Privacy Policy

Last Updated: April 25, 2026

Data Controller: Thinking Studio (Malaysia) Sdn. Bhd. (Company No. 202001016193 / 1372513-P)

1. Introduction

IHRAM is a spiritual companion mobile application developed by Thinking Studio (Malaysia) Sdn. Bhd. (Malaysia). This Privacy Policy applies to all users of the IHRAM app on iOS and Android, and the IHRAM website at www.ihram.global, regardless of where you are located.

Key Principle: Your data stays on your device. IHRAM does not operate servers that collect, store, or process your personal information. All personal data you create in the App lives exclusively on your device.

2. Data Stored Locally on Your Device

The following data is stored only on your device. We never have access to it:

  • App preferences — language, theme, notification settings, azan voice
  • Zikir statistics — daily counts and completed rounds
  • Quran progress — last read position, reading progress, bookmarks
  • My Istiqamah — daily spiritual routine history
  • My Memories — diary text, photos, and custom caption styles
  • My Gallery — photos you add, grouped by month
  • Hafazan — Quran memorization progress and tracked ayahs
  • Umrah checklist — personal checklist progress
  • Purchase status — trial date and lifetime access state

3. Device Permissions

PermissionPurposeRequired?
LocationDistance to holy cities, Qibla direction, prayer time detection. Sent only to Aladhan API. Never stored by us.Optional
Camera / PhotosAttach photos to My Memories and My Gallery. Saved on device only.Optional
NotificationsPrayer alerts, Istiqamah reminders, Hajj countdownOptional
Sensors (Magnetometer)Qibla compass. Processed on-device only.Optional
Microphone (Android only)Required by Android audio framework for azan playback. We do not record any audio.Optional

4. Data We Do NOT Collect

  • We do not collect your name, email, phone number, or any personal identifiers
  • We do not store your GPS location on any server
  • We do not record audio, video, or microphone input
  • We do not track your in-app behaviour, sessions, or usage patterns
  • We do not use advertising SDKs, IDFA, GAID, or tracking pixels
  • We do not use crash reporting or analytics SDKs
  • We do not sell, rent, or share your personal data with third parties

5. Third-Party Services

The App connects to the following services directly from your device:

ServicePurposeData Sent
Aladhan APIPrayer timesApproximate location (lat/lon)
AlQuran CloudQuran text & translationsSurah/ayah number only
Open-MeteoWeather for holy citiesFixed city coordinates
GoldAPIGold price for ZakatNone (API key only)
RevenueCatPurchase managementAnonymous user ID, device identifier, purchase receipt
Apple / GooglePayment processingHandled entirely by Apple/Google

5.1 Cross-Border Data Transfers

RevenueCat and other third-party services are based in the United States. Purchase-related data (anonymous user ID, device identifier, receipt) may be transferred to and processed in the US. For EU/EEA users, RevenueCat relies on Standard Contractual Clauses (SCCs). By completing a purchase, you acknowledge these transfers as necessary to fulfil your purchase.

6. Purchases & Payments

All purchases are processed by Apple App Store or Google Play Store. We use RevenueCat only to verify your purchase entitlement — it does not receive your name, email, or payment details. We have no access to any payment information.

7. Analytics & Tracking

  • We do not use analytics SDKs (Firebase Analytics, Mixpanel, Amplitude, etc.)
  • We do not use crash reporting SDKs (Sentry, Crashlytics, etc.)
  • We do not use cookies or tracking pixels in the App
  • Apple and Google may independently collect anonymised platform statistics — governed by their policies, not ours

8. Children's Privacy

IHRAM is not directed at children under 13 (or the minimum digital age in your jurisdiction). We do not knowingly collect personal information from any user. If you believe your child has used the App in a way involving personal data, contact us at hello@thinkingstudio.my.

9. Data Security

All personal data is stored on your device, protected by your device's passcode, biometrics, and hardware encryption. Uninstalling the App permanently removes all locally stored data. Since we do not store data on any server, the risk of a server-side data breach does not apply.

10. Data Retention & Deletion

All App data is stored on your device and deleted when you uninstall the App. Purchase records are held by Apple, Google, and RevenueCat under their own retention policies.

To request deletion of RevenueCat data: Email hello@thinkingstudio.my with subject line "Data Deletion Request" and we will forward your request to RevenueCat. We respond within 14 business days.

11. Your Global Privacy Rights

We respect your rights under applicable data protection laws worldwide. Since we collect no personal data on our servers, most rights are exercised by managing data on your device or by contacting the relevant third-party service.

🇪🇺 EU & UK — GDPR / UK GDPR

Rights: access, rectification, erasure, restriction, portability, objection, and to lodge a complaint with your national DPA. Legal basis for RevenueCat processing: legitimate interest and contract performance. As we do not collect personal data on our servers and our processing via third-party services is limited and occasional in scale, an EU representative under Article 27 GDPR is not required. Contact: hello@thinkingstudio.my

🇺🇸 California — CCPA / CPRA

Rights: know, delete, opt-out of sale (we do not sell data), and non-discrimination. Contact: hello@thinkingstudio.my

🇲🇾 Malaysia — PDPA 2010

Rights: access, correct, and limit processing of personal data. Exercised through your device or by contacting us.

🇮🇩 Indonesia — UU PDP No. 27/2022

Rights: access, correct, delete, and withdraw consent. Under Articles 58–60 of UU PDP, a dedicated Personal Data Protection Authority (Lembaga Pelindungan Data Pribadi / LPPDP) reporting to the President is being established to oversee enforcement. Contact: hello@thinkingstudio.my

🇹🇷 Turkey — KVKK No. 6698

Rights: know whether data is processed, access, correction, deletion, and to lodge a complaint with the KVKK Board. Veri Sorumlusu (Data Controller): Thinking Studio (Malaysia) Sdn. Bhd., Malaysia. Contact: hello@thinkingstudio.my

🇸🇦 Saudi Arabia & GCC — PDPL

Rights: access, correction, and deletion of personal data under the Saudi PDPL and equivalent GCC laws. The App is designed in accordance with PDPL's data minimisation principles. Contact: hello@thinkingstudio.my

🇮🇳 India — DPDP Act 2023

Rights: access, correction, erasure, and grievance redressal. Data Fiduciary: Thinking Studio (Malaysia) Sdn. Bhd., Malaysia. Contact: hello@thinkingstudio.my

🇷🇺 Russia — FZ-152

Rights: access, correction, and deletion of personal data. We do not collect or store personal data of Russian users on any server we operate. Limited purchase-related data (anonymous user ID, device identifier, receipt) processed by RevenueCat may be stored on servers outside the Russian Federation; Russian users acknowledge this transfer when completing a purchase. Contact: hello@thinkingstudio.my

🇨🇦 Canada — PIPEDA

Rights: access and correction of personal data. Since no personal data is collected server-side, these rights are exercised through your device. Contact: hello@thinkingstudio.my

🇦🇺 Australia — Privacy Act 1988 (APPs)

Rights: access, correction, and to lodge a complaint with the OAIC. Contact: hello@thinkingstudio.my

Other Jurisdictions

For all other jurisdictions, IHRAM is built on universal data minimisation principles — we collect no personal data on our servers. For any privacy request, contact: hello@thinkingstudio.my

12. Changes to This Policy

Material changes will be communicated by updating the "Last Updated" date. Continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

Thinking Studio (Malaysia) Sdn. Bhd.
Company Registration No.: 202001016193 (1372513-P)

Registered Office (for legal notices):
E-5-3, Starparc Point
Jalan Ibu Kota, Setapak
53300 Kuala Lumpur, Malaysia

Business Address:
31-1 Block F, Platinum Walk
No. 2 Jalan Langkawi, Setapak
53300 Kuala Lumpur, Malaysia

Phone: +60 3-4131 2878
Email: hello@thinkingstudio.my (use subject: "Privacy Request — [Request Type]")
Company: www.thinkingstudio.my
App: www.ihram.global
Response time: within 14 business days

This Privacy Policy is governed by the laws of Malaysia and designed to comply with GDPR (EU/UK), CCPA (California), PDPA (Malaysia), UU PDP (Indonesia), KVKK (Turkey), PDPL (Saudi Arabia/GCC), DPDP Act (India), FZ-152 (Russia), PIPEDA (Canada), and the Australian Privacy Act 1988.