Privacy Policy
Last updated: 11 May 2026
We collect the minimum we need to give you an account, keep your streak safe across devices, and fix crashes. We do not sell, rent, or share your data for advertising.
Overview
DhikrLock is an iOS app that helps you build a dhikr habit by shielding distracting apps until you complete your reps. This policy explains what data we collect, why we collect it, where it is stored, and the rights you have over it.
The legal entity responsible for your data is Malik Ventures Ltd, based in the United Kingdom.
Data We Collect
When you create an account
- Email address — if you sign up with email and password, or via Sign in with Apple (Apple may provide a private relay address you control)
- Name — the name you enter during onboarding, used to personalise greetings
- An anonymous user identifier — used to link your subscription state between Apple and our systems
As you use the app
- Dhikr streak data — your current streak, longest streak, and last active date, so your streak survives reinstalls and new devices
- Anonymous usage events — which screens you visit, when you complete dhikr, when you view the paywall. We use these to improve the app. We do not record personally identifying details in events.
- Session recordings — to understand how people actually use the app and where they get stuck, we record a playback of your in-app interactions (taps, scrolls, screen transitions). All text inputs are masked (we cannot read what you type), all images are masked, and we do not capture audio or video from your camera or microphone. Recordings are tied to the same anonymous identifier as your usage events and are retained for up to 30 days.
- Device context — alongside the events above, we attach your device model, OS version, app version, locale, and timezone so we can group bugs and usage by device. This is technical metadata only; it is not used to identify you personally.
- Crash and error diagnostics — if the app crashes or errors, we capture the technical details (stack trace, device model, OS version) so we can fix the bug
Stored only on your device
The following data stays on your device and is never sent to our servers:
- The identifiers of the apps you choose to shield (Apple's Screen Time framework uses opaque tokens we cannot read)
- Your per-phrase dhikr history and daily unlock counts
- Your preferences (rep count, theme, notification settings)
Third-Party Services We Use
We use these services strictly to run the app. None are used for advertising.
- Supabase (Frankfurt, Germany) — stores your account, profile, and streak data
- Apple Sign in with Apple — if you choose Apple as your sign-in method
- RevenueCat — handles subscription state and receipt validation for in-app purchases
- Sentry (Frankfurt, Germany) — captures crash reports so we can fix bugs
- PostHog (EU, Germany) — captures anonymous product-usage events and masked session recordings (text and images redacted)
- Apple App Store — handles all payments. We never see your card details.
Legal Basis (UK GDPR / EU GDPR)
- Contract — account data, subscription state, and streak sync are necessary to provide the service you signed up for
- Legitimate interest — anonymous analytics and crash diagnostics, to maintain and improve the app
- Consent — notifications, which you can revoke at any time in iOS Settings
How Long We Keep Your Data
We keep your account data for as long as your account is active. If you delete your account (see below), we remove your profile, email, and streak data from our systems within 30 days. Anonymous analytics events are retained for up to 12 months.
Your Rights
You can:
- Delete your account — in the app, go to Settings → Account → Delete account. This immediately removes your profile, streak, and email from our database.
- Export your data — email us at hello@dhikrlock.app and we will send you a copy within 30 days.
- Correct inaccurate data — edit your name in Settings, or email us for anything else.
- Object to processing — email us and we will explain how to limit or stop the relevant processing.
- Complain to your data protection authority — in the UK, the Information Commissioner's Office (ico.org.uk).
Screen Time & Family Controls
DhikrLock uses Apple's Screen Time framework (Family Controls and Managed Settings) to restrict access to apps you choose. This is handled entirely by iOS on your device. We do not have access to the names or identifiers of your shielded apps — Apple's framework uses opaque tokens that cannot be read or transmitted.
Notifications
DhikrLock may send local notifications to remind you to complete your dhikr. These are generated on your device. We do not send push notifications from our servers.
Children's Privacy
DhikrLock is not directed at children under 13. If you are under 13, please do not create an account. If we learn we have collected data from a child under 13, we will delete it.
Changes to This Policy
If we update this policy, we will post the revised version here with an updated date. Material changes will also be surfaced in-app.
Contact
If you have questions about this policy or want to exercise any of your rights, email hello@dhikrlock.app.
You can also reach us on Instagram at @dhikrlock.