Back to builder

Privacy Policy

Last updated: January 2026

This Privacy Policy explains what data Jariyah Now collects, how it is used, and the choices you have. We designed the Service to collect as little as possible.

1. The short version

  • We do not require an account. We do not collect your name, email, or any contact information.
  • We do not use analytics, tracking pixels, or advertising SDKs.
  • The selections you make in the builder (surah, ayat range, reciter, settings) are stored only in your browser's memory — never sent to our server.
  • Custom background images you upload never leave your browser.
  • We log IP addresses for rate limiting and abuse prevention. We do not link them to any identity.
  • Rendered videos are produced in your browser and never uploaded to our servers.

2. Data we do not collect

Jariyah Now does not collect or process:

  • Names, email addresses, phone numbers, or any contact information
  • Account credentials (the Service has no accounts)
  • Precise geolocation
  • Browsing history outside the Service
  • The specific surah/ayat selections you make
  • The videos you export (they are rendered in your browser and never uploaded)
  • Custom background images you upload (they are read by the browser via FileReader and stored in memory only)

3. Data we temporarily process

3.1 IP addresses (for rate limiting)

When you export a video, our server receives your IP address. We use it solely to enforce the rate limit (3 renders per hour per IP). The IP is included in structured log lines for the rate-limit decision and for diagnosing abuse. Logs are retained for up to 30 days, then deleted. We do not link IP addresses to any identity, because we have no identity to link them to.

3.2 Request metadata

Each request to our API includes standard HTTP headers (User-Agent, Referer, Origin). We log a request ID and the requesting IP for debugging and abuse prevention. We do not log request bodies.

3.3 Cached Quran data

When you select a surah and ayat range, your browser fetches the Quran text, translation, and word timings from our API routes (which proxy UmmahAPI and quran.com). This data is cached at the CDN edge (Cloudflare/Vercel) and in your browser. The cache keys are the surah number, ayat number, reciter ID, and translation edition — none of which identify you personally.

4. Cookies

Jariyah Now does not set any cookies of its own. The hosting provider (e.g. Vercel) may set infrastructure cookies for load balancing or session affinity; these are not used for tracking.

We do not use a cookie consent banner because we do not set non-essential cookies.

5. Third-party services

When you use Jariyah Now, your browser makes direct requests to the following third-party services. Their privacy policies apply to those requests:

  • ummahapi.com — Quran text, translations, and reciter audio URLs. Their privacy policy applies.
  • quran.com — Word-timing data (proxied through our server to avoid CORS). Their privacy policy applies.
  • everyayah.com — Reciter audio MP3s, loaded directly by your browser.
  • Google Fonts — The Inter, Amiri, and Scheherazade fonts. Google's privacy policy applies.

6. Data retention

  • Server logs (including IPs): up to 30 days, then automatically deleted.
  • Render job records: in-memory only, lost when the server restarts. Never persisted to disk.
  • CDN cache of Quran data: up to 7 days, then revalidated.
  • Browser memory (your selections, custom background): cleared when you close the tab.

7. Your rights

Because we do not collect personal data tied to an identity, most data-subject rights (access, correction, deletion) are automatically satisfied: there is nothing to access, correct, or delete. If you want server logs associated with your IP purged before the 30-day retention window, contact the maintainers via the repository's issue tracker with the approximate date and time of your request.

8. Children's privacy

The Service is not directed at children under 13, and we do not knowingly collect data from children. If you believe a child has used the Service, contact us — there is no data to delete, but we can block the IP if needed.

9. Security

All API requests are validated server-side. Rate limiting and bot filtering protect the API from abuse. Custom background images never leave your browser, so there is no upload-attack surface. We do not store secrets in client bundles.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be noted on the About page.

11. Contact

Questions about this Privacy Policy can be directed to the project maintainers via the repository's issue tracker.

This is a draft Privacy Policy. Have it reviewed by a qualified attorney and your hosting provider's DPO before relying on it for a production deployment, especially if you operate in the EU (GDPR) or California (CCPA).