uses HTTPS/TLS
• Authentication: All API endpoints require a valid Firebase ID token verified server-side
• API key security: AI API keys stored as Cloudflare Workers secrets, never exposed to devices
• Firestore rules: Users can only read/write their own data
• Firebase App Check: Protects against unauthorized access and bots
• Rate limiting: Per-user limits on all AI features

While we take reasonable precautions, no Internet transmission is 100% secure.

We may update this policy from time to time. Material changes will be communicated via push notification or in-app banner, and the "Last Updated" date will be updated. Continued use of the app after changes constitutes acceptance.