Privacy Policy
Tilawa is a platform for live, one-to-one Qur'an lessons between students and verified teachers. We take your privacy seriously because it is part of our ethical duty as Muslims, not because regulation requires it. This policy explains what we collect, why we collect it, what we never collect, and what rights you have over your data.
1. Who we are
Tilawa is operated by an individual based in Ghana. For any privacy questions, requests, or complaints, contact privacy@tilawaapp.com.
2. What we collect
2.1 Account information
When you sign up, we collect:
- Your name, as you choose to display it
- Your email address (used for sign-in and important notices)
- Your gender (required for our gender-segregated matching, immutable after signup)
- Your phone number (optional, for SMS reminders)
- Your date of birth or age band (for child-safety controls)
2.2 Session metadata
When you request and join a lesson, we store metadata about the session: who the participants were, when it happened, how long it lasted, and whether it completed successfully. We do not store the content of any lesson.
2.3 Donations
Tilawa is free for students and teachers. If you choose to donate to support the platform, financial information (such as card details or MoMo account numbers) is handled by our payment processor, Paystack. Tilawa receives only a confirmation that a donation occurred and a transaction reference. We never see or store your full payment details.
2.4 Device and technical data
To run reliably we collect basic device information: the type of phone you use, your operating system version, the app version, and crash reports. This helps us fix bugs and improve performance on the low-end Android devices most of our users have.
3. What we do NOT collect
Some things we have explicitly designed out of the system. These are not promises in a marketing page; they are commitments enforced in our code and architecture:
- We never record your lessons. Audio flows peer-to-peer between your phone and your teacher's phone using WebRTC. The audio stream does not pass through any Tilawa server. It is not recorded, transcribed, or stored anywhere.
- We do not read your messages. We do not run text analysis or content scanning over any communication in the app.
- We do not sell your data. Not to advertisers, not to data brokers, not to anyone. Ever.
- We do not show third-party ads. The app contains no advertising of any kind.
- We do not track you across other apps or websites.
4. How we use your data
We use the data we do collect only for:
- Letting you sign in and use the app
- Matching you with teachers (or students) of your own gender
- Scheduling lessons and sending reminders
- Processing donor contributions
- Investigating fraud, abuse, or safety reports
- Fixing bugs and improving performance
- Sending important service notices (e.g. terms updates)
5. Who we share data with
To run the service, we use a small number of trusted third parties. Each is bound by their own privacy commitments and we share only what they need.
- Supabase: database, authentication, and signalling infrastructure. Hosts your account data and session metadata.
- Paystack: processes voluntary donations to the platform. Holds payment information directly under their own privacy policy.
- Firebase Cloud Messaging: delivers push notifications to your device. Receives an anonymous device token.
- Sentry: collects anonymized crash reports so we can fix bugs. We strip personal information from crash logs.
We do not share your data with anyone else, except where required by law (for example, a court order issued by a Ghanaian court of competent jurisdiction). In such cases we will inform you unless legally prohibited.
6. Where your data is stored
Your account and session metadata are stored on Supabase infrastructure. Supabase runs on cloud providers with data centres in multiple regions. We choose the region closest to our users where available.
7. How long we keep your data
- Account data: kept while your account is active. Deleted within 30 days of account deletion.
- Session metadata: kept for as long as your account is active so you can see your learning history. Anonymised after deletion.
- Donation records: kept for 7 years to comply with Ghanaian tax and financial regulations.
- Audio: never stored at all. There is nothing to keep or to delete.
8. Your rights
At any time, you may:
- Access the data we hold about you
- Correct data that is inaccurate
- Delete your account and all associated data
- Export your data in a portable format
- Object to specific uses (e.g. marketing notices)
Most of these are available directly inside the app under Profile → Privacy. For anything you cannot do yourself, email privacy@tilawaapp.com and we will respond within 14 days.
9. Children
Tilawa is open to learners of all ages, including children. Children under 13 must have parental consent to use the platform. Parents may contact us at any time to review, export, or delete their child's data. For child accounts we apply stricter defaults: no public profile, no direct messaging outside scheduled sessions, and mandatory supervision settings for guardians.
10. Security
We protect your data using industry-standard practices: encrypted connections (HTTPS / TLS), encrypted storage at rest, Row Level Security policies in our database, and minimum-privilege access for the small number of people who maintain the system. No system is perfectly secure. If we ever detect a breach affecting your data, we will notify you within 72 hours along with what happened and what to do.
11. Changes to this policy
We will update this policy as the service grows. Material changes will be announced inside the app and by email at least 14 days before they take effect. The "last updated" date at the top of this page always reflects the current version.
12. Contact
For any question, concern, or request related to this policy or your data:
- Email: privacy@tilawaapp.com
- General contact: salam@tilawaapp.com