Privacy Policy

Last updated: May 13, 2026

What we collect

When you create an account, we collect your name and email address.

As you use the app, we store your daily check-in data (mood, streak count, pledge status) and niyyah selections (your reasons for quitting).

If you record a personal dua, the audio file stays on your device only. It's never uploaded to our servers.

To improve the app, we collect app usage data automatically. This includes:

  • Screens visited and features used
  • Session recordings (how you navigate the app — passwords and sensitive inputs are always masked and never captured)
  • Crash logs and error reports
  • Device information such as device model, iOS or Android version, and language settings

This data is processed by third-party analytics tools and is used solely to understand how the app performs and how to improve it. It is not tied to your name or email address.

How we use it

  • Provide the Nafs service (check-ins, streaks, panic button)
  • Pair you with an accountability partner
  • Send you daily reminders (if enabled)
  • Improve the app based on anonymous usage patterns

What we share

We never sell your data and never share it with advertisers. Your personal journey is between you and Allah.

We share anonymous app usage data with third-party analytics tools to help us improve the app. This data does not include your name, email, check-in content, or anything that identifies you personally.

If you have an accountability partner, they receive notifications about high-level Shield events (for example, if you turn off the Shield). They do not see your check-in details, streak history, or any other personal data.

Data storage

Your account data is stored on secure cloud servers with encryption at rest and in transit.

Your rights

  • Delete your account: Go to Profile → Account → Delete account in the app. This permanently removes all your data immediately. You can also email reza@controlnafs.com and we'll action it within 30 days.
  • Update your info: You can update your name and niyyah directly in Profile Settings inside the app.
  • Access or correct your data: Email us at reza@controlnafs.com and we'll respond within 30 days.

Content blocker and focus features

Nafs includes optional focus features that add a moment of friction before certain apps open. To provide this, Nafs may use platform APIs (such as Accessibility Services or Screen Time APIs) to detect when a shielded app comes to the foreground.

What is accessed: only the identifier of whichever app is about to open. Nothing else — no screen content, no text, no passwords, no keystrokes, no clipboard, no other user input.

Where that data goes: the app identifier is checked locally on your device against your list of shielded apps. It is never uploaded to our servers. The only events we log are high-level actions (for example, whether you completed the friction step) — never which specific app triggered them.

Your installed apps list: Nafs may request permission to display your installed apps so you can choose which ones to shield. This list is used only on your device and is never uploaded or shared.

Display permissions: Nafs may request permission to display a screen on top of other apps in order to show the friction moment. This permission is used solely to render that screen. Nafs never uses it to read or interact with any other app's content.

All data processed through these mechanisms stays on your device. You can disable focus features at any time from the Shield tab inside the app.

Site blocking

Nafs includes an optional site blocking feature that prevents access to harmful websites across all browsers and apps on your device.

To deliver this, Nafs may establish a private connection on your device. This connection works entirely on your phone — it does not route your traffic through any Nafs server, and it does not connect you to any external network. Think of it as a filter that runs locally, not a tunnel to somewhere else.

What is accessed: only the website address you're trying to visit, checked locally against your personal block list.

What we do not collect: we do not log, store, or transmit which sites you visit, which sites are blocked, or any other browsing activity. None of this information ever leaves your device.

What you see: while site blocking is active, a small key icon may appear in your notification bar. This is your device's standard indicator that a local private connection is in use — it does not mean your traffic is being sent anywhere.

You can turn site blocking on or off at any time from the Shield tab inside the app. Turning it off immediately removes the private connection.

Age requirement

You must be at least 13 years old (or the minimum digital consent age in your country) to use Nafs. We do not knowingly collect data from anyone under 13. If you believe a child has created an account, please contact us and we'll remove it immediately.

Changes to this policy

If we make significant changes, we'll notify you through the app. Continued use after changes means you accept the updated policy.

Contact

Questions about your privacy? Email us at reza@controlnafs.com.