Data Processing Agreement
Last updated: February 2026
1. Introduction
This Data Processing Agreement (DPA) outlines how Ruhani OS processes personal data on behalf of its users in compliance with applicable data protection laws.
2. Data Controller
Ruhani OS acts as both the data controller and data processor for user data. We determine the purposes and means of processing personal data collected through the Service.
3. Types of Data Processed
We process: account information (email, display name), usage data (du'a progress, prayer preferences, dhikr sessions), subscription and payment metadata (processed by LemonSqueezy), and optional feedback data (with explicit consent for public use).
4. Sub-Processors
We use the following sub-processors: Supabase (database and authentication, hosted on AWS), LemonSqueezy (payment processing), Vercel (hosting and CDN), Aladhan API (prayer times calculation). Each sub-processor is bound by appropriate data processing terms.
5. Data Security
We implement appropriate technical and organizational measures including: encryption in transit (TLS 1.3) and at rest, row-level security in our database, regular security audits, and access controls limiting who can view personal data.
6. Data Subject Rights
Users have the right to: access their personal data, rectify inaccurate data, request deletion of their data (right to be forgotten), restrict processing, data portability, and object to processing. To exercise these rights, contact legal@ruhanios.app.
7. Data Breach Notification
In the event of a data breach affecting personal data, we will notify affected users within 72 hours of becoming aware of the breach, in accordance with applicable regulations.
8. Contact
For data processing inquiries, contact our Data Protection Officer at legal@ruhanios.app.