Privacy Policy

1. Introduction

Masrufi ("we", "our", "us") is a family financial literacy app designed for children of all ages, operated exclusively under parental supervision. All child accounts are created and managed by a parent. We are committed to protecting the privacy of every family that uses our platform, with particular care for children's data. This policy describes what we collect, how we use it, and the rights you have over your information.

2. Information We Collect

Parent Account: Name, email address, and password (hashed) used for account creation, authentication, and email notifications. Currency preference and email notification settings are also stored.

Child Profile: First name, age group, and a PIN or password (hashed) used for child login. We do not collect a child's email address, phone number, or any government-issued identifiers.

Financial Data: Allowance amounts, transaction descriptions and categories, bucket allocations and split percentages, savings goals, withdrawal requests, and balance history — all entered by parents or children within the app.

Chores & Rewards: Chore titles, descriptions, reward amounts, frequency settings, and completion records (including approval or rejection by the parent).

Quizzes & Learning: Quiz assignments made by parents, quiz responses and scores submitted by children, knowledge library cards accessed by children, and lesson completion records.

Progress & Gamification: XP points earned, level reached, learning streaks, and level-up milestone records.

App Activity: In-app interactions such as transactions logged, chores completed, quizzes taken, and library cards read. This data is used solely to power the app's features and is never used for advertising profiling.

3. How We Use Information

• To provide the core Masrufi experience: allowance management, chore tracking, bucket-based budgeting, savings goals, and financial education
• To authenticate parents and children and secure their accounts
• To power the learning system: assigning quizzes, tracking quiz scores, recording library card progress, awarding XP, and maintaining streaks
• To process chore assignments and rewards: linking completed chores to child accounts and crediting approved reward amounts to the spending bucket
• To calculate Zakah amounts and manage savings goals
• To send parents transactional email notifications (e.g. withdrawal requests, chore completions) based on their notification preferences, which can be adjusted at any time in Settings
• To personalize the parent dashboard with coaching tips and conversation starters relevant to their family's activity

We do not use any data for advertising, profiling, or sharing with third parties for commercial purposes.

4. Children's Privacy

Masrufi is designed with children's privacy as a core principle:

• Child accounts can only be created by a verified parent account
• We do not collect email addresses, phone numbers, or any direct identifiers from children
• We do not include third-party advertising or analytics SDKs in our app
• We do not share children's personal information with any third party
• Parents can review, edit, or delete their child's profile and all associated data at any time from within the app
• Parents can permanently delete their account and all children's data directly from the app's Settings screen, or by submitting a request via our contact form

5. Data Storage and Security

All data is stored securely using Supabase (hosted PostgreSQL) with row-level security (RLS) policies enforced at the database level, ensuring strict data isolation between families. No family can access another family's data. Passwords and PINs are hashed using bcrypt and never stored in plaintext. All client-server communications are encrypted using HTTPS/TLS.

6. Data Sharing

We do not sell, rent, or share personal information with third parties for any commercial purpose. Data is shared only between parent and child accounts within the same family unit, as required for the app to function.

7. Data Retention and Deletion

We retain data for as long as an account is active. You can permanently delete your account and all associated data (including all child profiles, transactions, chores, quiz records, and goals) in two ways:

• In-app: Go to the Me tab → scroll to the bottom → tap Delete account. Deletion is immediate and irreversible.
• By request: Submit an "Account Deletion Request" via our contact form or email us at admin@masrufi.com. We will permanently delete all data within 30 days of your request.

8. Third-Party Services

We use the following third-party infrastructure providers. Each has its own privacy policy and is used solely for the technical operation of Masrufi:

• Supabase — Database hosting, authentication infrastructure, and row-level security
• Railway — Cloud hosting for the Masrufi API server
• Vercel — Hosting for the Masrufi website (masrufi.com)
• Microsoft Office 365 (SMTP) — Used to deliver transactional email notifications to parents (e.g. withdrawal requests, chore approvals). Only parent email addresses are transmitted for this purpose. No child data is shared.
• Expo / EAS — App build pipeline and over-the-air update delivery for the mobile app

We do not use any analytics, advertising, or crash-reporting SDKs. No third-party code in our app collects or transmits user data independently.

9. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our app or legal requirements. We will notify users of any material changes through the app or via email. The "Last updated" date at the top of this page reflects when the policy was most recently revised.

10. Contact Us

If you have questions about this privacy policy, wish to exercise your data rights, or want to request account deletion, please reach out:

• Contact form: masrufi.com/contact
• Email: admin@masrufi.com