Privacy
Privacy Policy
Last updated April 25, 2026
This Privacy Policy explains how QiblaVibes collects, uses, stores, and shares personal data when you use qiblavibes.com, take quizzes, save results, purchase Pro, use collage features, or contact us.
QiblaVibes is the controller for the personal data described here. If you have privacy questions or want to exercise your rights, email qiblavibes.support@gmail.com.
1. What We Collect
- Account and contact data: email address used for passwordless sign-in, support, or purchase flow.
- Quiz and result data: quiz answers, computed scores, matched result, saved results, country bucket, profile rarity inputs, leaderboard participation, and collage eligibility.
- Payment and entitlement data: limited Stripe checkout and webhook data such as customer email, payment status, checkout identifiers, and whether Pro is active. We do not store your full card number.
- Security and device data: session identifiers, hashed IP-related security data, user agent, request path, audit events, rate-limit records, save proofs, claim tokens, and share snapshot tokens.
- Approximate location data: a country code derived from request headers or supplied when a result is saved, used for maps, local stats, and country-specific ranking views.
- Browser storage: language, theme, in-progress result flows, feedback state, and local collage-lab or preview settings stored in your browser through localStorage or sessionStorage.
- Embedded or shared content data:when you play reciter videos, YouTube's privacy-enhanced embed may receive technical data from your browser; when you create a share link, we store a short-lived share snapshot.
2. Why We Use Data
| Purpose | Data used | Legal basis or reason |
|---|---|---|
| Provide sign-in and account access | Email address, magic-link token, session cookie, session logs | Contract/performance of the service; legitimate interests in account security and abuse prevention |
| Run quizzes and show your result | Quiz answers, computed scores, matched result, temporary live-result records | Contract/performance of the service |
| Save results, unlock Pro, and generate collage access | Saved results, payment status, Pro flag, collage mappings, country bucket | Contract/performance of the service |
| Show community maps, leaderboards, local stats, and rarity | Saved results plus aggregated anonymous counts and country bucket | Legitimate interests in operating product analytics and community comparison features |
| Process purchases and prevent payment abuse | Email, checkout metadata, payment status, audit logs, rate-limit records | Contract; legitimate interests in fraud prevention; legal obligations where applicable |
| Keep the service secure and reliable | Session records, hashed IP-related data, user agent, audit logs, claim/share/save proofs, rate limits | Legitimate interests in security, debugging, and service integrity |
| Respond to support or legal requests | Email, account context, saved result details, payment context, security logs when needed | Contract, legitimate interests, or legal obligations depending on the request |
Quiz matches, rarity scores, and similar insights are generated automatically from the answers you submit. They are part of the product experience only and are not used to make legal, financial, employment, housing, medical, or other similarly significant decisions about you.
3. How Results and Stats Work
If you finish a quiz while signed out, QiblaVibes may create short-lived technical records that let you restore or claim that result later and may count that outcome in anonymous or aggregated community statistics. If you later sign in and save the same result, we reconcile those temporary counts so community stats remain usable without storing full anonymous profiles.
Saved results tied to your account may appear in aggregated leaderboards, map views, local/global percentages, and profile-rarity calculations. These features rely on counts and rankings, not on publishing your email address.
4. How We Share Data
- Stripe processes checkout and payment data for Pro purchases. Stripe acts under its own legal terms and privacy commitments for payment processing.
- Resend sends passwordless login emails on our behalf.
- Vercel hosts the site and delivers application content; Vercel Blob delivers public collage assets used by the collage preview and download flow.
- Turso/libSQL stores application records such as users, sessions, saved results, temporary result claims, anonymous aggregate counters, and audit/security logs.
- YouTube (privacy-enhanced mode) may receive technical data if you load or play an embedded reciter video.
- We may also disclose data where reasonably necessary to enforce our Terms, protect users or the service, investigate abuse, or comply with law, regulation, court order, or a valid government request.
As of the Last Updated date above, we do not sell personal information and we do not share personal information for cross-context behavioral advertising.
5. Cookies, Local Storage, and Embedded Media
QiblaVibes uses a strictly necessary authentication cookie named qv_session to keep signed-in users logged in. The site also uses browser storage such as localStorage and sessionStorage to remember settings like language, theme, in-progress UI state, or local collage tooling state on your device.
If you play embedded media such as a reciter video, the external provider may place or access its own cookies or similar technologies under that provider's policies. We do not currently use the site to run third-party ad-tech or retargeting cookies.
6. Retention
- Magic links: normally expire after about 15 minutes or sooner once used.
- Session records: expire when revoked or after a maximum of about 7 days.
- Share snapshots and claim tokens: normally expire after about 24 hours unless used or removed sooner.
- Anonymous reconciliation records: are kept only as long as reasonably needed to reconcile public statistics and are regularly cleaned up.
- Saved account results and Pro status: are kept while your account remains active or until they are no longer needed for the service, legal compliance, dispute handling, or security.
- Browser storage: remains on your device until you clear it, your browser removes it, or the app overwrites it.
7. International Transfers
QiblaVibes uses infrastructure and service providers that may process data in countries other than your own, including the United States and other jurisdictions where our providers operate. Where applicable, we rely on contractual, technical, and organizational safeguards intended to protect those transfers.
8. Your Rights
Depending on where you live, you may have rights to access, correct, delete, restrict, port, or object to certain processing of your personal data, and to withdraw consent where consent is the legal basis. You may also have the right to complain to your local data protection or consumer protection authority.
- EEA/UK users: you may have rights under GDPR or UK GDPR, including access, rectification, erasure, restriction, portability, objection, and a right not to be subject to certain legally significant automated decisions.
- California users: if the CCPA/CPRA applies to you and our processing, you may have rights to know, delete, correct, and receive information about categories of personal information, sources, purposes, and disclosures, along with a right to non-discrimination.
- All users: you can contact us at qiblavibes.support@gmail.com and we will handle requests as required by applicable law.
9. Children's Privacy
QiblaVibes is a general-audience service and is not designed or marketed specifically for children under 13. We do not use a dedicated age-screening flow as part of normal access to the service. If you believe that a child under 13 has provided personal data to QiblaVibes, contact us at qiblavibes.support@gmail.com and we will review the report and take appropriate action where required.
10. Security
We use reasonable technical and organizational measures intended to protect personal data, including access controls, signed proofs for sensitive result flows, rate limiting, session handling, and audit logging. No online system is perfectly secure, and we cannot guarantee absolute security.
11. Changes To This Policy
We may update this Privacy Policy from time to time to reflect product changes, legal requirements, or operational updates. When we make material changes, we will update the Last Updated date above and may also provide additional notice inside the service where appropriate.
12. Contact
For privacy, legal, billing, or account questions, contact qiblavibes.support@gmail.com.