Privacy Policy
Last updated: June 2026
Introduction
Rehal (“we”, “us”, or “our”) operates the Rehal Hifdh management platform. This Privacy Policy explains how we collect, use, and protect your information when you use our services. By using Rehal, you agree to the collection and use of information in accordance with this policy.
Data we collect
We collect the following categories of data:
- Account data: Name, phone number, email address, profile photo, and role within your institution.
- Audio recordings: Recitation sessions recorded by students. Audio is stored securely and only accessible to authorized institution members.
- Session data: Recitation scores, mistake logs, tajweed analysis results, timestamps, and teacher notes.
- Device and usage data: Browser type, device model, IP address, and usage patterns for security and performance purposes.
- Communication data: Messages sent through the platform, including teacher notes and system notifications.
How we use data
We use collected data to:
- Provide AI-powered recitation grading and tajweed analysis
- Enable teachers to review and grade sessions
- Allow parents to track their child's progress
- Send notifications about session status and institutional updates
- Improve the accuracy and performance of our AI models
- Maintain security and prevent fraudulent use
Storage and security
Your data is stored on infrastructure provided by Supabase (EU region) for database and file storage, and Firebase (Google Cloud) for authentication and hosting. Both providers are GDPR-compliant.
Audio recordings are stored in private, access-controlled storage buckets. Files are served via time-limited signed URLs — direct access without authorization is not possible. All data in transit is encrypted via TLS 1.3.
Retention periods
We retain data as follows:
- Active account data: retained for the lifetime of the account
- Audio recordings: retained for the duration of institutional membership
- Session analysis data: retained indefinitely for progress tracking
- Deleted account data: removed within 30 days of deletion request
Your rights
Under GDPR and applicable privacy laws, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Object to processing of your data
- Request data portability (export)
- Withdraw consent at any time
To exercise these rights, contact your institution's admin or email us directly at privacy@rehal.io.
Children's data
Rehal is designed for use by Hifdh institutions, which commonly include student users under the age of 13. All student accounts are created and managed by the institution — not directly by children. Institutions are responsible for obtaining appropriate parental consent as required by local law (COPPA, GDPR, PDPA, etc.) before enrolling students.
Contact us
Questions about this Privacy Policy can be directed to:
Email: privacy@rehal.io