س
SubcisPricing

Privacy Notice

Last updated: 13 June 2026

1. Who we are

This Privacy Notice explains how MySubcis ("we", "us", "our") collects and uses your personal data when you use the MySubcis website and apps (the "Service"). MySubcis is the data controller of the personal data described in this notice. We are based in the United Kingdom.

2. Personal data we collect

We collect the following categories of personal data:

  • Account data: name or display name, email address, password (stored as a hash), authentication provider identifiers (e.g. Google sign-in).
  • Profile data: avatar, optional preferences (preferred reciter, schedule).
  • Usage data: surahs and ayahs you study, session history, strength scores, leaderboard activity, group membership, support messages.
  • Device and technical data: IP address, browser type, device identifiers, timestamps, error and diagnostic logs.
  • Payment-related data: we do not store full card details. Our Merchant of Record (Paddle) collects payment information directly and shares with us only the data we need to fulfil your order (e.g. customer ID, plan, transaction status, billing country for tax).

3. How and why we use your data

PurposeLegal basis
Create and manage your account, deliver the Service, sync progress across devices.Performance of a contract.
Process payments, subscriptions, refunds, and invoicing (via Paddle).Performance of a contract; legal obligation (tax records).
Provide customer support and respond to your messages.Performance of a contract; legitimate interests.
Security, fraud prevention, abuse detection, debugging.Legitimate interests; legal obligation.
Improve the Service (aggregate analytics, error logs).Legitimate interests.
Send transactional emails (sign-in, receipts, account changes).Performance of a contract.
Send optional product or marketing emails, where you have opted in.Consent (you can withdraw at any time).

4. Who we share your data with

We share personal data only with the following categories of recipients:

  • Paddle – our Merchant of Record. Paddle handles checkout, subscription management, payments, tax compliance, invoicing, and refund processing. See Paddle's privacy policy at paddle.com/legal/privacy.
  • Hosting and infrastructure providers – cloud database, authentication, file storage, and serverless function hosts that run the Service on our behalf.
  • Email delivery providers – to send transactional emails such as sign-in confirmations and receipts.
  • Analytics and error monitoring tools – to understand aggregate usage and diagnose problems.
  • Professional advisers – legal, accounting, and insurance advisers where necessary.
  • Authorities – where required by law, court order, or to protect our or users' safety.

We do not sell your personal data.

5. International transfers

Some of our service providers (including Paddle) are based outside the UK and EEA. Where personal data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or adequacy decisions, to ensure your data continues to be protected.

6. How long we keep your data

  • Account and profile data: kept while your account is active, and deleted within 90 days after you close it (unless we need to keep it longer for legal reasons).
  • Memorisation and session data: kept while your account is active, then deleted with your account.
  • Payment and tax records: retained by Paddle and by us for up to 7 years to meet tax and accounting obligations.
  • Support emails: kept for up to 2 years after the conversation ends.
  • Security and diagnostic logs: typically kept for up to 90 days.

7. Your rights

Subject to applicable law (including the UK GDPR and EU GDPR), you have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • request erasure of your data ("right to be forgotten");
  • restrict or object to certain processing;
  • port your data to another service;
  • withdraw consent (where processing relies on consent);
  • lodge a complaint with a supervisory authority — in the UK, the Information Commissioner's Office (ICO).

We will respond to verified requests within one month. To exercise any of these rights, contact us via the in-app support channel.

8. Security

We use appropriate technical and organisational measures to protect your personal data — including encryption in transit (HTTPS/TLS), encryption at rest for our database, row-level access controls, hashed passwords, and limited internal access on a need-to-know basis. No system is perfectly secure, but we work to keep your data safe and to notify you and the relevant authorities if a notifiable breach occurs.

9. Cookies

We use a small number of cookies and similar technologies. Essential cookies are required to keep you signed in and to make the Service work. We may also use analytics cookies to understand aggregate usage. Where required by law we will ask for your consent before setting non-essential cookies, and you can manage your preferences in your browser at any time.

10. Children

The Service is not directed at children under the age of 13 (or the higher minimum age set by your country). If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Changes to this notice

We may update this Privacy Notice from time to time. The "Last updated" date at the top shows when it was last changed. If we make material changes we will notify you (for example by email or in-app notice).

12. Contact

For any privacy questions or to exercise your rights, contact MySubcis via the in-app support channel. For payment- and billing-related privacy queries, you can also contact Paddle at paddle.net.