Effective Date: March 3, 2026  |  Last Updated: June 8, 2026

1. Introduction

Hush ("we", "us", "our") is a spiritual wellness application designed to support your daily Islamic practice through daily worship, Quran reading, AI-powered spiritual assistant, voice notes, sleep content, and more.

Your privacy matters deeply to us. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data. We are committed to transparency and to protecting the personal information you entrust to us.

By using Hush, you agree to the practices described in this policy. If you do not agree, please discontinue use of the app.

2. Data We Collect

We collect data in the following categories:

2.1 Device & Technical Data

When you first open Hush, we automatically collect:

This data is used to deliver the correct content in your language, manage your subscription status, and ensure app compatibility.

2.2 Location Data

Hush requests access to your device's location only when you use the Qibla Compass feature. Your location is used on-device to calculate the direction to the Kaaba in Makkah. We request "When In Use" location permission through iOS — your coordinates are processed locally and are not sent to our servers or shared with any third party.

For Ramadan prayer times (Imsakiye), you manually select your city — no automatic location detection is used.

2.3 Usage & Analytics Data

We track how you interact with the app to improve your experience. This includes:

Analytics events are associated with your anonymous device ID — not your name, email, or any personally identifiable information.

2.4 AI Chat Data

Hush includes an AI-powered spiritual assistant ("Hush AI") that helps with Islamic questions, prayers (dua), and Quranic interpretation (tafsir). When you use this feature:

2.5 Camera & Photo Library

If you use Hush AI's image recognition feature, you may grant access to your camera or photo library. Images you share are:

2.6 Voice Recordings

If you use the Voice Notes feature, your audio recordings are:

You can delete any voice note at any time from within the app. We do not listen to or manually review your recordings.

2.7 Journal Entries

Daily journal entries you write are stored locally on your device only. They are not uploaded to our servers.

2.8 Daily Practice & Progress Data

Your daily worship completions, streak data, and spiritual progress are stored locally on your device using Apple's built-in data storage. This data may be synced to our backend to enable cross-device features in the future.

2.9 Push Notification Token

If you grant notification permission, we store your push notification token to deliver daily inspiration messages and important updates. You can disable notifications at any time in your device settings or within the app.

2.10 Subscription & Purchase Data

Subscription purchases are processed entirely by Apple (App Store) and managed through RevenueCat. We do not collect or store your payment information, credit card details, or billing address. We only receive confirmation of your subscription status (active, expired, trial, etc.).

2.11 Advertising Identifier (IDFA)

We request access to Apple's Identifier for Advertisers (IDFA) through the App Tracking Transparency (ATT) framework. This is used solely for:

You can decline this request, and the app will function normally without it. We will never sell your IDFA or use it to build a personal profile.

3. Data We Do Not Collect

Hush is designed with a privacy-first approach. We do not collect:

While the Qibla Compass uses your device location, your coordinates are processed entirely on-device and are never sent to our servers or any third party.

4. How We Use Your Data

Purpose Data Used
Deliver content in your language Locale, timezone
Qibla direction (on-device only) Device location (not sent to servers)
Manage your subscription Device ID, subscription status
Improve app experience Usage analytics (anonymous)
AI spiritual assistant Chat messages (sent to OpenAI, not stored on our servers)
AI image recognition Camera / photo library images (processed in real-time, not stored)
AI transcription & analysis Voice recordings (when you use Voice Notes)
Send daily inspiration Push notification token
Measure ad campaign performance IDFA (only with your permission)
Measure ad performance on Google Firebase Analytics events & conversion signals (with your permission)
Prevent fraud & ensure security Device ID, app version

5. Third-Party Services

We use the following trusted third-party services to operate Hush:

5.1 Supabase (Backend & Storage)

Our backend infrastructure. Stores device registration data, push tokens, and voice note audio files. Supabase provides secure, encrypted cloud hosting.

Supabase Privacy Policy

5.2 RevenueCat (Subscription Management)

Manages in-app subscriptions and purchase verification. Receives your anonymous device ID and subscription events. Does not receive personal information.

RevenueCat Privacy Policy

5.3 Mixpanel (Analytics)

We use Mixpanel to understand how users interact with the app and to improve features. All data is sent to Mixpanel's EU data center for GDPR compliance. Events are tied to anonymous device IDs only.

Mixpanel Privacy Policy

5.4 Meta / Facebook SDK (Ad Attribution)

We use Meta's SDK to measure the effectiveness of our advertising campaigns. We send only two signals to Meta: onboarding completion and paywall views. Automatic event logging is disabled. Revenue events are sent server-side through RevenueCat, not from your device.

If you grant ATT permission, your IDFA may be shared with Meta for attribution purposes. If you decline, no advertising identifier is shared.

Meta Privacy Policy

5.5 OpenAI (AI Processing)

We use OpenAI's API (GPT-4o) to power Hush AI's chat, image recognition, and Quranic interpretation features. Your messages and images are sent to OpenAI for processing. Per OpenAI's API policy, data sent through the API is not used to train their models.

OpenAI API Data Usage Policy

5.6 Apple (App Store & SKAdNetwork)

Apple processes all payments and may collect anonymized ad attribution data through SKAdNetwork. This is managed entirely by Apple and does not identify you personally.

Apple Privacy Policy

5.7 Google — Firebase Analytics & Google Ads (Analytics & Ad Measurement)

We use Google Firebase Analytics to understand how the app is used and to measure the performance of our advertising on Google. Events are tied to anonymous, de-identified identifiers — not your name or email.

If you grant ATT permission, limited conversion signals (such as starting a trial or subscribing) may be shared with Google to measure ad effectiveness, in line with Apple's on-device measurement and SKAdNetwork frameworks. If you decline ATT, no advertising identifier is shared. We do not sell your data.

Firebase Privacy & Security  ·  Google Privacy Policy

6. Data Storage & Security

On Your Device

Most of your data (journal entries, daily progress, streaks, favorites, preferences) is stored locally on your device using Apple's secure storage frameworks. This data is protected by iOS file-system encryption and is only accessible when your device is unlocked.

In the Cloud

Device registration data, push tokens, and voice note audio files are stored on our Supabase servers. All data is transmitted over encrypted HTTPS connections and stored with industry-standard encryption at rest.

Security Measures

7. Data Retention

We retain your data only as long as necessary to provide our services:

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

For All Users

For EU/EEA Users (GDPR)

Our analytics data is processed on EU servers (Mixpanel EU endpoint) to support GDPR compliance.

For California Users (CCPA)

For Turkey Users (KVKK)

If you are located in the Republic of Türkiye, your personal data is processed in accordance with the Personal Data Protection Law No. 6698 ("KVKK"). Under Article 11, you have the right to:

To exercise any of these rights, contact us at hush.app.official@gmail.com. We will respond within 30 days.

9. Children's Privacy

Hush is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with data, please contact us and we will promptly delete it.

10. International Data Transfers

Your data may be processed in countries other than your own. Our analytics data is processed in the EU (Mixpanel EU data center). Backend services (Supabase) may process data in the US or EU depending on server configuration.

Where data is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and encryption in transit.

11. Cookies & Tracking Technologies

Hush is a mobile application and does not use browser cookies. We use standard mobile SDKs (Mixpanel, Google Firebase, Meta, RevenueCat) that may use device-level identifiers as described in this policy. These are not cookies and cannot track you across other apps or websites (unless you have granted ATT permission for ad attribution).

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make significant changes, we will notify you through the app or by updating the "Last Updated" date at the top of this page.

We encourage you to review this policy periodically. Your continued use of Hush after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

Hush is operated by Hush App. We are committed to resolving any privacy concerns promptly and transparently.