Privacy Policy

Last updated: December 2025

1. Information We Collect

ICMA - Hadith Chain Analysis ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our web application.

Data Collection

  • API Keys: Google Gemini API keys provided by users for narrator extraction (stored locally in browser only)
  • User Input: Hadith text and analysis data entered by users
  • Application Data: Chain analysis results and user preferences
  • Technical Data: Browser information and usage analytics (anonymized)

2. How We Use Your Information

Primary Purpose

Your API keys and input data are used solely to provide the hadith analysis functionality. We process your hadith text using Google's Gemini AI to extract narrator chains.

Data Processing

  • API keys are transmitted securely to Google's Gemini AI service
  • Hadith text is processed to extract narrator information
  • Analysis results are displayed in your browser
  • All processing happens in real-time and results are not stored on our servers

3. Data Storage and Security

Local Storage (Default)

By default, all your data including API keys and analysis results is stored locally in your browser. We do not store, transmit, or have access to your personal data on our servers when you use the application without signing in.

Signed-In User Data Storage

When you sign in: Your analysis data and chain analysis data may be automatically saved to our secure Firebase database to preserve your work across sessions. This includes hadith text, narrator chains, analysis steps, selected hadiths, and generated visualizations. You can manage and delete your saved sessions from your profile.

Important: Even when signed in, your API keys remain stored only locally in your browser. We never store, transmit, or have access to your API keys on our servers or database.

API Keys: Stored securely in your browser's localStorage and only used for API calls to Google's Gemini service.

Hadith Data: Processed in real-time and displayed in your browser. Not transmitted to or stored on our servers.

User Preferences: Theme settings and other preferences stored locally for better user experience.

4. Third-Party Services

Google Gemini AI

We use Google's Gemini AI service to process hadith text and extract narrator information.

Your API key and hadith text are transmitted directly to Google's servers. We do not have access to or store this data. Please refer to Google's Privacy Policy for their data handling practices.

5. Data Retention

We follow different data retention policies based on how you use our service:

Local-Only Usage

  • API Keys: Stored locally until cleared
  • Analysis Data: Never stored on servers
  • User Preferences: Stored locally until cleared
  • Cleanup: Automatic removal via browser data clearing

Signed-In Users

  • Analysis Sessions: Retained until you delete them
  • Chain Analysis Data: Saved automatically during sessions
  • API Keys: Always stored locally in browser only
  • User Profile: Retained while account is active
  • Account Deletion: All data deleted upon account removal

Data Control: Signed-in users can view, export, and delete their saved analysis sessions and chain data at any time through their profile. Local data remains under your exclusive control.

6. GDPR Data Subject Rights

As a resident of the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

Right of Access (Article 15)

You have the right to obtain confirmation whether we process your personal data and access to that data.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data rectified or incomplete data completed.

Right to Erasure (Article 17)

You have the right to have your personal data erased ("right to be forgotten").

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used format.

Right to Restriction (Article 18)

You have the right to restrict the processing of your personal data in certain circumstances.

Right to Object (Article 21)

You have the right to object to the processing of your personal data for certain purposes.

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer using the information provided below. We will respond within one month of receiving your request.

Note: Since we do not store your personal data on our servers, many of these rights are automatically fulfilled through our local-only data storage approach.

7. Lawful Basis for Processing

Under GDPR, we process personal data based on the following lawful bases:

Consent (Article 6(1)(a))

Processing is based on your explicit consent when you provide API keys and input data for processing.

Legitimate Interest (Article 6(1)(f))

We have a legitimate interest in providing the hadith analysis service you requested.

8. International Data Transfers

Your API keys and hadith data may be transferred to Google's servers, which may be located outside the EEA. Such transfers are protected by:

  • Adequacy Decision: Google Cloud services benefit from the EU-US Data Privacy Framework
  • Standard Contractual Clauses: Google implements appropriate safeguards for international transfers
  • Your Control: You can choose not to use the service if you do not agree with these transfers

Important: By providing a Google Gemini API key and using our service, you acknowledge and consent to these international data transfers as necessary for the service functionality.

9. Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will:

  • Notify you within 72 hours of becoming aware of the breach
  • Report the breach to the relevant supervisory authority within the same timeframe
  • Provide information about the breach, its effects, and mitigation measures
  • Cooperate with authorities as required by law

Given our minimal data collection and local storage approach, the risk of data breaches is significantly reduced.

10. Age Restrictions and Parental Consent

Age Requirements

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16.

If you are under 16, you must obtain parental consent before using this service. Parents and guardians should monitor their children's online activities and ensure they do not provide personal data without consent.

11. Cookies and Tracking Technologies

No Cookies Used

Our service does not use cookies, tracking pixels, or other similar technologies to collect or store information about your browsing activities.

We use localStorage in your browser solely for storing your API keys and user preferences locally on your device. This data never leaves your browser or device.

12. Data Protection Officer and Supervisory Authority

Data Protection Officer

For GDPR-related inquiries and to exercise your data subject rights:

Email: thedigitalsunnah@gmail.com
Subject: GDPR Data Subject Rights Request

General Inquiries

For general privacy policy questions:

Email: thedigitalsunnah@gmail.com
Subject: Privacy Policy Inquiry

Right to Lodge a Complaint

If you believe we have not complied with GDPR requirements, you have the right to lodge a complaint with a supervisory authority in your country or region. For residents of the EEA, you can find your local supervisory authority at: European Data Protection Board

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal compliance reasons. Any material changes will be communicated to you and the updated policy will be posted on this page with an updated revision date.

Material Changes: If we make material changes that affect your rights under GDPR, we will provide additional notice (such as email notification if we had contact information) and may require re-consent for certain processing activities.

Back to Home