Privacy Policy

Last updated: May 14, 2026

This Privacy Policy explains what information Miraj (“Miraj,” “we,” or “us”) collects when you use the Miraj iOS app or visit miraj.fyi, how we use that information, and the choices you have. We’ve tried to keep it short and direct.

The short version: Miraj is private by design. We do not run a public feed, we do not sell your data, and we do not embed third-party advertising or analytics SDKs. What you share inside the app is visible only to the small private circle of friends you invite.

1. What we collect

We collect only what we need to run the service:

• Account information. When you sign in with Apple or Google, we receive your email address and a unique user identifier. If Apple provides your name during Sign in with Apple, we store it as your display name. You can change your preferred name at any time.
• Profile information. Anything you add to your profile: preferred name, optional gender, optional city, time zone, optional latitude and longitude (used to calculate prayer times), avatar image, and any tags you select during onboarding (such as spiritual or life intentions).
• Content you create. Moment photos, niyyah captions, comments inside your circles, habit names, habit notes, and check-in history.
• Circles. The circles you create or join, and the membership of those circles.
• Device push tokens. If you allow push notifications, we store the Apple Push Notification service (APNs) token associated with your device so we can deliver Moment-window reminders and circle activity notifications.
• Beta-signup form on miraj.fyi. If you submit your email to request beta access, we store the email address, the section of the page you submitted from, your browser’s user agent string, and a one-way salted hash of your IP address (used only for spam mitigation and rotated daily). We do not store your raw IP address.

We do not use third-party advertising, marketing, or analytics SDKs in the iOS app. We do not track your activity outside of Miraj.

2. How we use it

We use the information above only to:

• Operate Miraj’s core features (Moment check-ins, habits, circles, comments, streaks).
• Deliver push notifications you opt into.
• Calculate prayer times for your location.
• Generate the personalized habit roadmap during onboarding (see “Third-party services”).
• Communicate with you about beta access, service updates, and security issues.
• Detect and prevent abuse (for example, blocking automated signups).

3. Who can see what

• Your Moment photos, captions, comments, and check-ins are visible to the members of the private circles you choose to share them with. Miraj has no public feed.
• Your profile (preferred name, avatar, gender if set) is visible to members of any circle you join.
• Your habits and habit notes are private to you unless you mark a habit as shared with a circle.
• Your email address is not visible to other users.

4. Third-party services

Miraj uses the following third-party services to operate the app. They receive only the data they need to perform their function:

• Supabase. Cloud infrastructure that hosts our database, file storage (Moment photos, avatars), and authentication. Supabase processes all your account and content data on our behalf.
• Apple Push Notification service (APNs). Delivers push notifications to your iPhone. Apple receives the push payload at delivery time. We do not include Moment photo content in push payloads.
• Sign in with Apple and Google Sign-In. Handle the authentication flow. They receive only the information required to authenticate you.
• Aladhan (via our Cloudflare Worker at api.miraj.fyi). Provides prayer-time calculations. We forward only your latitude, longitude, and the date of the request. No personal identifiers are forwarded.
• Google Gemini and Groq. Provide AI completions during onboarding to generate your personalized habit roadmap and suggestions. We forward only the prompt content required to produce the roadmap (typically your selected intentions and answers from the onboarding questionnaire). We do not share your account identifiers or content with these providers.
• Cloudflare. Hosts miraj.fyi and our API at api.miraj.fyi. Cloudflare may process request metadata (IP address, user agent) as part of standard web infrastructure operations.

5. Children

Miraj is not directed to, or intended for, children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can delete it.

6. Data retention

We retain account and content data for as long as your account is active. If you delete your account, we delete your profile, your habits, your moments, and your comments within 30 days. Aggregated, non-identifying logs may be retained longer for security and abuse-prevention purposes.

Beta-signup emails are retained until you ask us to remove them or until we close the waitlist.

7. Your choices and rights

• You can edit your profile, disable notifications, leave a circle, or remove a habit at any time from inside the app.
• To request account deletion, an export of your data, or removal from the beta-signup list, email us at [email protected]. We will respond within 30 days.
• Depending on where you live, you may have additional rights under laws such as the GDPR (EU/UK) or CCPA (California). To exercise those rights, contact us at the email above.

8. Security

Data is transmitted over TLS. Photos and database content are stored on Supabase infrastructure with their standard security controls. No system is perfectly secure; if we ever become aware of a breach that affects your data, we will notify you in accordance with applicable law.

9. Changes to this policy

We’ll update this page if our practices change. The “Last updated” date at the top reflects the most recent revision. For material changes we’ll also notify active accounts in-app or by email.

10. Contact

Questions or requests? Email [email protected].