Privacy Policy
Last updated: June 5, 2026
1. Who we are
Understand Sunnah (understandsunnah.com) is a non-commercial Islamic knowledge platform providing access to hadith collections with scholarly explanations. We do not serve advertisements.
Privacy contact: support@understandsunnah.com
2. What data we collect
We only collect data directly provided by you or generated by your use of the service:
- Account data: username (required), email address (optional)
- Authentication data: a hashed (scrypt) copy of your password and session tokens
- User-generated content: personal notes, bookmarks, and feedback reports
- Activity data: your reading history and chapter progress
- Technical data: your IP address, logged in system security records (failed login detection, rate limiting, admin session records) for abuse prevention. IP addresses are not linked to your regular user account record.
We do not collect payment information, biometric data, location data, or sensitive personal data beyond the above.
3. How we use your data
- Authentication: to sign you in and maintain your session
- User features: to store and retrieve your notes, bookmarks, and progress
- Reports: to process content reports and follow up if you provided contact details
- Security: to protect the service against abuse (rate limiting)
We do not sell, rent, or share your data with third parties for marketing.
Legal basis for processing: performance of our agreement with you (account and study features); legitimate interest in keeping the service secure (security, rate limiting, fraud prevention).
4. Cookies and local storage
We only use essential cookies. See our Cookie Policy for full details. We do not use analytics, advertising, or third-party tracking cookies.
5. Third-party service providers
- Vercel: Platform hosting and edge network — processes all requests
- Neon: Serverless PostgreSQL database — stores all account and content data
- Upstash Redis: Distributed rate limiting — temporarily processes IP addresses for abuse prevention only
No other third-party services receive your personal data.
International transfers: All of the above providers are based in the United States. If you access the Service from the EEA, UK, or other regions with data transfer restrictions, your data will be processed in the US. We rely on the lawful transfer mechanisms provided by these service providers.
6. Data retention
- Account data: retained until you delete your account
- Sessions: auto-extended for 30 days when active; expire after 30 days without use
- Deletion: deleting your account permanently removes all associated data immediately
7. Your rights
- Access: request a copy of data we hold about you
- Correction: update your username or email from Settings
- Deletion: permanently delete your account from Settings → Delete Account
- Portability: contact us to request an export of your data
- Restrict: request that we limit how we process your data in certain circumstances
- Object: object to processing based on legitimate interests
- Complain: lodge a complaint with your local data protection authority (e.g. ICO in the UK, or your national supervisory authority in the EEA)
We aim to respond to all data rights requests within 30 days.
8. Security
Passwords are hashed using scrypt. Session tokens are stored as SHA-256 hashes. All data is transmitted over HTTPS.
9. Android app
The Android app is a WebView wrapper of this website. It does not collect any additional data beyond what is described in this policy.
10. Children
This Service is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If we discover that an account belongs to someone under 13, we will delete the account and all associated data immediately. If you believe we hold data of a child under 13, please contact us.
11. Changes to this policy
We may update this Privacy Policy from time to time. The “Last Updated” date at the top reflects the most recent revision. For material changes, we will make reasonable efforts to notify registered users.
12. Governing law
This Privacy Policy is governed by applicable laws in your country of residence. Any disputes arising under this policy are subject to the jurisdiction of the courts in your local area.