Legal · Privacy

Privacy policy.

Effective 28 April 2026 · MARIZ LLC, dba Tanzeel

This document describes what Tanzeel collects from you, what we do with it, and what you can ask us to delete. We've tried to write it in plain language. If anything is unclear, email support@tanzeelalquran.com and we'll explain it like a person would.

The short version: we collect the minimum we need to make the app work. We do not sell your data. We do not run ads. The only third parties that ever see anything are the infrastructure providers we need to run the service (listed in §6) and the specific Tajweed teacher you choose to submit a recording to.

On this page

  1. Who we are
  2. What we collect
  3. How we use your data
  4. When we share data
  5. How long we keep it
  6. Third-party services
  7. Security
  8. Your rights
  9. Children's privacy
  10. International transfers
  11. Changes
  12. Contact

1. Who we are

Tanzeel is operated by MARIZ LLC, a company registered in the United States. Where this policy refers to "we," "us," or "Tanzeel," it means MARIZ LLC.

For privacy-related correspondence: support@tanzeelalquran.com.

2. What we collect

2.1 Account information

When you create an account, we collect your email address and name (display name; this can be a nickname). Passwords are stored hashed using bcrypt — we never see the plaintext, and neither does anyone else.

If you sign in with Apple, we receive only the identifier Apple gives us. If you choose to relay your email through Apple's private relay service, we never see your real email.

2.2 Content you create

The app stores content you produce while using it. This includes:

  • Bookmarks and notes attached to specific verses
  • Memorisation progress — which ayahs you've added, your strength tier per ayah, your review history, your current streak
  • Audio recordings you submit for expert review
  • Messages you send to or receive from a teacher
  • Reading goals and settings — display mode, theme, accessibility preferences, daily goal

2.3 Device & technical data

  • Device push token (APNs) — if you opt in to push notifications
  • App version and OS version, used for compatibility and crash diagnostics
  • Sync timestamps, so the same data on different devices doesn't fight itself

We do not collect IDFA, advertising identifiers, contact lists, photos, or your location history.

2.4 Location (only with your permission)

Prayer times and Qibla direction are calculated locally from your device location. We request location permission only for those features. The location is sent to the Aladhan API to compute prayer times for your coordinates; we don't store your coordinates on our servers, and Aladhan's API is read-only.

2.5 Usage data

We log basic, aggregated usage on the server side (which API endpoints are called, how many requests come from which app version, error counts). These logs do not contain the content of your recitations, messages, or notes.

2.6 What we do not collect

  • No advertising or tracking SDKs (no Facebook SDK, no Mixpanel, no Segment, no Google Analytics)
  • No microphone access except when you explicitly start a recording
  • No camera access (the app doesn't have a camera feature)
  • No address book, photo library, or device contacts
  • No financial data — payments are handled by Apple's App Store directly

3. How we use your data

We use what we collect to:

  • Run the service — sign you in, sync your data between your devices, deliver the audio and translations you've requested
  • Operate expert tutoring — route a recording you submit to the specific teacher you chose, deliver their feedback back to you, and enable messaging between you
  • Send notifications you've opted into — when feedback is ready, when a teacher replies, prayer time reminders if you turn them on
  • Improve the app — diagnose crashes, fix bugs, identify slow API endpoints. We never read the contents of your recordings or notes for this
  • Provide support — when you email us, we read what you sent us and reply
  • Comply with the law — if a valid legal request requires it, we may have to disclose specific data; we will resist overbroad requests

4. When we share data

4.1 With teachers, only what you submit

When you submit a recording to a specific teacher, that teacher sees: the recording itself, your name, the surah/ayah you recorded, and any note you attached. They do not see your other recordings, your private notes, your bookmarks, your memorisation history, or recordings you submitted to other teachers.

4.2 With infrastructure providers

To run the app we use a small number of vendors. They process data only on our instructions and only for the purpose listed:

  • Amazon Web Services (S3) — encrypted storage of audio recordings
  • DigitalOcean — application servers and MySQL database hosting
  • Apple Push Notification service — delivering push notifications you've opted in to
  • Resend — sending account emails (welcome, password reset)

4.3 We do not sell your data

We have never sold user data, and we don't plan to. There are no advertising-driven business models that could change this; tutoring revenue funds the rest of the app.

4.4 In a corporate transaction

If MARIZ LLC is acquired or merged, your data may transfer to the acquiring entity, which will be bound by this policy or one materially similar. We'll notify you in-app and by email before any such transfer takes effect.

5. How long we keep it

  • Account data: as long as your account is active. If you delete your account, we erase your account record, your sync data, your bookmarks, notes and memorisation history within 30 days.
  • Audio recordings: retained for 12 months after submission, then automatically deleted. You can request earlier deletion at any time.
  • Messages with teachers: retained for 12 months. After that, message bodies are deleted; metadata (that a conversation existed) may persist for up to 24 months for support purposes.
  • Server logs: aggregated logs are retained for 90 days; raw access logs for 30 days.
  • Backups: rolling 30-day backups of the database. Deletion requests propagate to the active database immediately and to backups within 30 days.

6. Third-party services

The app talks to a small number of external services to deliver specific features. Each is listed below with what data is sent and why:

  • Aladhan API — receives your latitude/longitude when you use prayer times or the Qibla compass. Returns the calculated times and direction.
  • Quran.com API — receives a request for a specific surah and translation; returns the translation text. No personal data is sent.
  • AWS S3 — encrypted storage of audio recordings you submit; access is restricted to your account and the teacher you choose.
  • Apple App Store / In-App Purchase — when you purchase tutoring credits or a subscription, payment is handled entirely by Apple. We never see your card details.
  • Apple Push Notification service — receives a push payload (e.g. "your feedback is ready") and your device token; delivers to your device.
  • Google Fonts (this website only) — when your browser loads this page, Google may log the request as part of standard CDN operations. The app itself does not use Google Fonts.

7. Security

We protect data with industry-standard measures, and try to live up to the spirit of them:

  • All traffic between the app and our servers is encrypted using TLS 1.2 or higher.
  • Audio recordings are stored encrypted at rest in AWS S3 with server-side encryption.
  • Passwords are hashed using bcrypt; we never log them and never store them in plaintext.
  • Authentication tokens are stored on your device using Apple's Keychain (a hardware-backed secure enclave on supported devices).
  • API access requires a valid JWT; access tokens are short-lived (15 minutes) and are rotated using refresh tokens.
  • Database access is restricted by IP allowlist and role-based credentials.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you within 72 hours of confirmed discovery, by email and in-app.

8. Your rights

You have the following rights regardless of where you live:

  • Access — request a copy of the data we hold about you in a portable JSON format
  • Correction — fix anything that's wrong (most account fields are editable in-app under Settings → Account)
  • Deletion — delete your account from inside the app (Settings → Account → Delete account), or by emailing us
  • Export — receive your bookmarks, notes, and memorisation progress in JSON form
  • Opt out of push notifications — at any time, in iOS Settings or in the app under Settings → Notifications
  • Withdraw consent for location use by revoking permission in iOS Settings

If you're in the EU/UK, you have additional rights under the GDPR (object to processing, restrict processing, lodge a complaint with your local supervisory authority). To exercise any right, email support@tanzeelalquran.com. We respond within 30 days.

If you're in California, the CCPA gives you similar rights to access, delete, and know which categories of personal information we collect. The same email address handles those requests.

9. Children's privacy

Tanzeel is family-friendly and welcomes use by children, but we do not knowingly collect personal data from children under 13 without verifiable parental consent (under 16 in the EU/UK).

If you believe a child under those ages has created an account without parental consent, please email us and we will delete the account.

10. International data transfers

Our servers are located in the United States. If you use the app from outside the US, your data is transferred to and processed in the US. We use vendors (AWS, DigitalOcean, Apple) that support standard contractual clauses for cross-border transfers where required.

11. Changes to this policy

We may update this policy as the app evolves. If we make a material change — meaning anything that affects what we collect or how we use it — we'll notify you in-app and by email at least 14 days before it takes effect. Cosmetic changes (typos, restructuring) take effect immediately and we will note the change at the top of the page.

12. Contact

For any privacy question, request, or concern:

  • Email: support@tanzeelalquran.com
  • Subject line "Privacy" routes to the right inbox
  • For EU/UK residents wishing to escalate, you may also contact your national data protection authority

We aim to respond to every message within two business days. If we can't, we will tell you so and give you a date.

— The Tanzeel team, MARIZ LLC