Tafsir NotebookGet started

Legal

Privacy Policy

Last updated: April 2026

1. Who we are

Tafsir Notebook ("we", "us", "our") is a Quran annotation web application available at tafsirnotebook.com, operated by Tafsir Notebook. We are the data controller for personal data processed through this service and are committed to protecting your privacy.

Contact: salaam@tafsirnotebook.com

2. What information we collect

We collect the following information when you use our service:

  • Account information: Your email address, display name, and password (stored securely and hashed — never in plain text).
  • OAuth data: If you sign in with Google, we receive your name and email address from Google.
  • Annotation content: Notes you write on Quran words, ayahs, and surahs. This content belongs entirely to you.
  • Technical data: Your IP address and basic usage logs, retained only as necessary for security and service operation.

We do not use tracking cookies, advertising pixels, or any third-party analytics tools.

3. Lawful basis for processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract performance (Article 6(1)(b)): Processing your account information and annotations is necessary to provide the service you have signed up for.
  • Legitimate interests (Article 6(1)(f)): Basic security logging and service improvement, where this does not override your rights and interests.
  • Legal obligation (Article 6(1)(c)): Where we are required to retain data to comply with applicable law.

4. How we use your information

  • To create and maintain your account and provide the annotation service.
  • To send account-related emails (email confirmation, password resets, important service notices).
  • To maintain the security and integrity of the service.
  • We do not sell your personal data to any third party.
  • We do not use your annotation content for advertising, AI training, or any purpose other than providing the service to you.

5. Data storage, security & retention

Your data is stored securely using Supabase, hosted on AWS infrastructure in the EU (eu-west region). All data is encrypted in transit (TLS/HTTPS) and at rest.

Retention: We retain your account data and annotations for as long as your account is active. If you delete your account, all associated data is permanently deleted within 30 days. Anonymised technical logs may be retained for up to 90 days for security purposes.

6. Third-party services

We use the following sub-processors. Each has been chosen for their data protection standards:

  • Supabase (EU) — database, authentication, and secure storage.
  • Vercel — hosting and deployment of the application.
  • Google OAuth — optional sign-in only. We receive name and email; no other Google data is accessed.
  • quran.com API — Quran text and translations. No personal data is shared with this service.

7. Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your account and all associated data (available directly in Settings).
  • Right to restriction: Request that we restrict processing of your data in certain circumstances.
  • Right to data portability: Export your annotation data at any time in JSON, Markdown, or PDF format (available in Settings).
  • Right to object: Object to processing based on legitimate interests.

To exercise any of these rights, contact us at salaam@tafsirnotebook.com. We will respond within 30 days in accordance with UK GDPR requirements.

8. Cookies

We use essential session cookies only — solely to maintain your login state. These are strictly necessary for the service to function and do not require your consent under UK PECR. We do not use advertising cookies, tracking cookies, or any third-party cookies.

9. Children's privacy

This service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. Where changes are significant, we will notify you by email or by posting a clear notice within the application. The "Last updated" date at the top of this page will always reflect the most recent revision.

11. Right to complain

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

ICO website: ico.org.uk · Helpline: 0303 123 1113

We would, however, appreciate the opportunity to address your concerns before you contact the ICO. Please contact us first at salaam@tafsirnotebook.com.

12. Contact

For any questions about this Privacy Policy or how we handle your data, please contact us at salaam@tafsirnotebook.com.