Privacy Policy

The Haithamy App is operated by the Haithamy team. You can reach us at support@haithamy.com for any privacy-related questions, complaints, or data-subject requests.

We collect only the information needed to provide the Service:

• Account information — email address, username, first and last name, hashed password, language preference. Provided by you at signup.
• Authentication metadata — last login time, session refresh tokens.
• Content you create — chat conversations, AI prompts and responses, classroom progress, bookmarks, and any text you submit.
• Consent records — the timestamp at which you accepted these Terms and this Policy.
• Technical data — IP address, user-agent / device type, error logs. Used only for security, abuse prevention, and debugging.
• Payment record — if you subscribe via our website, the payment is handled by a third-party payment processor; we store only a transaction ID and the subscription status, not your card data.

We do not collect contacts, photos, microphone audio, precise location, or advertising identifiers. We do not use third-party advertising or behavioural-tracking SDKs.

• To create and maintain your account and authenticate your sessions.
• To deliver the Service (search, AI responses, classroom progress, bookmarks).
• To respond to support requests.
• To detect, investigate, and prevent fraud, abuse, and credential sharing.
• To comply with legal obligations.
• To send service-related emails (security alerts, account changes, subscription renewal). We do not send marketing email unless you explicitly opt in.

The legal bases under GDPR (where it applies) are: contract (account/service provision), legitimate interests (security and product improvement),consent (where required), and legal obligation.

We use the following third-party processors. Each is bound by a data-processing agreement and processes data only on our instructions:

• Google Gemini API — your chat messages are sent to Google's generative AI service to produce responses. Google's API terms state that paid-tier prompts are not used to train Google's models. See Gemini API terms.
• Hosting provider — our servers and database are hosted by a reputable cloud provider in a secured data centre.
• Payment processor — if you pay for a subscription, billing is handled by an external processor (e.g. Stripe / Razorpay). They receive your name, email, and payment details directly; we receive only the result of the transaction.

We do not sell your personal information to any party.

Our cloud and AI providers may process your data in countries outside your country of residence (including the United States and the European Union). Where required, we rely on Standard Contractual Clauses or equivalent safeguards to protect your data.

• Account data is retained while your account is active.
• Conversation history is retained while your account is active so you can return to it.
• When you request account deletion, your data is anonymised immediately and permanently purged within thirty (30) days, except where we are required by law to retain certain records (e.g. tax invoices).
• Server logs are kept for up to 90 days for security purposes.

Subject to applicable law (including the EU GDPR, UK GDPR, the California CCPA/CPRA, India's DPDP Act, and similar regimes), you have the right to:

• Access — request a copy of your personal data.
• Rectify — correct inaccurate or incomplete data.
• Delete — request deletion (see the in-app Profile → Delete Account, or the public page at haithamy.com/delete-account).
• Restrict or object to certain processing.
• Portability — receive your data in a machine-readable format.
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email support@haithamy.com. We respond within 30 days.

The Service is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, contact us and we will delete it promptly. Users between 13 and the age of digital consent in their country must have parental or guardian permission.

We protect your data with industry-standard measures: HTTPS / TLS in transit, encryption at rest, hashed passwords (Argon2/bcrypt-style), restricted database access, rate limiting, and audit logging. No internet service can be 100% secure; if you become aware of a vulnerability, please report it to support@haithamy.com.

The website uses strictly necessary cookies and local storage to keep you logged in and remember your preferences. We do not use advertising or third-party tracking cookies. You can clear cookies/storage from your browser at any time; doing so will log you out.

The Service uses generative AI to produce summaries, translations, and references. AI output may be inaccurate, incomplete, or misleading. It is not a religious ruling (fatwa) and must not be relied on as such. See the Terms & Conditions §2 for the full AI disclaimer.

We may update this Policy from time to time. Material changes will be announced by email or in-app banner at least seven (7) days before they take effect.