Privacy
Policy

Zell is built as a local-first application. This means that everything you need — the Quran, supplications (dua), hadith, books, articles and prayer times — is stored and works directly on your device, even without an internet connection.

You do not need an account to use Zell. Creating an account and syncing your data are entirely optional. If you choose not to register, your data never leaves your device through our services.

Without an account, the following data is created and stored exclusively on your device and is never sent to us:

• Content downloaded for offline use (books, articles, videos, dua).
• Your favorites, bookmarks, highlights and notes, as well as the shelves you create yourself.
• Your reading progress and in-app history.
• App preferences (language, theme, notification settings).
• The location used to calculate prayer times (see section 6).

If you uninstall the app without having an account, this data is removed along with it and cannot be recovered.

You may create an account if you want to back up and sync your data across devices. When you register, we collect and store:

• Your email address — to identify the account, to sign you in, and for essential communications (e.g. password reset or account-deletion notices).
• Your password — which is always stored hashed, never in plain text. Not even we can read it.
• A display name — optional, entirely up to you.
• Account-related timestamps — when you registered, last signed in, and were last active.

We do not request or collect anything beyond this to create an account. The account can be fully deleted at any time — see section 10.

When you have an account, the app can sync your personal library with our servers so you can find it on every device where you are signed in. The data that is synced is:

• Your favorites and book status.
• Your bookmarks, highlights and notes.
• The shelves you have created and how they are organized.

Sync is offline-oriented: you keep working without an internet connection and your changes are uploaded when connectivity returns. This data is linked to your account and is used only to provide the sync service. We do not sell it and do not share it with third parties for marketing purposes.

Communication between the app and our servers is protected by several layers:

• All traffic is encrypted via HTTPS.
• We use Firebase App Check to verify that requests genuinely come from the official Zell app and not from unauthorized sources. This process may process a device attestation token through Firebase (Google).
• After sign-in, your account is protected with short-lived access tokens and securely stored refresh tokens.

To calculate accurate prayer times, the app needs to know your approximate location. The location is used to compute the times and is not stored by us as a movement history.

Our website may request your browser's location solely to display prayer times; if you do not grant permission, a default location is used. You can withdraw location permission at any time from your device or browser settings.

If you accept notifications, we use Firebase Cloud Messaging (FCM) to send notifications — for example, new content, the supplication of the day, or announcements. For this, your device is assigned a notification identifier by the FCM service.

You can disable notifications at any time from the app or device settings, without affecting other features.

Zell relies on a limited number of external services, only where necessary for it to function:

• Firebase (Google) — for App Check (request security) and Cloud Messaging (push notifications).
• Our email provider — to send essential account emails, such as password resets and account-deletion notices.

We do not use advertising networks and we do not sell your personal data to anyone.

In accordance with the General Data Protection Regulation (GDPR) and applicable law, you have the right to:

• Request access to the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and your data (the right to be forgotten — Article 17 of the GDPR).
• Withdraw your consent for notifications or location at any time.

To exercise these rights, write to us at suport@nextleap.al.

You can delete your account directly from the app. The process is designed to be clear and reversible within a set period:

• When you request deletion, the account moves to a “scheduled for deletion” state and a grace period begins. During this period the account is not yet deleted.
• We send you a confirmation email with a link that lets you cancel the deletion without needing to sign in.
• If you do not cancel, at the end of the period your data is permanently deleted: your personal library, bookmarks, highlights, shelves, notifications, session tokens and the account record itself.
• Deletion due to inactivity: if an account remains unused for a long period, we first send a warning email. If it remains unused after that, the account may be automatically scheduled for deletion. Simply signing in is enough to prevent this.

After final deletion, the data cannot be recovered.

For step-by-step instructions on how to delete your account from the app, see the Account Deletion page.

We keep account data for as long as your account is active. Once the account is deleted, the personal data linked to it is removed as described in section 10. Data stored only on your device remains under your control and is deleted when you delete it or uninstall the app.

Zell is a religious and educational app suitable for a broad audience. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

This policy may be updated from time to time to reflect changes in the app or in legal requirements. The latest version will always be available on this page, with the update date shown at the top.

For any questions regarding privacy or this policy, you can contact us at:

suport@nextleap.al