Privacy Policy

Effective Date: May 24, 2026

Last Updated: May 24, 2026

Munabook ("Munabook", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect information when you use our websites, mobile applications, tutoring services, learning tools, community features, and connected third-party services (collectively, the "Services").

Munabook is an independent product and is not an official application of Quran Foundation. Where applicable, Munabook uses Quran Foundation APIs and may access content from the Quran.com domain and QuranReflect ecosystem in accordance with applicable third-party terms, policies, and technical requirements.

1. Who We Are

Munabook operates Quran learning and related educational services through the following entities:

• Service Provider: SUNSHING NETWORK PTE. LTD., 12 Woodlands Square #15-78 Woods Square, 737715, Singapore (SG)
• Contact Email: jimmylee@sunshingnetwork.com
• Contact Phone: +65 90154540

2. Scope of This Policy

This Privacy Policy applies to our websites, mobile apps, tutoring marketplace, booking and payment flows, messaging and class features, Quran study tools, reflection features, and integrations with third-party accounts and APIs, including connected apps and OAuth-based services where applicable.

Where this Privacy Policy refers to Quran Foundation, "QF Content" means Quran text, translations, metadata, audio, reflections, and other content made available through the relevant APIs or related services.

3. Information We Collect

3.1 Information You Provide to Us

• Name, username, email address, phone number, password, and account credentials
• Profile information such as avatar, country, learning preferences, and language settings
• Booking information, tutor preferences, schedules, class requests, and support requests
• Payment-related information, billing details, transaction records, and order history
• Messages, feedback, reviews, reflections, notes, comments, and other user-generated content
• Audio, video, recordings, or files you choose to upload or share in connection with classes or app features
• Information you provide when contacting customer support or participating in surveys, promotions, or events

3.2 Information Collected Automatically

• IP address, browser type, device type, operating system, app version, language, and identifiers
• Usage logs, access times, pages or screens viewed, clicks, session activity, and diagnostics
• Crash reports, performance data, network information, and security-related event logs
• Approximate location inferred from IP address, and precise location only if you grant permission

3.3 Information from Device Permissions

Depending on the features you use, we may request access to:

• Camera and Photos: to upload profile images, assignments, or class-related media
• Microphone: for recitation, voice, call, or classroom features
• Notifications: to send reminders, booking updates, security notices, and service alerts
• Contacts: only if you use an optional feature that requires contact matching or invitations
• Location: only if a feature requires it and you choose to enable it

3.4 Information from Third Parties

• Information from sign-in providers such as Google, Apple, or other supported identity providers
• Information from payment processors and fraud prevention providers
• Information from analytics, cloud, customer support, and communication providers
• Information from connected services that you choose to authorize

4. How We Use Information

We use personal data as necessary to operate, improve, and protect the Services, including to:

• Create and manage accounts
• Provide Quran learning tools, tutoring, scheduling, messaging, and community features
• Process bookings, subscriptions, purchases, payments, and refunds
• Save and sync learning progress, bookmarks, reflections, goals, and other user activity
• Authenticate users and maintain account security
• Provide customer support and respond to questions or requests
• Send transactional messages such as confirmations, reminders, and security notices
• Improve product quality, diagnose issues, monitor performance, and prevent abuse or fraud
• Comply with legal obligations and enforce our terms, policies, and platform rules

We collect and use only the minimum data reasonably necessary for the features we provide. We do not use QF user data or similar learning data to build advertising profiles. We do not sell, rent, mine, or repurpose such data for unrelated commercial uses. We do not use user reflections, notes, or other user-generated devotional content to train AI models without a separate and explicit user consent process.

5. Sensitive Religious Data

Quran reading activity, reflections, devotional notes, and similar information may reveal a person's religious beliefs or practices and may be treated as sensitive personal data under certain privacy laws.

We treat this category of data with heightened care. We process it only to provide the religious and learning features you choose to use and, where required by applicable law, on the basis of your explicit consent or another valid legal basis permitted by law.

6. Connected Apps, OAuth, and Quran.Foundation Integrations

Some Munabook features may allow you to connect a third-party account or service, including Quran.Foundation services, through an authorization flow such as OAuth 2.0.

• When you choose to connect such an account, you are redirected to the third party's authorization page.
• We do not receive or store your third-party account password.
• We may receive authorization tokens, account identifiers, permitted profile information, and access scoped to the features you authorize.
• We use that access only to provide the connected feature, such as syncing reflections, bookmarks, learning activity, or other user-authorized actions.
• For QF-connected features, we request only the minimum scopes reasonably necessary for the feature involved and aim to support feature-specific or incremental authorization where technically available.
• You may revoke access at any time through Munabook settings, the connected third-party service, or both.

If you disconnect a connected service, some synced features may stop working or may no longer update going forward. Disconnecting does not automatically delete content previously stored in your Munabook account unless you separately request deletion where applicable.

For Quran Foundation-connected sessions, users may also be able to end the connected session and revoke associated tokens via the Quran Foundation OpenID Connect logout flow described here: https://api-docs.quran.foundation/docs/oauth2_apis_versioned/revoke-oidc-session/.

7. Legal Bases for Processing

Where required by applicable law, we process personal data on one or more of the following bases:

• Your consent
• Performance of a contract with you
• Compliance with legal obligations
• Our legitimate interests, including security, product improvement, fraud prevention, and service administration

8. How We Share Information

We do not sell your personal data. We may share personal data only as reasonably necessary with:

• Service providers that help us operate the Services, such as hosting, analytics, customer support, communications, security, and payment providers
• Tutors or students, where necessary to provide booked classes, messaging, scheduling, or class participation
• Connected third-party platforms or APIs that you choose to authorize
• Professional advisers, auditors, insurers, or corporate affiliates where reasonably necessary
• Authorities or other parties where required by law or necessary to protect rights, safety, and security
• A buyer, investor, successor, or affiliate in connection with a merger, financing, acquisition, restructuring, or sale of assets

We require our service providers and data processors, by contract where applicable, to protect user data, use it only for authorized purposes, and not misuse Quran or Quranic text. Where a third party processes user data on our behalf, we seek to ensure that appropriate data protection obligations are in place.

9. International Data Transfers

We may process and store information in countries other than your own, including the Singapore and other jurisdictions where our service providers operate. Where required, we take reasonable steps to ensure appropriate safeguards are in place for cross-border data transfers.

Where required, we rely on legally recognized transfer mechanisms, including Standard Contractual Clauses or equivalent safeguards, and we remain responsible for complying with applicable local data protection and transfer laws in the jurisdictions where our users are located.

10. Data Retention

We retain personal data for as long as reasonably necessary to provide the Services, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, enforce agreements, and maintain security and business records.

Retention periods may vary depending on the type of data, the feature involved, the sensitivity of the data, and our legal or operational requirements.

If you request deletion of your Munabook account, we will begin the deletion process within a reasonable time. Where technically and legally feasible, data will be removed from live systems first and then aged out of backups according to our backup retention process. If a connected provider independently deletes its own account or revokes access, some associated synced data may no longer remain available through connected features.

11. Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include encryption in transit, access controls, logging, monitoring, and periodic security reviews.

No system is completely secure, and we cannot guarantee absolute security.

Our security program is designed to reflect industry-standard practices such as TLS for data in transit, encryption-at-rest where appropriate, least-privilege access controls, and a regular secret rotation process. Our incident response objective is to investigate actual or suspected unauthorized access promptly and, where a QF-connected incident is involved, to escalate and report it without undue delay and in line with applicable contractual or platform requirements, including Security Rule 6.9 where applicable.

12. Cookies and Similar Technologies

We and our service providers may use cookies, SDKs, local storage, pixels, and similar technologies to keep you signed in, remember preferences, measure traffic, improve performance, detect abuse, and understand how users interact with the Services.

You may control cookies through your browser settings. Some features may not function properly if cookies are disabled.

13. Third-Party Services

Our Services may link to or integrate with third-party websites, apps, tools, APIs, payment processors, identity providers, video or communication platforms, analytics services, and connected platforms. We are not responsible for the privacy practices of third parties, and we encourage you to review their own privacy policies.

Depending on the services you use, relevant third parties may include Quran Foundation, app stores, payment processors, cloud hosting providers, analytics providers, communications or video providers, and customer support tools. Their handling of data is governed by their own policies and contractual arrangements with us, where applicable.

14. Children's Privacy

Our Services may be used by learners of different ages, including minors, under the supervision, consent, or involvement of a parent, guardian, school, or other authorized adult where required by law. We do not knowingly collect personal data from children in violation of applicable law. If you believe that a child has provided personal data unlawfully, please contact us and we will review the matter.

15. Your Rights

Depending on your jurisdiction, you may have rights to:

• Access, update, correct, or delete your personal data
• Object to or restrict certain processing
• Withdraw consent where processing is based on consent
• Request portability of certain data
• Request information about connected accounts or revoke linked permissions
• Lodge a complaint with a competent authority

To exercise your rights, please contact us at jimmylee@sunshingnetwork.com. We may take reasonable steps to verify your identity before responding.

We aim to respond to privacy-related requests within 30 days, subject to lawful extensions where permitted and reasonably necessary.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and, where required, provide additional notice. Your continued use of the Services after the updated policy becomes effective means that the updated policy applies.

Where appropriate, we may notify users of material changes through in-app notice, account messaging, email, or other reasonable means.

17. Contact Us

If you have any questions, requests, or complaints regarding this Privacy Policy, please contact:

• Email: jimmylee@sunshingnetwork.com
• Phone: +65 90154540
• Service Provider: SUNSHING NETWORK PTE. LTD.
• Address: 12 Woodlands Square #15-78 Woods Square, 737715, Singapore (SG)