Privacy policy

mindful.so is a planner for the Muslim day. We store only what we need to run the product: your email, your prayer and location settings, the activities you schedule, the books you read, and your prayer log. We do not sell your data, we do not run third-party advertising or analytics, and we do not share your data with anyone outside of the strict service providers listed below.

Email address. We use it as your identity. Sign-in is passwordless — you receive a one-time 6-digit code in your inbox and exchange it for a session.

Profile and prayer settings. Your display name, city, country, latitude/longitude, timezone, madhhab, calculation method, high-latitude rule, and per-prayer minute adjustments.

Activities and completions. The entries you create (title, kind, intention, recurrence, anchor and offset) and which occurrences you mark complete.

Prayer log. For each day, the status you assign to each of the five daily prayers (alone, jamaa, late, missed).

Books. Title, total pages, current page, and category for items in your reading list.

Invitations. If you invite another person to an activity by email, we store the invitee's email address and the invitation's status (pending, accepted, dismissed).

Technical data. Standard HTTP request logs (method, path, timing) and your IP address, used for operating and rate-limiting the service.

We do not run third-party advertising trackers, behavioural analytics, fingerprinting scripts, or social-media pixels. We do not collect device contacts, location beyond the city you choose, microphone, camera, or notifications you didn't opt into.

Your account data is stored in a managed PostgreSQL database operated for the mindful.so service. Your session token is kept in your browser's localStorage so you stay signed in across visits; on mobile it is held in the OS secure keystore. Your selected theme preference is also stored locally in your browser.

Connections to the service are protected with TLS. Database access is restricted to the application server.

We rely on a small number of providers strictly to deliver the service:

• An email provider, to deliver one-time sign-in codes and activity invitations to the addresses you provide.
• A hosting provider, to run the application server, database, and static assets.

These providers process data on our behalf and are not permitted to use it for their own purposes.

We use your data only to operate mindful.so — to compute prayer times for your location, render your day, persist your entries and completions, deliver invitations you initiate, and send sign-in codes you request. We do not use your data to train machine-learning models or to profile you for advertising.

We retain your data for as long as your account is active. One-time sign-in codes expire after ten minutes and are consumed on first successful use. HTTP request logs are kept for a short operational window and then rotated out.

You can permanently delete your account at any time from Settings → Danger zone. Deletion is immediate and irreversible: it removes your settings, entries and their completions, prayer log, books, invitations you sent, pending invitations sent to your email, and any outstanding sign-in codes for your email.

You can edit your profile and prayer settings at any time, export your data on request, and delete your account in one click. If you need help exercising any of these rights, contact us at the address below.

mindful.so is not directed at children under 13, and we do not knowingly collect data from them. If you believe a child has created an account, contact us and we will delete it.

We may update this policy as the product evolves. The "Last updated" date at the top of this page always reflects the most recent revision. Material changes will be announced in the app before they take effect.

Questions about this policy or your data? privacy@mindful.so.