Privacy Policy
Last updated: April 24, 2026
1. Introduction
Masrufi ("we", "our", "us") is a financial literacy app designed for children aged 10-18, operated under parental supervision. We are committed to protecting the privacy of our users, especially children. This policy describes how we collect, use, and safeguard information.
2. Information We Collect
Parent Account: Name, email address, and password (for account creation and authentication).
Child Profile: First name, age, and a PIN (used for child login). We do not collect a child's email, phone number, or any government-issued identifiers.
Financial Data: Allowance amounts, transaction descriptions, bucket allocations, savings goals, and withdrawal requests — all entered by parents or children within the app.
3. How We Use Information
- To provide the core Masrufi experience: allowance management, budgeting, and financial education
- To authenticate users and secure accounts
- To calculate Zakah and manage savings goals
We do not use data for advertising, profiling, or selling to third parties.
4. Children's Privacy (COPPA Compliance)
Masrufi is designed with children's privacy as a priority:
- Child accounts can only be created by a parent
- We do not collect more information from children than is necessary
- We do not include third-party advertising or analytics SDKs
- We do not share children's personal information with third parties
- Parents can review, modify, or delete their child's data at any time through the app
- Parents can delete their account and all associated data by contacting us
5. Data Storage and Security
Data is stored securely using Supabase (hosted PostgreSQL) with row-level security policies ensuring strict data isolation between families. Passwords are hashed using bcrypt. All communications use HTTPS encryption. Child PINs are hashed server-side and never stored in plaintext.
6. Data Sharing
We do not sell, rent, or share personal information with third parties. Data is only shared between parent and child accounts within the same family unit.
7. Data Retention and Deletion
We retain data for as long as the account is active. Parents may request deletion of their account and all associated child data by contacting us at admin@masrufi.com. Upon request, all data will be permanently deleted within 30 days.
8. Third-Party Services
We use the following third-party services:
- Supabase — Database and authentication infrastructure
- Expo / EAS — App build and update delivery
These services have their own privacy policies and are used solely for infrastructure purposes.
9. Changes to This Policy
We may update this privacy policy from time to time. We will notify users of any material changes through the app or via email.
10. Contact Us
If you have questions about this privacy policy or wish to exercise your data rights, please contact us at:
Email: admin@masrufi.com