Subcis Privacy Policy
Subcis is a voice app for small Quran memorization circles. We're an independent Muslim project run on a tight budget, so the privacy trade-offs here are simple and conservative: we collect as little as we can possibly get away with, and we never sell or share your data.
Who we are
- Operator: Oogle ("we", "us"), reachable at
subcis@oogle.tech. - App: Subcis, available on the App Store and Google Play.
- Region: Operated from Sweden; servers run on Cloudflare and LiveKit Cloud.
What we collect — and why
1. Quran.com account (required)
To use Subcis you sign in with your Quran.com account using OAuth 2.0. Quran.com is operated by Quran.Foundation, a separate organization with its own privacy policy. We never see your Quran.com password.
What we receive from Quran.com after you authenticate:
| Data point | Why we need it |
|---|---|
| First / last name | Show your name on your Me tab |
| Quran.com username | Show in your Subcis profile and (when reported) help us identify abusive accounts |
| Avatar URL | Display your Quran.com profile picture |
| Bookmarks | Sync ayat you've bookmarked (read + write) |
| Reading sessions | Update your "continue reading" position on Quran.com |
We do not receive your email password, payment information, or private messages. The OAuth access token + refresh token are stored only on your device, in iOS / Android system-level secure preferences (iOS Keychain / Android EncryptedSharedPreferences). They never leave the device except to call Quran.com's own API.
2. Subcis profile (local to your device)
When you onboard you set:
- A display name (visible to others in your circles).
- A gender (used to gender-segregate "Open Circle" matchmaking).
This data lives only in SharedPreferences on your device. We have no backend database — there is no central record of your Subcis profile.
3. Voice during a circle
Voice in a circle goes through LiveKit Cloud (livekit.io), which we use as a real-time audio relay. Voice is not recorded, not transcribed, and not retained by Subcis. LiveKit's infrastructure processes the audio in real time and discards it the moment the connection ends.
4. Reading-session pings
When you open a verse — either inside a circle or via the standalone Quran tab — Subcis sends a {chapterNumber, verseNumber} ping to Quran.com so your "continue reading" position is up to date there. The ping does not include duration, audio, or any other content.
5. Local-only state
Stored on your device, never sent to a server we control:
- Your last 10 recent room codes
- Your blocked-users list (Quran.com handle + display name)
- A count of warnings you've received from other users
- Your scheduled groups (codes + start times you set or were invited to)
- Your accepted EULA flag, your selected verse-of-the-day cache
Crash reporting (Firebase Crashlytics)
When the app crashes or hits an unhandled error, we ship the stack trace and the device model + OS version to Firebase Crashlytics so we can fix the bug. The crash report does not include your name, email, Quran.com username, room codes, voice audio, reading position, bookmarks, or anything else you have in the app — only the technical trace of where the crash happened. Crashlytics generates its own anonymous "installation ID" that identifies a single install across multiple crashes; the ID is not linked to your Quran.com account.
Reports are kept by Google for up to 90 days. We use them only to prioritise bug fixes and discard them after that.
What we don't collect
- We don't run product analytics. No event tracking, screen timing, or behavioural funnels (no Firebase Analytics, no Mixpanel, no Amplitude). Crashlytics is the only Firebase product enabled.
- We don't have ads or ad tracking SDKs. No IDFA / GAID collection.
- We don't track your location.
- We don't read your contacts.
- We don't see your microphone audio outside an active circle.
Token exchange (Cloudflare Worker)
We run a small Cloudflare Worker at subcis-token.workers.dev. Its only job is the OAuth client-secret exchange step — it receives a PKCE code from your app, exchanges it with Quran.com for tokens, and forwards the tokens back. The Worker holds the OAuth client secret (which can't ship in the app) but does not store any tokens or identifying data. Each request is stateless.
The same Worker also mints LiveKit access tokens (one per circle) so your app can connect to the audio relay. These LiveKit tokens are short-lived and never persisted server-side.
How long we keep things
- On-device data lives until you sign out of Subcis or delete the app.
- Quran.com tokens are kept on-device until they expire or you sign out — at which point they are removed.
- Voice traffic is not retained.
- Crash reports are kept by Firebase for up to 90 days.
- Reports you submit travel by email to
subcis@oogle.tech. We hold those emails until the reported behaviour is resolved or three months have passed, whichever comes first, then they're deleted.
Permissions we request
| Permission | Purpose |
|---|---|
| Microphone | Required to speak in a circle. |
| Notifications | Optional — used for "doors open" matchmaking reminders and 5-minute "circle starting soon" pings. |
| Calendar (write) | Optional — used by the "Add to calendar" button on a scheduled invite. |
| Bluetooth (iOS) | Optional — for routing voice to AirPods / car audio. |
You can revoke any of these in your device's system settings without losing access to the app.
Children
Subcis is not directed to children under 13. We don't knowingly collect data from anyone under 13. If you believe a child has signed in to Subcis, contact us and we'll work with you to delete what we can (mainly: their email reports to us, since everything else is on-device).
Your rights (GDPR, CCPA, etc.)
Because almost all your Subcis data lives on your own device, your rights are mostly self-serve:
- Access: open the Me / Settings tabs to see everything we know.
- Delete: sign out (clears Quran.com tokens) and uninstall the app (clears the rest).
- Quran.com data: for anything stored on Quran.Foundation's side, contact them via quran.com.
- Email reports: to remove a report you submitted, email
subcis@oogle.techwith the reported user's code or your reporter ID.
Sharing
We don't sell or share your data with third parties for marketing.
The only third parties involved are:
- Quran.Foundation / Quran.com — your authentication provider and the source of your bookmarks / reading position.
- LiveKit Cloud — real-time audio infrastructure.
- Cloudflare — hosts the token-exchange Worker.
- Google Firebase Crashlytics — receives anonymised crash reports.
Each of these has their own privacy policy and processes your data only as needed to deliver the service.
Changes
If we change this policy in a way that affects how we handle your data, we'll bump the "Last updated" date at the top and surface a notice in-app on next launch.
Contact
Questions, requests, or reports: subcis@oogle.tech.