How can I learn the Quran online for free?

Deen Path is a free Quran learning companion that pairs Arabic with Bosnian (Korkut) and English (Sahih International) translations, plus Mishary Alafasy audio recitation, on every ayah of all 114 surahs. There is no signup wall on the Quran reader, prayer times, qibla, duas, glossary or 8-week beginner path. Open mydeenpath.com on any browser, phone or tablet.

Where do I start learning Islam as a beginner?

Start with the five pillars: shahada (faith), salah (the five daily prayers), zakah (charity), sawm (Ramadan fasting), and hajj (pilgrimage). Deen Path's 8-week learning path at mydeenpath.com/learn walks through these in order with short daily lessons, suggested ayahs, and beginner duas to memorise — written in mainstream Sunni terms with Hanafi-aware notes.

How do I learn to pray Salah step by step?

The five daily prayers (Fajr, Dhuhr, Asr, Maghrib, Isha) each have a fixed number of rakahs and a specific sequence: takbir, recitation of Surah Al-Fatihah, ruku (bowing), sujud (prostration), and tashahhud. Deen Path's How to Pray guide at mydeenpath.com/how-to-pray takes beginners through each prayer one rakah at a time with the Arabic phrases, transliteration, and English meaning.

Which Quran translation does Deen Path use?

Deen Path shows three editions side by side on every ayah: Arabic Uthmani, the Bosnian Korkut translation (the standard Bosnian Muslim translation), and the English Sahih International translation. Audio recitation is by Mishary Rashid Alafasy. All translations are sourced from alquran.cloud.

Is Deen Path Sunni or Shia, and does it follow a specific madhab?

Deen Path follows mainstream Sunni teaching and treats all four Sunni madhabs (Hanafi, Maliki, Shafi'i, Hanbali) with respect. The Bosnian community follows Hanafi practice, which is reflected in the default Asr calculation method and prayer-time choices, but users can switch madhab and prayer calculation method freely. The AI tutor explicitly defers to a local imam on personal-status, finance, medical, or oaths questions.

Is there a free Quran app in Bosnian (na bosanskom)?

Yes. Deen Path is a free Quran app with the standard Bosnian Korkut translation (Besim Korkut prijevod) shown side by side with the Arabic Uthmani text and the English Sahih International translation on every ayah. Recitation is by Mishary Alafasy. Available on the web at mydeenpath.com and on Android via Google Play (com.bozmaps.deenpath). No signup, no paywall on the Qur'an reader, prayer times, qibla, duas or the 8-week beginner path.

What is the best Quran app for beginners?

A beginner-friendly Quran app should: (1) show Arabic next to a translation you can read, (2) include audio recitation so you can follow along, (3) have prayer times and qibla in the same app, and (4) explain Islamic terms in plain language. Deen Path provides all four — Arabic + Bosnian (Korkut) + English (Sahih) side by side, Mishary Alafasy audio, prayer times with multiple madhabs, qibla, a glossary, an 8-week beginner path, and an AI tutor with mainstream Sunni guardrails. Free on web and Android.

How can I learn the Quran in Bosnian?

Open the Quran reader at mydeenpath.com/quran. Every ayah of all 114 surahs is shown in Arabic Uthmani with the Besim Korkut Bosnian translation (the standard translation used by the Bosnian Muslim community) and the English Sahih International translation directly underneath, plus a tap-to-play Mishary Alafasy audio recitation. The 8-week beginner path at mydeenpath.com/learn introduces the five pillars, basic duas and short surahs to memorise, with Hanafi-aware notes for Bosnian users.

How accurate are the prayer times on Deen Path?

Prayer times are calculated by aladhan.com using your device location and your chosen method (MWL by default, with ISNA, Egyptian, Makkah, Karachi, and Tehran available). Asr can be Standard (Shafi'i/Maliki/Hanbali) or Hanafi. Methods and Asr school are user-selectable at mydeenpath.com/prayer-times/method.

Privacy Policy

Last updated: 17 May 2026 · Version 2.1

This Privacy Policy explains how Deen Path (“Deen Path”, “we”, “us”, “our”) collects, uses, stores, transfers, and protects personal data when you use the Deen Path website at www.mydeenpath.com (the “Site”), the Deen Path Android application published on the Google Play Store under the package identifier com.bozmaps.deenpath (the “App”), and any related services we offer (together, the “Service”).

We have written this policy with the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the European Union General Data Protection Regulation 2016/679 (EU GDPR), and the Privacy and Electronic Communications Regulations 2003 (“PECR”) in mind. We have also written it to be read by ordinary humans, not only by lawyers, while still meeting our regulatory obligations. If anything in it is unclear, please write to us using the contact details at the end of this document and we will explain in plain language.

By using the Service you confirm that you have read this Privacy Policy and that the processing of your personal data described below is acceptable to you. If it is not, please do not use the Service; you may instead browse the publicly available parts of the Site without creating an account, in which case very little personal data is processed about you (see Section 4).

1. Definitions

For the purposes of this Privacy Policy:

Personal data means any information relating to an identified or identifiable natural person, as defined in Article 4(1) of the UK GDPR.
Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, restriction, erasure, or destruction.
Data controller means the natural or legal person who determines the purposes and means of the processing of personal data. For the avoidance of doubt, Deen Path is the data controller in respect of personal data collected through the Service.
Data processor means a natural or legal person who processes personal data on behalf of the data controller.
Account means a registered user account on the Service.
Subscriber means a user who has purchased the “Deen Path +” upgrade, granting access to additional features.
Special category data means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation, within the meaning of Article 9 of the UK GDPR.

Although the Service is designed around religious learning and practice, we do not require you to disclose any special category data in order to use it. The optional declaration of a madhab (school of Islamic jurisprudence) you make during onboarding is collected solely to personalise the prayer-time calculation method and category of prayer guidance shown to you. We treat that field with the same care we treat the rest of your account profile and we do not use it for any purpose beyond that personalisation.

2. Who we are and how to contact us

The Service is operated by Semir Kahrimanović, a sole trader established in the United Kingdom and trading as “Bozmaps”. Semir Kahrimanović (trading as Bozmaps) is the data controller in respect of all personal data collected through the Service and is accountable to you for its lawful processing.

You can contact us about anything in this Privacy Policy, or about your personal data, by email at support@mydeenpath.com. We aim to respond within five working days and, for any formal data-rights request, within one calendar month as required by the UK GDPR. Where a request is particularly complex or where you have made a number of requests, we may extend that period by two further months and will inform you in writing of the extension and the reasons for it.

We do not currently have a Data Protection Officer because the size and nature of our operations do not require one under Article 37 of the UK GDPR. The named individual responsible for privacy at Deen Path is the founder.

3. The information in this Policy is given freely and prominently

We want this Privacy Policy to be findable, readable, and revisitable. A link to it appears in the footer of every page of the Site, in the footer of every transactional email we send, in the Account section of the App, and on the Google Play store listing. We will not bury it. If you cannot find it on a given page, please email us using the contact details above.

4. The categories of personal data we collect

We collect only the categories of personal data we need to operate the Service, and we collect them only for the purposes set out in Section 7. Below is the complete list.

4.1 Account identity and authentication

Email address — collected when you register for an Account or sign in to an existing Account. Your email address is used to confirm your identity to our authentication subsystem, to deliver transactional emails (such as the confirmation link on first sign-up, password-reset links, and a single welcome message after a successful purchase), and as the channel by which we communicate with you about your Account.
Password — when you sign up using email and password, we store a one-way cryptographic hash of your password using industry-standard algorithms. We do not, at any point, have access to your password in plain text, and we cannot recover it on your behalf if you forget it. You can reset your password using the link we email to you.
User identifier — when you create an Account, our authentication subsystem assigns you a globally unique identifier (a UUID) which we use internally to associate your records together. This identifier is not used for advertising or tracking and is not shared with third parties beyond the data processors listed in Section 8.
Session tokens — once you sign in, our authentication subsystem issues a session token which is stored on your device (in a secure HTTP-only cookie in the browser, or in encrypted secure storage in the App) so that you do not have to sign in on every visit. Session tokens expire automatically and are rotated periodically.

4.2 Profile and preferences

Nationality (optional) — collected during the optional onboarding flow. Used to suggest a sensible default prayer-time calculation method (for example, the Muslim World League method for European users, or the Karachi method for South Asian users). You can change this at any time from your Account page. We do not infer any further information from your declared nationality and we do not share it with any third party.
Madhab (optional) — your declared school of Islamic jurisprudence (or “no preference”). Used to set sensible defaults for the prayer-time calculation method, the Asr rule (Standard vs Hanafi), and the perspective shown in the How-to-Pray guide. You can change this at any time. We do not use it for any other purpose.
Prayer-time method and Asr rule preferences — collected when you customise these settings, either explicitly in the prayer-times screen or implicitly through the onboarding suggestion. Used solely to fetch correct prayer times for you.
Language preference — English or Bosnian. Stored locally on your device and, if you are signed in, also on your Account so that switching devices preserves your choice.
Theme preference — light, dark, or follow-system. Stored locally on your device.

4.3 Subscriber and billing information

Subscription and upgrade status — whether you have an active “Deen Path +” monthly subscription (£2.99 per month, billed recurringly via Stripe until you cancel) or have purchased the “Deen Path +” lifetime upgrade (£20, one-off), the date and time of the most recent purchase or renewal, and, for the monthly plan, the cancellation date if you have cancelled.
Payment-processor customer and subscription references — when you purchase the upgrade or start a subscription, Stripe assigns you a customer reference and (for the monthly plan) a subscription reference which we store alongside your Account. We use these to link your Account to your payment record so that access can be granted, suspended at cancellation, refunded, or queried.
Cooling-off acknowledgement — when you purchase the lifetime upgrade, our Stripe Checkout page asks you to confirm that you wish to start using Deen Path + immediately and that you understand this waives your 14-day cancellation right under the UK Consumer Contracts Regulations 2013 (see the Terms of Use for the full text). We record the fact of that acknowledgement, the date, and the customer reference. We do not record the same acknowledgement for the monthly plan; you can cancel the monthly plan from the billing portal at any time.
Payment card information — we do not collect or store your payment card information. Card information is entered directly into a secure checkout page hosted by Stripe and is handled entirely by Stripe in accordance with its own privacy notice and PCI-DSS obligations. We receive only the result of the transaction (success or failure), the amount, the currency, the timestamp, and the customer and subscription references mentioned above. We never see your full card number, expiry date, CVV, or 3D-Secure response.

4.4 Activity and content you create within the Service

Salah journal entries — when you tap the markers in the salah journal to record that you have prayed a particular salah on a particular day, we store the prayer name, the date, and a marker indicating completion against your Account. We do this purely so that the journal can show you the same record on every device you sign in to. We do not infer anything about you from the data, we do not transmit it to any third party, and we do not use it for advertising or analytics.
Quran progress — if you choose to mark a surah as completed, we store the surah number and the last ayah you indicated against your Account.
Ayah bookmarks — if you bookmark an ayah and optionally attach a short note to it, the surah number, ayah number, and the text of any note are stored against your Account. The note is private to you and is not visible to any other user.
AI tutor conversation messages — when you send a message to the AI tutor, your message is transmitted to a third-party large-language-model provider for the purpose of generating a reply (see Section 8). We do not retain a long-term record of your tutor conversations after the session ends; the conversation is held in your browser's memory while you are using the tutor and is not persisted to our database.
Feedback you submit — if you submit feedback through the in-app feedback button, we receive your message, an optional star rating, the email address you have signed in with (so we can reply), the page from which you submitted, and your browser's user-agent string. Used solely to investigate and respond to your feedback.

4.5 Approximate location

Several features of the Service depend on knowing roughly where you are: today's prayer times (which depend on your latitude and longitude), the qibla direction (which depends on the great-circle bearing from your location to the Kaaba in Makkah), the world prayer-time map (which highlights your location among curated reference cities), the iftar route planner (which depends on a starting point and a destination), and the mosque finder (which searches for places of worship within a chosen radius of your position).

For each of these features, we request access to your device's approximate or precise location only at the moment you actively open the feature, and only after you have granted the necessary operating-system permission (browser geolocation prompt on the Site, or the standard Android location-permission prompt in the App). If you decline, the feature gracefully falls back to manual entry: you can type a city name or paste coordinates instead.

When you do grant location access, your coordinates are transmitted to the relevant third-party data sources we use to compute prayer times, geocode addresses, plan routes, and search for nearby mosques (see Section 8 for the list of these sources). For each one-off use of the feature (for example, opening the qibla compass), the coordinates are used for that single request and are not retained on our servers afterwards. The one exception is the optional web-push prayer-time notifications described in Section 4.9 below: if you turn those on, we store your most recent latitude, longitude, and timezone against your Account so that our scheduled job can calculate prayer times for your location while your browser is closed. That stored location is updated when you next open the feature and is deleted when you turn off push notifications or delete your Account.

Other than the stored push-notification location described above, coordinates are not used for advertising, analytics, profiling, or any other purpose, and they are never shared with any party other than the third-party data sources strictly required for the feature you have invoked.

4.6 Microphone audio (App only, on explicit user action)

The App includes a feature called “Recognise recitation”. This feature lets you record a short clip of Quranic recitation (for example, audio playing from a video you are watching on another device) and obtain an identification of the surah, ayah, and where reasonably possible the reciter. The feature requires access to your device's microphone.

The microphone is accessed strictly under the following conditions, and only when all of them are simultaneously true: (a) you have signed in to a Deen Path Account; (b) your Account is an active Deen Path + subscriber; (c) you have explicitly tapped and are actively holding the “Recognise” button on the dedicated Recognise screen; and (d) you have previously granted the Android operating-system microphone permission for the App. The microphone is released the instant you release the button.

The audio captured while you hold the button is sent in a single ephemeral request to our server. Our server forwards the audio to the Google Gemini paid API (the same large-language-model service used by the AI tutor and described in Section 8) for the limited purpose of identifying the Arabic recitation. The result is then matched against a public Quran text corpus to identify the corresponding surah and ayah. The audio file is not written to long-term storage, is not retained beyond the time required for the single recognition request, is not retained by us after the response is returned, is not shared with any party other than Google for the single purpose stated, and is never used for training any model, for advertising, for analytics, for profiling, or for any other purpose. The microphone is never accessed in the background, never accessed without an explicit press of the Recognise button, and never used to listen passively.

If you do not wish to use the Recognise feature, simply do not open it; the microphone permission will not be requested. You can revoke the microphone permission at any time from your Android device's system settings (Settings → Apps → Deen Path → Permissions → Microphone → Don't allow). The rest of the App will continue to work normally without microphone access.

4.7 Technical and diagnostic information

Aggregate page-view counts — we use a cookieless, privacy-preserving analytics product to count how many people visit each page of the Site, broken down by approximate country and by referrer. The product does not identify individual visitors, does not set cookies, does not fingerprint browsers, and does not link views across sessions. We use these counts to understand which content is being read and to prioritise improvements.
Server logs — when your device makes a request to our server (for example, to fetch a page, sign in, or call an API), our server logs the request method, the path requested, the response status code, the timestamp, and the IP address from which the request was made. These logs are retained for a short period (typically no more than thirty days) for the purposes of security monitoring and incident investigation, and are then automatically deleted.
Crash reports — if the Site or App encounters an unexpected error, an anonymised error report may be transmitted to our infrastructure provider to help us diagnose and fix the issue. These reports include the technical stack trace, the page or screen on which the error occurred, and a hashed device or browser identifier; they do not include your email address, your conversations, your audio, your location, or your account content.
Device and operating-system characteristics — when you use the App, we observe limited technical characteristics of your device (such as the Android version, the device manufacturer and model, the screen resolution, and the App version installed) so that we can render the interface correctly and diagnose issues affecting specific device types.

4.8 Cookies and similar technologies

The Site sets a small number of strictly necessary first-party cookies. A description of each cookie is given in Section 11. We do not use advertising cookies, marketing cookies, third-party analytics cookies, social-media tracking pixels, or any other non-essential tracker. The App does not use cookies (it uses encrypted secure storage instead).

4.9 Web-push prayer-time notifications (Deen Path + only, opt-in)

If you are a Deen Path + subscriber and you turn on web-push prayer-time notifications from your browser, your browser supplies us with a push subscription record consisting of: the push-service endpoint URL (issued by your browser's push provider, typically Mozilla, Google, Apple, or Microsoft); a public encryption key (p256dh) and an authentication secret (auth), both required by the Web Push standard so that we can send notifications encrypted end-to-end to your browser; the user-agent string of the browser that registered the subscription (so we can show you which device a subscription belongs to and let you remove stale ones); and the per-prayer notify preferences you set (which prayers to be notified for, and how many minutes before each prayer). We also store your most recent latitude, longitude, and timezone against your Account, as noted in Section 4.5, so that our scheduled job can calculate the correct prayer times for your location while your browser is closed.

This data is retained for as long as the subscription is active. It is deleted when you turn off push notifications from the Settings screen, when your browser revokes the subscription (for example because you uninstalled the Site as a PWA), or when you delete your Account. We do not transmit the contents of your push subscriptions to any party other than the push-service endpoint your browser specified, and the notifications we send contain only the prayer name and the time, never any other personal data.

5. Android app permissions

The Deen Path Android App (package com.bozmaps.deenpath) declares the following Android permissions. Each is used only for the specific feature listed; the App never uses a permission for any purpose other than the one disclosed below.

android.permission.INTERNET and android.permission.ACCESS_NETWORK_STATE — required for the App to communicate with our servers and with the third-party data sources that provide Quran text, prayer times, routing, geocoding, AI tutor responses, and the payment-processor checkout page, and to detect whether a network connection is available before attempting to fetch.
android.permission.ACCESS_FINE_LOCATION and android.permission.ACCESS_COARSE_LOCATION — required by features that depend on geographic position: prayer times, qibla compass, mosque finder, iftar route planner, and world prayer map. Location is requested only when one of those screens is open and only after you grant the system permission.
android.permission.RECORD_AUDIO — required by the “Recognise recitation” feature. The microphone is accessed only while the Recognise button is being actively pressed by the user, as described in Section 4.6. Audio is sent once to our server for transcription and then immediately discarded.
android.permission.POST_NOTIFICATIONS — required (on Android 13 and later) so that the App can show prayer-time notifications, the “next prayer” ongoing banner, and the home-screen widget update. You are asked for this permission only when you first enable prayer notifications. If you decline, the App continues to work without notifications.
android.permission.SCHEDULE_EXACT_ALARM — required so that prayer-time alarms fire at the precise minute calculated for your location and chosen method, rather than at the operating system's discretionary delay. Used only by the prayer-notification scheduler.
android.permission.RECEIVE_BOOT_COMPLETED — required so that, after you restart your device, the App can re-register your prayer-time alarms (which the operating system clears on reboot). The App receives the boot signal, reschedules the alarms, and immediately stops; it does not run continuously in the background.
android.permission.WAKE_LOCK — used only at the instant a prayer-time alarm fires, to keep the device awake long enough to play the Azan recitation through to the end (typically under three minutes). The wake lock is released as soon as the Azan finishes or you tap Stop.
android.permission.FOREGROUND_SERVICE and android.permission.FOREGROUND_SERVICE_MEDIA_PLAYBACK — required so that, when you have enabled Azan audio for a given prayer, the App can briefly start a media-playback foreground service to play the recitation. The service shows a visible notification with a Stop action while it is running and is stopped automatically as soon as the audio finishes or you press Stop. It is not used for any background processing other than playing the Azan.
android.permission.VIBRATE — used to provide a brief haptic confirmation when the qibla compass locks on to the Kaaba bearing, when you tap a prayer in the salah journal, and when the recognition tool locks on to a result. No data is transmitted as a result of vibration.
android.permission.MODIFY_AUDIO_SETTINGS — required by the Recognise recitation feature to record audio cleanly in the presence of other audio sources on the device.

For the avoidance of doubt, the App does not request access to your contacts, photos and media files, calendar, SMS or call logs, body sensors, biometric authentication, nearby devices, advertising identifier, or any other category of sensitive data. The App does not request a battery-optimisation exemption. The only background work performed by the App is the prayer-notification scheduler described above, which fires at the exact times you have configured and immediately returns the device to a low-power state once the Azan (if enabled) has finished playing.

6. Sources of personal data

We collect personal data directly from you when you provide it through the Site or the App — for example, when you create an Account, edit your profile, mark a prayer in the journal, bookmark an ayah, submit feedback, or use a feature that requires the device microphone or location.

We also receive a limited amount of information from third parties acting on our behalf as data processors: our payment processor confirms the success or failure of your transaction along with a customer reference; our authentication subsystem returns the result of a sign-in attempt; our infrastructure provider records technical telemetry about requests to the Site (Section 4.7). We do not purchase personal data from any data broker, advertising network, social-media platform, or other commercial source, and we do not enrich our records with information from such sources.

7. Purposes of processing and lawful bases (UK / EU GDPR)

Article 6 of the UK GDPR requires us to identify a lawful basis for every act of processing of personal data. The table below summarises the lawful bases we rely on for each of the principal processing activities described in this Policy. Where we rely on legitimate interests, we have carried out a balancing test and concluded that the processing is necessary, proportionate, and unlikely to override your rights and freedoms; you are entitled to object to any such processing at any time as set out in Section 13.

Creating and operating your Account. Lawful basis: performance of a contract (Article 6(1)(b)). Without the data described in Section 4.1, we cannot provide the Service you have asked to use.
Communicating with you about your Account or your purchase. Lawful basis: performance of a contract (Article 6(1)(b)).
Processing the “Deen Path +” upgrade payment. Lawful basis: performance of a contract (Article 6(1)(b)).
Personalising prayer times and content using your profile and preferences. Lawful basis: performance of a contract (Article 6(1)(b)) for signed-in users; legitimate interests (Article 6(1)(f)) for anonymous users using locally stored preferences.
Computing prayer times, qibla, routes, and nearby mosques using your approximate location. Lawful basis: consent (Article 6(1)(a)) — you grant the operating-system permission at the point of use and can revoke it at any time.
Recording and transcribing audio for the Recognise feature. Lawful basis: consent (Article 6(1)(a)) — you grant the microphone permission and then explicitly press the Recognise button each time it is used.
Generating AI tutor responses. Lawful basis: performance of a contract (Article 6(1)(b)) — you ask a question, we answer it through the Service.
Security monitoring, incident investigation, and fraud prevention. Lawful basis: legitimate interests (Article 6(1)(f)) — to protect the Service, our users, and our infrastructure.
Aggregate, cookieless analytics on Site usage. Lawful basis: legitimate interests (Article 6(1)(f)) — to understand which content is read and to prioritise improvements.
Maintaining accounting records and complying with our legal obligations (HMRC, etc.). Lawful basis: legal obligation (Article 6(1)(c)).

8. Recipients and processors

We use a small number of trusted third-party service providers (“sub-processors”) to operate the Service. Each is bound by appropriate contractual safeguards consistent with Article 28 of the UK GDPR and only processes personal data on our documented instructions. We do not sell personal data, we do not rent personal data, and we do not share personal data with any party for the purpose of independent marketing.

Below is the current list of categories of recipient. We will update this list when it materially changes.

Cloud hosting and aggregate web analytics — Vercel Inc. (an established hosting platform headquartered in the United States, with EU points of presence). Vercel hosts the Site, serves it through its global edge network, and provides the cookieless, IP-anonymising aggregate analytics product described in Section 4.7. Transfers to Vercel in the United States are covered by Vercel's certification under the EU-U.S. Data Privacy Framework and by Standard Contractual Clauses as set out in Vercel's Data Processing Addendum. Vercel's privacy notice is at vercel.com/legal/privacy-policy.
Backend platform and authentication provider — Supabase Inc. (trading from Ireland, project hosted in the Supabase eu-west-1 region, Dublin, Ireland) which provides our authentication, database, and storage layers. Your Account data and your activity in the App (salah journal, Quran progress, ayah bookmarks, push-subscription records) are stored here and protected by row-level access controls so that only your own authenticated session can read your own records. Supabase's privacy notice is at supabase.com/privacy.
Payment processor — Stripe Payments Europe Limited (a regulated payment institution headquartered in the Republic of Ireland, with operations also in the United Kingdom). Stripe handles all card-data entry, PCI-DSS compliance, fraud screening, and settlement of payments on our behalf, including the Deen Path + monthly subscription and the Deen Path + lifetime upgrade. Stripe's privacy notice is at stripe.com/privacy.
Transactional email provider — Resend Inc., used to send sign-in confirmation, welcome, password-reset, and other strictly transactional emails. Resend operates from EU and US regions and offers a GDPR-aligned data-processing addendum; we have configured the service so that only transactional traffic is sent through it. The provider does not use your email address for its own marketing. Resend's privacy notice is at resend.com/legal/privacy-policy.
Large-language-model provider — Google Ireland Limited (and its affiliates), which provides the generative-AI service used by the AI tutor and by the Recognise recitation feature. When you send a message to the tutor, or audio to Recognise, the data is transmitted to this provider through the paid tier of its Gemini API, on which Google contractually undertakes not to use API inputs to train its general-purpose models and not to retain inputs beyond the period necessary to serve the request. See ai.google.dev/gemini-api/terms and policies.google.com/privacy. Transfers to Google in the United States are covered by Google's certification under the EU-U.S. Data Privacy Framework and by Standard Contractual Clauses.
Open-data Quran corpus — a public, free, scholar-vetted Quran data service used to fetch the Arabic Uthmani text, the Bosnian Korkut translation, the Sahih International English translation, and the Mishary Alafasy recitation audio. No personal data is sent to this service; it receives only the surah number being requested.
Prayer-time computation service — a public, free, prayer-times service that returns Fajr / Dhuhr / Asr / Maghrib / Isha times for a given latitude, longitude, date, and calculation method. This service receives only your coordinates, the requested date, and the calculation method; it does not receive your identity.
Geocoding and routing services — public services operated by the OpenStreetMap community (Nominatim and Overpass) and by the OSRM project, used to translate place names into coordinates and to compute driving routes for the iftar route planner. These services receive only the place names, addresses, or coordinates necessary for the lookup; they do not receive your identity.
Google Play Store — when you install the App from the Play Store, Google receives information about the installation in accordance with the Play Store's own privacy notice. We receive only anonymised, aggregate install statistics through the Play Console, not the identities of individual installers.

We never share your data with advertising networks, data brokers, social-media platforms (other than where you explicitly choose to share content from the Service yourself), or government agencies except where required by law and after seeking legal advice on the validity of the request.

9. International transfers

Personal data we process is, wherever possible, kept within the United Kingdom and the European Economic Area. Some processing necessarily takes place in the United States — in particular, certain processing by the large-language-model provider for the AI tutor and the recitation recogniser. Where personal data is transferred outside the UK or the EEA, we rely on the safeguards permitted by Article 46 of the UK GDPR and Chapter V of the EU GDPR, which include the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum as appropriate for each provider, together with supplementary technical and organisational measures (encryption in transit, the use of pseudonymous identifiers rather than direct identifiers, and minimisation of the data transferred).

You may request, by writing to support@mydeenpath.com, a summary of the safeguards relied upon for any specific transfer of your personal data.

10. Retention periods

We retain personal data only for as long as we have a lawful basis for doing so. The principal retention periods are as follows:

Account identity and authentication data — retained for the lifetime of your Account. Deleted within seven days of you deleting your Account.
Profile, preferences, salah journal, Quran progress, and ayah bookmarks — retained for the lifetime of your Account. Deleted within seven days of you deleting your Account.
Payment records — retained for six years from the date of the transaction, in line with the requirements of the UK Companies Act 2006 and HMRC tax-record-keeping rules for businesses. After six years, payment records are anonymised so that they cannot be linked to a former Account.
Welcome and transactional email records — the email-delivery provider retains delivery metadata (recipient, timestamp, delivery status) for a period determined by the provider; we do not retain the body of these emails ourselves.
AI tutor and recogniser inputs — not retained on our servers beyond the duration of the request; the large-language-model provider may retain inputs in accordance with its own privacy notice.
Server logs — retained for up to thirty days for security and incident-investigation purposes, after which they are deleted.
Crash reports and aggregate analytics — retained in aggregated, non-identifying form for the lifetime of the Service.
Feedback you submit through the in-app feedback button — retained for as long as is reasonably necessary to investigate and respond, and in any event no longer than three years from the date of submission.

If you would like data retained for shorter than these defaults, write to us and we will endeavour to accommodate the request to the extent permitted by the lawful bases on which we rely.

11. Cookies and similar technologies

The Site sets only first-party cookies that are strictly necessary for the operation of the Service. We do not require your consent to set strictly necessary cookies under Regulation 6(4) of the PECR, but we describe them here in the interests of transparency.

Session token cookie (set by our authentication subsystem) — keeps you signed in across page loads. HTTP-only, Secure, SameSite=Lax. Expires when your session ends or when you sign out.
Authentication-refresh cookie (set by our authentication subsystem) — used to silently refresh expired session tokens so that you do not have to sign in repeatedly. HTTP-only, Secure, SameSite=Lax.
Language preference (stored as a small local item in your browser) — remembers whether you have chosen English or Bosnian.

We do not set any advertising cookies, marketing cookies, third-party analytics cookies, social-media tracking pixels, or fingerprinting beacons. We do not participate in any cross-site tracking framework. The Android App does not use cookies at all; it uses encrypted on-device storage instead.

12. Security

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access. These measures include, without limitation:

encryption of personal data in transit between your device and our servers (TLS 1.2 or higher);
encryption of personal data at rest at the storage layer;
row-level access controls on our application database such that, by default, only your authenticated session can read or write your own records;
one-way cryptographic hashing of passwords (never plain-text storage);
principle-of-least-privilege access to production systems by authorised personnel;
rotation of cryptographic keys and access credentials on a defined schedule and following any suspected compromise;
regular review of dependency security advisories and the application of security patches in a timely manner;
documented incident-response procedures, including notification to affected data subjects and the Information Commissioner's Office within seventy-two hours of becoming aware of a notifiable personal-data breach, in accordance with Article 33 of the UK GDPR.

Notwithstanding the above, no service operating over the public internet can be guaranteed to be 100% secure. By using the Service, you acknowledge this inherent residual risk. You can help us keep your data safe by choosing a strong, unique password, by not sharing your sign-in credentials, and by signing out from shared devices.

13. Your rights as a data subject

Under the UK GDPR (and, where applicable, the EU GDPR) you have the following rights in respect of your personal data:

The right of access (Article 15) — to obtain a copy of the personal data we hold about you, together with information about how we process it.
The right to rectification (Article 16) — to have inaccurate personal data corrected and incomplete personal data completed.
The right to erasure (Article 17) — also known as the “right to be forgotten”. You can request the deletion of your personal data where one of the grounds in Article 17(1) applies. The Service exposes a self-service account-deletion flow in the Account screen of the Site and the App, and a public-facing description of it at www.mydeenpath.com/delete-account.
The right to restriction of processing (Article 18) — to ask us to limit the use of your personal data while a query or dispute is being resolved.
The right to data portability (Article 20) — to receive the personal data you have provided to us in a structured, commonly used, machine-readable format and to have it transmitted to another controller where this is technically feasible. The Service exposes an export-data button in the Account screen which produces a JSON export of your records.
The right to object (Article 21) — to object to processing carried out on the basis of legitimate interests, including profiling. You may exercise this right at any time by writing to us.
The right to withdraw consent (Article 7(3)) — where we rely on consent as our lawful basis (notably for the location and microphone permissions), you can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
The right not to be subject to a decision based solely on automated processing (Article 22) — we do not make any decisions about you that produce legal effects on you or significantly affect you, based solely on automated processing, including profiling. The AI tutor and the recitation recogniser produce informational output; they do not adjudicate any rights, entitlements, or risk-scoring.

To exercise any of these rights, please email support@mydeenpath.com. We will respond within one calendar month of receipt of your request, as required by the UK GDPR.

Right to lodge a complaint with the Information Commissioner's Office. If you are not satisfied with our response to a data-rights request, or if you believe that our processing of your personal data otherwise breaches the UK GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (the “ICO”), the United Kingdom's data-protection regulator. The ICO can be contacted at ico.org.uk/concerns or on the telephone helpline 0303 123 1113. If you are resident in the European Economic Area, you may instead complain to the supervisory authority of your country of residence.

14. Marketing communications

We do not currently send marketing communications. The only emails you receive from us are transactional in nature: a confirmation link when you first sign up, a password-reset link if you request one, and a single welcome message after you complete a successful Deen Path + purchase. We do not send newsletters, promotional messages, drip campaigns, abandoned-cart reminders, or third-party advertising. If we ever introduce optional marketing emails in the future, they will be strictly opt-in and you will be able to unsubscribe at any time using the unsubscribe link present in every such email.

15. Children's privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from anyone we know to be under 13. If you are the parent or legal guardian of a child under 13 and you believe that the child has provided personal data to the Service, please contact us at support@mydeenpath.com and we will delete the data and the associated Account without undue delay. Where the laws of the country in which you reside provide for a higher age of digital consent than 13 (for example, 16 in some EEA member states), the higher age applies in that country.

16. Automated decision-making and profiling

Deen Path does not engage in automated decision-making within the meaning of Article 22 of the UK GDPR. We do not score, rank, or profile users. The AI tutor and the recitation recogniser are informational tools — they produce text or audio identification in response to a question or recording — and the outputs are advisory only. The Service does not adjudicate any matter of religious law, finance, entitlement, or risk on the basis of automated processing. For substantive religious questions, we routinely advise users to consult a qualified human imam.

17. Links to third-party content

The Service may contain links to third-party websites and services (for example, links to Stripe's privacy notice, the Information Commissioner's Office, openstreetmap.org, qiblafinder.withgoogle.com, and the Play Store listing). We are not responsible for the privacy practices of those third parties and we encourage you to read their privacy notices before providing them with any personal data.

18. Changes to this Privacy Policy

We may amend this Privacy Policy from time to time to reflect changes in the law, in the Service, in the sub-processors we use, or in our internal practices. When we make a material change, we will notify you by email (if you are signed in to a Deen Path Account) and we will update the “Last updated” date at the top of this page. Where the change is material we will give you at least fourteen days' notice before it takes effect, during which time you may, if you wish, close your Account and request deletion of your data.

Cosmetic edits, typographic corrections, and clarifications that do not change the substance of our processing will not trigger a notice.

19. Governing law

This Privacy Policy is governed by the laws of England and Wales, without prejudice to your right to bring proceedings or lodge a complaint in the country of your habitual residence, your place of work, or the place of the alleged infringement, as provided by the applicable data-protection law.

20. Contact

For any question about this Privacy Policy, about how we process your personal data, or to exercise any of the rights described in Section 13, please contact us at:

Email: support@mydeenpath.com
Web: www.mydeenpath.com

Thank you for trusting Deen Path with your data. We take that trust seriously and we will continue to refine this Policy and our practices to honour it.