nafs is an Islamic wellness app designed to nurture your spiritual growth. It brings together prayer tracking, Quran reading, journaling, cycle insights, and more, all in one beautifully designed, ad-free space.

Yes! nafs is free forever. You get prayer times, Qibla compass, Quran reading & audio, 150+ duas, 502 hadiths, dhikr counter, journal entries, and more at no cost. nafs+ unlocks unlimited journaling, AI cycle predictions, extra reciters, and additional features.

When does nafs launch?

Soon, inshaAllah. Join the waitlist to be the first to know and get early access.

Absolutely. Your data stays on your device. We don't sell your information, we don't run ads, and we never will. Privacy isn't a feature. It's a promise.

nafs+ is our premium tier starting at $14.99/year with a 7-day free trial. It unlocks unlimited journal entries, AI-powered cycle predictions, symptom tracking, 192+ Quran reciters, home screen widgets, and more.

Where does support money go?

Half of all contributions go directly to humanitarian charities, currently supporting relief efforts in Sudan, Congo, Somalia, Kenya, and Ethiopia through vetted organizations like ICNA Relief, Life for Relief and Development, Sudan Relief Fund, Doctors Without Borders, Baitulmaal, Muslim Aid, Zakat Foundation of America, Helping Hand (HHRD), Human Appeal, and Islamic Relief Worldwide. The other half helps us build new features and keep nafs ad-free.

Is nafs only for women?

Not at all. nafs is for every Muslim. The "For Her" features (cycle tracking, symptom insights, Islamic guidance during menstruation) are optional and only visible if you choose to enable them.

Privacy Policy

nafs · Islamic Companion App

Effective February 16, 2026

Bismillah al-Rahman al-Raheem

1. Introduction

nafs ("we," "our," or "us") is an Islamic lifestyle application developed by NAFS TECHNOLOGIES LLC. nafs helps Muslims manage their daily religious practices including prayer tracking, Quran reading, cycle/period tracking, journaling, dhikr and tasbih, fasting records, and Islamic learning.

This Privacy Policy explains what information the app uses, how it is handled, how we protect it, and your rights regarding your data. We are committed to respecting your privacy and handling your personal information with care.

By using nafs, you agree to the handling and use of information as described in this Privacy Policy. If you do not agree, please do not use the app.

2. Information the App Uses

2a. Account Information

When you create an account, you provide the following:

Email address: used for authentication and account recovery
Display name: optional, used for personalization
Authentication provider: whether you signed in via email/password, Apple Sign-In, or Google Sign-In
User ID: a unique identifier generated by our authentication service

You may also use nafs in guest mode without creating an account. Guest mode limits certain features such as cloud sync.

2b. Religious Practice Data

The app stores the following data on your device as you use it:

Prayer completions: which prayers you mark as completed each day
Fasting records: days you mark as fasting (Ramadan and voluntary)
Missed fasts: count of missed obligatory fasts
Madhab (school of thought): used to determine prayer time calculation rules
Calculation method: your preferred astronomical method for prayer times (e.g., ISNA, MWL, Egyptian)
Prayer time offsets: manual minute adjustments to calculated prayer times
Adhan preferences: selected notification sounds for each prayer

2c. Health & Cycle Data

If you opt in to cycle tracking, the app records the following on your device:

Period start and end dates
Flow intensity (light, medium, heavy)
Symptoms: pain, mood, physical symptoms, and other indicators you select
Mood and pain levels
Sleep quality
Notes: free-text notes attached to cycle logs (encrypted at rest)
Health conditions: optional selections such as PCOS, perimenopause, or breastfeeding, used to improve prediction accuracy

This data is stored locally on your device by default and is never synced to the cloud unless you explicitly create an encrypted backup.

2d. Journal Entries

If you use the journaling feature, the app stores:

Free-text entries you write
Associated metadata: date, optional location, weather context, verse references

Journal entries that you choose to sync are stored in your cloud account. Local-only entries remain on your device.

2e. Quran & Learning Data

To enhance your Quran and learning experience, the app tracks the following on your device:

Last-read mushaf page (per surah, to resume where you left off)
Favorite surahs and reciters
Memorization progress: Names of Allah you mark as memorized
Tasbih sessions: dhikr count, duration, and target (auto-pruned after 30 days)
Earned badges: achievements in the dhikr system
Completed morning/evening adhkar dates
Guide completion status: which learning guides you have finished

2f. Location Data

The app requests location access for specific features:

Prayer time calculation: your GPS coordinates are used to calculate accurate prayer times for your location
Qibla direction: your location is used to determine the direction of the Kaaba

Location data is processed locally on your device. We do not store your GPS coordinates on our servers. You may provide manual coordinates instead of granting location permission.

2g. Device & Technical Data

The app uses limited technical information:

Device identifier: a SHA-256 hashed device ID used for backup identification (not personally identifiable or fingerprintable)
iOS version and app version: for compatibility and debugging
Crash logs: collected via standard iOS crash reporting to improve app stability

We do not use advertising identifiers (IDFA) or any third-party analytics or tracking SDKs.

2h. Subscription Data

If you subscribe to nafs+:

Subscription status: whether you have an active subscription and its tier
Purchase receipts: validated through Apple's StoreKit framework

We do not have access to your payment method, credit card details, or billing address. All payment processing is handled entirely by Apple.

3. How Your Information Is Used

Your data is used on your device to:

Provide core features: calculate prayer times, display Quran content, track cycle data, maintain journal entries, run dhikr counters
Generate cycle predictions: using algorithmic models based on your logged cycle history to estimate future period dates, fertile windows, and ovulation
Sync data across devices: if you are signed in, eligible data syncs via encrypted cloud storage
Personalize content: display gender-appropriate Islamic guides, filter by madhab, show relevant duas
Send notifications: prayer time reminders, cycle predictions, fasting reminders, and dua of the day (all optional and configurable)
Improve the app: diagnose crashes, fix bugs, and improve performance using anonymized technical data
Process subscriptions: verify subscription status to unlock premium features

We may also:

Use shared content for marketing: content you generate through the App's sharing and reflection features (e.g., reflection cards, shareable quotes) may be used in our marketing and promotional materials, as described in our Terms of Service. This applies only to content produced through sharing features, not to your private data.

We do not:

Sell your personal information to anyone
Use your private data (journals, cycle logs, health records) for advertising
Build advertising profiles
Share your data with data brokers
Perform automated decision-making that produces legal effects

4. Data Storage & Security

Local-First Architecture

nafs is designed with a local-first architecture. Your most sensitive data, including cycle logs, health conditions, and HealthKit data, is stored on your device and never leaves it unless you explicitly choose to create a backup.

Encryption

We employ multiple layers of encryption to protect your data:

Cycle notes: encrypted using AES-256-GCM before storage on device
Backup files: encrypted using PBKDF2 key derivation (600,000 iterations) combined with AES-GCM authenticated encryption
Sensitive settings: stored in the iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly protection, meaning they are not included in unencrypted device backups
Encryption keys: managed via the device's Secure Enclave (hardware-backed) with biometric authentication gates where applicable

Network Security

All data transmitted between your device and our cloud services is encrypted using HTTPS/TLS.

5. Cloud Sync & Backups

What Syncs to the Cloud (if signed in)

Prayer completions
Fasting records
Journal entries
Missed fasts count
App settings and preferences

What Stays on Your Device Only

Cycle/period logs and health data
HealthKit data
Location coordinates
Health condition selections
Tasbih session history
Encryption keys

Encrypted Backups

You may create encrypted backups of your cycle data:

Local backups: exported as .nafs files, encrypted with a password you choose
Cloud backups: optionally stored in your cloud account, fully encrypted before upload

Important: If you lose your backup password, we cannot recover your encrypted backup data. There is no password reset for backup files.

6. Third-Party Services

These services are required for specific features. Your private data (journals, cycle logs, health records) is never shared with any of them.

nafs uses the following third-party services:

Service	Purpose	Data Shared	Privacy Policy
Firebase Authentication (Google)	User sign-in and account management	Email address and auth tokens (sent during sign-in only)	Google Privacy
Cloud Firestore (Google)	Cloud data sync and encrypted backup storage	Prayer, fasting, and journal data you opt to sync (encrypted)	Google Cloud Privacy
Apple Sign-In	Authentication option	Apple-provided user token	Apple Privacy
Apple StoreKit	Subscription management	Purchase receipts	Apple Privacy
Apple HealthKit	Optional health data import/export	None. Data is exchanged locally between your device and Apple Health only.	Apple Privacy
Google Sign-In	Authentication option	Google-provided user token	Google Privacy
Quran.com	Quran audio streaming	No personally identifiable information	Quran.com Privacy
MP3Quran.net	Quran audio streaming	No personally identifiable information	N/A

No personally identifiable information is shared with Quran audio providers. Only audio file requests are made using surah/reciter identifiers.

7. HealthKit

nafs integrates with Apple HealthKit only if you explicitly grant permission:

Read: menstrual flow data, to import period history into the cycle tracker
Write: cycle log entries, to export your tracked data to Apple Health

Our HealthKit practices comply with Apple's HealthKit guidelines:

HealthKit data is never synced to our cloud servers
HealthKit data is never shared with third parties
HealthKit data is never used for advertising or marketing
HealthKit data is stored only on your device
HealthKit access can be revoked at any time in iOS Settings > Privacy & Security > Health

8. Notifications

nafs may send local notifications for:

Prayer time reminders: configurable per prayer, with custom adhan sounds
Cycle predictions: upcoming period and fertile window estimates
Fasting reminders: suhoor and iftar times during Ramadan
Dua reminders: daily Islamic supplications
Wudu reminders: optional ablution reminders

Privacy Protections for Notifications

Notification content uses generic text and does not display sensitive health information on the lock screen
All notification categories are individually configurable. You can enable or disable each type
Notifications are entirely optional and the app functions fully without them

9. Children's Privacy

nafs is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently received data from a child under 13, we will promptly delete it.

For users in the European Union and European Economic Area, parental or guardian consent is required for users under the age of 16, in accordance with the General Data Protection Regulation (GDPR).

If you are a parent or guardian and believe your child has provided personal information to us, please contact us at support@nafs.fyi so we can take appropriate action.

10. Your Rights

You have the following rights regarding your personal data:

Access

You can view all data stored by the app at any time. You can export your cycle data via encrypted backup files.

Deletion

Individual records: delete any prayer log, cycle entry, journal entry, or other record from within the app
Full account deletion: delete your entire account from Settings, which permanently removes all cloud-stored data (this action is irreversible)
Local data: uninstalling the app removes all local data from your device

Correction

You can edit any logged entry (cycle logs, journal entries, prayer records, missed fasts, and symptoms) at any time.

Portability

Export your cycle data in the encrypted .nafs backup format for transfer to another device or for personal records.

Opt-Out

You may opt out of the following at any time:

Cloud sync: use the app entirely offline with a local-only account
Notifications: disable all or individual notification categories
HealthKit: revoke access in iOS Settings
Location: deny permission or provide manual coordinates
Cycle tracking: skip cycle features entirely during onboarding

11. Data Retention

Data Type	Retention Period
Local app data	Until you delete it or uninstall the app
Cloud-synced data	Until you delete your account
Tasbih sessions	Automatically pruned after 30 days
Encrypted cloud backups	Until you delete them or delete your account
Crash logs	Retained per Apple's standard crash reporting retention

We do not engage in:

Automated profiling or scoring
Targeted advertising
Data sales to third parties
Behavioral tracking across apps or websites

12. International Users & Compliance

GDPR (European Union / European Economic Area)

If you are located in the EU or EEA, you have the following rights under the General Data Protection Regulation:

Lawful basis for processing: We process your data based on (a) your consent (e.g., opting in to cycle tracking, enabling notifications) and (b) legitimate interest (e.g., providing core app functionality, improving stability)
Right of access: request a copy of your personal data
Right to rectification: correct inaccurate data
Right to erasure: request deletion of your data ("right to be forgotten")
Right to data portability: receive your data in a structured format
Right to restriction of processing: limit how we use your data
Right to object: object to processing based on legitimate interest
Right to withdraw consent: withdraw consent at any time without affecting prior processing

To exercise these rights, contact us at support@nafs.fyi. We will respond within 30 days. You also have the right to lodge a complaint with your local Data Protection Authority.

UK GDPR (United Kingdom)

Users in the United Kingdom have the same rights as outlined under the EU GDPR above. The supervisory authority for UK users is the Information Commissioner's Office (ICO) at ico.org.uk.

CCPA (California, United States)

If you are a California resident, the California Consumer Privacy Act provides you with the following rights:

Right to know: what personal information we handle, use, and disclose
Right to delete: request deletion of your personal information
Right to opt-out of sale: we do not sell your personal information to anyone
Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights

To submit a CCPA request, contact us at support@nafs.fyi.

Australian Privacy Act

If you are located in Australia, we comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988. Your data may be held on infrastructure located in the United States (Firebase/Google Cloud). You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

PIPEDA (Canada)

If you are located in Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). We handle information based on your consent, and you have the right to access and correct your personal information. Complaints may be directed to the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.

International Data Transfers

Our cloud infrastructure is provided by Google Cloud (Firebase), with servers located in the United States. For users in the EU/EEA and UK, data transfers to the US are conducted under Standard Contractual Clauses (SCCs) as adopted by the European Commission, ensuring adequate data protection.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last Updated" date at the top of this document
Notify you via an in-app notice or through an app update
Provide at least 30 days' notice before material changes take effect

Your continued use of nafs after the updated Privacy Policy becomes effective constitutes your acceptance of the changes.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us:

Email: support@nafs.fyi

Entity: NAFS TECHNOLOGIES LLC

For GDPR-related inquiries, you may also contact our data protection point of contact at the same email address.

This Privacy Policy applies to the nafs iOS application distributed through the Apple App Store.