Privacy Policy

Last updated: 20 May 2026

This privacy policy explains how Rehnüma ("the app", "we", "us") collects, uses, and protects your personal data when you use our mobile application. By using the app, you agree to this policy.

1. Data We Collect

When you use the app, we collect the following data:

• Account information: Name, email address, password (stored encrypted).
• Learning data: Memorized content, active memorization sessions, weekly streaks, progress statistics.
• Technical data: Device type, operating system version, app version, IP address (for security and debugging purposes only).

The app does not access sensitive data such as location, contacts, camera, or microphone.

2. Why We Collect Your Data

• To create your account and enable sign-in.
• To synchronize your memorization progress across devices.
• To provide personal progress features such as streaks and statistics.
• To improve the app and detect/fix bugs.
• To meet our legal obligations.

3. Where We Store Your Data

Your data is stored on Supabase servers located in the European Union (Frankfurt, Germany). All data transfers are encrypted with TLS 1.2+. The database is protected by Row-Level Security (RLS) — each user can access only their own data.

4. Third-Party Services

The following third-party services are used:

• Supabase (authentication, database) — Privacy Policy
• Resend (email delivery) — Privacy Policy
• Expo (app infrastructure) — Privacy Policy
• Apple App Store / Google Play Store — App distribution channels and purchase processes.

When RevenueCat (subscription management) is integrated in the future, this list will be updated.

5. Data Sharing

Your data is not sold, rented, or shared with third parties for marketing purposes. Data is shared only with the service providers listed above, and only to the extent necessary for the app to function.

6. Your Rights (GDPR & KVKK)

Under GDPR (General Data Protection Regulation) and Turkish KVKK law, you have the following rights:

• The right to know whether your data is being processed.
• The right to access and request a copy of your data.
• The right to have inaccurate or incomplete data corrected.
• The right to request deletion of your data.
• The right to object to processing.
• The right to data portability.

To exercise these rights, please contact info@rehnuma.co. We will respond within 30 days.

7. Data Retention

Your data is retained as long as your account is active. When you delete your account, all your personal data is permanently deleted within 30 days. Complete removal from backup systems takes no more than 90 days.

8. Children's Privacy

The app is not intended for children under 13 and we do not knowingly collect data from users under 13. If you believe we have collected a child's data, please contact us; the relevant data will be deleted immediately.

9. Security

We take industry-standard measures to protect your data:

• All connections are encrypted with TLS.
• Passwords are hashed with bcrypt and never stored in plain text.
• Database access is isolated at the row level via RLS.
• In the event of a data breach, we will notify you within 72 hours.

10. Policy Changes

We may update this privacy policy from time to time. When significant changes occur, we will notify you in-app and via email. We recommend checking the "Last updated" date.

11. Contact

For privacy-related questions, requests, or complaints:

• Email: info@rehnuma.co