Last updated: January 2026
This Privacy Policy explains what data Jariyah Now collects, how it is used, and the choices you have. We designed the Service to collect as little as possible.
Jariyah Now does not collect or process:
When you export a video, our server receives your IP address. We use it solely to enforce the rate limit (3 renders per hour per IP). The IP is included in structured log lines for the rate-limit decision and for diagnosing abuse. Logs are retained for up to 30 days, then deleted. We do not link IP addresses to any identity, because we have no identity to link them to.
Each request to our API includes standard HTTP headers (User-Agent, Referer, Origin). We log a request ID and the requesting IP for debugging and abuse prevention. We do not log request bodies.
When you select a surah and ayat range, your browser fetches the Quran text, translation, and word timings from our API routes (which proxy UmmahAPI and quran.com). This data is cached at the CDN edge (Cloudflare/Vercel) and in your browser. The cache keys are the surah number, ayat number, reciter ID, and translation edition — none of which identify you personally.
Jariyah Now does not set any cookies of its own. The hosting provider (e.g. Vercel) may set infrastructure cookies for load balancing or session affinity; these are not used for tracking.
We do not use a cookie consent banner because we do not set non-essential cookies.
When you use Jariyah Now, your browser makes direct requests to the following third-party services. Their privacy policies apply to those requests:
Because we do not collect personal data tied to an identity, most data-subject rights (access, correction, deletion) are automatically satisfied: there is nothing to access, correct, or delete. If you want server logs associated with your IP purged before the 30-day retention window, contact the maintainers via the repository's issue tracker with the approximate date and time of your request.
The Service is not directed at children under 13, and we do not knowingly collect data from children. If you believe a child has used the Service, contact us — there is no data to delete, but we can block the IP if needed.
All API requests are validated server-side. Rate limiting and bot filtering protect the API from abuse. Custom background images never leave your browser, so there is no upload-attack surface. We do not store secrets in client bundles.
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be noted on the About page.
Questions about this Privacy Policy can be directed to the project maintainers via the repository's issue tracker.
This is a draft Privacy Policy. Have it reviewed by a qualified attorney and your hosting provider's DPO before relying on it for a production deployment, especially if you operate in the EU (GDPR) or California (CCPA).