Privacy Policy
No account, no servers of ours holding your data. Here's exactly how Quran (القرآن الكريم) handles your information.
Last Updated: June 13, 2026
1. Introduction
Welcome to Quran (القرآن الكريم) ("we," "our," or "us"), developed and published by MainCreator Lab. This Privacy Policy explains, in plain language, how the Quran iOS mobile application (the "App") handles your information.
By downloading, installing, or using the App, you agree to the practices described in this Privacy Policy. If you do not agree with the terms of this policy, please do not use the App.
2. Summary — In One Paragraph
Quran is an audio Quran player. We do not operate any server that holds your data, and we do not require an account, email, or password. Your downloads, your favorites, and every setting you choose live only on your iPhone or iPad. To play a recitation, the App streams or downloads audio files directly from mp3quran.net, a long-running public Quran-audio library. To keep the App free, it integrates two well-known third-party services from Google — AdMob for advertising and Firebase (Analytics + Remote Config) for aggregate usage statistics and remote configuration. These are governed by Apple's App Tracking Transparency (ATT) framework and Google's User Messaging Platform (UMP) consent form, both described in detail below. We never receive your listening history, your favorites, or your settings.
3. Information We Do NOT Collect
Quran is designed with a privacy-first approach. We want to be completely transparent about what we do not collect:
- We do not collect your name, email address, phone number, or any personal identification information.
- We do not require account creation, sign-in, or user registration.
- We do not operate any backend server, so we never receive a copy of which surahs you play, which reciters you choose, what you download, or what you mark as a favorite.
- We do not access your location, Apple Health (HealthKit), your contacts, your photos, your camera, or your microphone.
- We do not sell, trade, or rent any information to third parties.
- We do not embed social-media tracking SDKs (e.g., Facebook SDK, TikTok SDK) and we do not share data with such networks.
4. Audio Streaming & Downloads (mp3quran.net)
The Quran recitations you hear are not bundled inside the App; they are hosted by mp3quran.net, a free, long-established Quran-audio library. When you press play or tap download, your device makes a direct network request to mp3quran.net (or its content-delivery network) to fetch the requested MP3 file.
- Like any request to any website, that connection necessarily exposes your device's IP address and the file you requested to mp3quran.net's servers, which may record them in standard server logs. This is required for the audio to reach your device, and it happens between your device and mp3quran.net directly — we do not sit in the middle and we do not receive this information.
- We are not affiliated with mp3quran.net and have no control over their infrastructure or their logging. Their handling of requests is governed by their own policies; you can learn more at mp3quran.net.
- Once you download a surah, it is saved on your device and plays locally — no further network request to mp3quran.net is needed for that file.
- If you want to avoid these requests entirely, download the surahs you want while on a trusted connection and then listen offline, or use the App only with downloaded content.
5. Local Data Storage
Quran stores all user-generated content and preferences locally on your device. This includes:
- Downloads: The MP3 files you choose to download are stored in the App's own private storage area on your device, organized by reciter and surah, so they're available offline.
- Favorites: The reciters and surahs you mark as favorites are stored locally so they're easy to return to.
- Resume state: The App remembers the last reciter, surah, and playback position so you can pick up where you left off. This is stored locally.
- Settings: Your display language, theme, surah sort order, active filters and collection, playback speed, sleep-timer preference, and every other choice — all stored locally using iOS UserDefaults.
- Counters: A small number of local counters (for example, app-launch count for the optional rating prompt, ad-frequency timing, and your remaining download quota) are kept on your device to make the App behave correctly. They are not personal data and are never uploaded by us.
This data is never uploaded, synced, or transmitted to any server of ours — we don't have one. If you delete the App, all locally stored data, including your downloads, is permanently removed from your device.
6. Advertising (AdMob)
Quran is free and is supported by advertising served through Google AdMob. The App may show the following ad formats:
- Banner ads — small banners shown occasionally within lists.
- Interstitial ads — a full-screen ad shown at natural breaks (for example, after opening several reciters), rate-limited so it is never intrusive.
- App Open ads — an occasional ad shown as the App returns to the foreground.
- Rewarded ads — entirely optional. You may choose to watch a short ad to unlock additional offline downloads. You are never required to watch one to use the App's core features.
To deliver these ads, AdMob may process certain device-level information in accordance with Apple's App Tracking Transparency framework and Google's consent tooling:
- If you decline tracking (see ATT and Consent below), ads remain non-personalized — no Identifier for Advertisers (IDFA) is shared with AdMob, and Google's SDK is instructed to serve contextual ads only.
- If you allow tracking, AdMob may use the IDFA and standard ad-delivery signals to show more relevant ads.
- You can review or change your tracking choice at any time under iOS Settings > Privacy & Security > Tracking > Quran.
- AdMob's own data practices are governed by Google's Advertising Policies. Ads never contain or use your listening history, favorites, or downloads.
- The number, frequency, and even the presence of ads can be adjusted remotely through Firebase Remote Config (see below) without a new App update — including being turned off entirely.
7. App Tracking Transparency (ATT)
In full compliance with Apple's App Store Review Guidelines and the App Tracking Transparency framework:
- The App will show the standard iOS ATT prompt before any tracking-eligible signal (such as the IDFA) is shared with Google AdMob.
- You can decline tracking — the App will continue to work fully, and the ads shown will be non-personalized.
- We do not fingerprint your device or correlate identifiers across apps in any other way.
- You can review or change your tracking preference at any time under Settings > Privacy & Security > Tracking on your iOS device.
8. Consent (Google User Messaging Platform)
For users in the European Economic Area, the United Kingdom, and other regions that require it, the App presents a consent form via Google's User Messaging Platform (UMP) before advertising is initialized. This is the mechanism that gathers your GDPR/ePrivacy consent for personalized advertising.
- Advertising is only initialized after the consent flow has completed — the ad SDK does not start until you have made your choice.
- Where required, a "Privacy options" entry is available so you can reopen the consent form and change your choice at any time.
- The consent signal is managed by Google's UMP SDK in accordance with the IAB Transparency & Consent Framework.
9. Analytics, Diagnostics & Firebase
To improve the App's stability and understand high-level usage patterns, Quran relies on a combination of Apple's own built-in tools and Google's Firebase platform:
- Apple Crash & Analytics Reports: If you have opted in to "Share iPhone Analytics" under Settings > Privacy & Security > Analytics & Improvements, Apple may share anonymized crash and performance data with developers. You can turn this off at any time in iOS Settings.
- Firebase Analytics (minimal): Firebase Analytics collects aggregated, non-personal events — such as app open, screen view, and broad device/region buckets — so we can understand which features are useful and which need improvement. We do not log custom events that identify you personally, and we do not enable Firebase's advertising features (such as Google Signals or IDFA collection from within Firebase). IP addresses processed by Firebase are truncated/anonymized as documented by Google.
- Firebase Remote Config: The App fetches a small set of configuration values (feature flags, ad frequencies, ad on/off toggles, the free-download quota, and similar) from Firebase Remote Config so we can tune the experience without shipping a full update. The fetch request sends only standard Firebase metadata (app version, OS version, locale, country, and a Firebase Installation ID); it does not send any personal content about you. The response contains only configuration values.
- Firebase Installation ID: Firebase generates a random, per-install identifier used by Analytics and Remote Config. It is not tied to you personally and is automatically reset if you reinstall the App.
- Where the data is processed: Firebase services are operated by Google and may store data on servers located in the United States, the European Union, or other regions. Google relies on mechanisms recognized for international data transfers (such as Standard Contractual Clauses). Firebase's practices are governed by the Firebase Privacy and Security overview and Google's Privacy Policy.
- Your control: You can reset your Firebase Installation ID at any time by reinstalling the App, and you can revoke iOS-level analytics sharing under iOS Settings > Privacy & Security > Analytics & Improvements.
10. Apple Media & "Now Playing"
To play recitations in the background and show controls on your Lock Screen and in Control Center, the App uses Apple's AVFoundation audio framework and the Now Playing system (MPNowPlayingInfoCenter / MPRemoteCommandCenter). The surah title, reciter name, and playback progress are handed to iOS so the system can display the standard media controls. This information is processed on-device by iOS and is not collected by us. You control playback at any time from the Lock Screen, Control Center, headphones, or CarPlay.
11. Children's Privacy
Quran is suitable for all ages and is not directed at collecting information from children. We do not knowingly collect personal information from children under the age of 13. If you believe that a child has provided personal information through the App, please contact us so we can take appropriate action. Parents who wish to avoid advertising entirely can decline tracking via the ATT and consent prompts; the App remains fully usable.
12. Third-Party Services and Links
The App relies on the third-party services described above (Google AdMob, Google Firebase, and the mp3quran.net audio library) and may contain links to third-party websites (for example, our website or App Store pages) that are not owned or controlled by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review their policies:
- Google Privacy Policy — policies.google.com/privacy
- Firebase Privacy & Security — firebase.google.com/support/privacy
- mp3quran.net — mp3quran.net
13. Data Security
We take the security of your data seriously. Since all of your downloads, favorites, and settings are stored locally on your device, they benefit from the hardware-level encryption and security features provided by Apple's iOS platform, including device passcode protection and Secure Enclave encryption. We recommend protecting your device with a passcode or Face ID / Touch ID.
14. Your Rights under the GDPR (EU / EEA / UK)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) — and its UK equivalent — grants you a set of rights regarding your personal data. This section explains how those rights apply to Quran.
14.1 Data Controller
The data controller responsible for any personal data processed in connection with the App is:
MainCreator Lab
Email: contact@maincreator.com
You can reach us at the address above for any privacy-related question or request. We do not currently meet the thresholds that would require us to appoint a formal Data Protection Officer (DPO), but the contact above will handle every GDPR enquiry directly.
14.2 What Personal Data Is Processed
- On your device only (not received by us): your downloads, favorites, resume state, and settings.
- Via mp3quran.net (when you stream or download): your IP address and the audio file requested, processed directly by mp3quran.net to deliver the recitation.
- Via Firebase Analytics & Remote Config: aggregated app-open / screen-view events, device model, OS version, locale, country, truncated IP address, and a randomly generated Firebase Installation ID.
- Via Google AdMob (only if you allow tracking via ATT/consent): the IDFA and standard ad-delivery signals. If you decline, only contextual, non-personalized ad signals are processed.
14.3 Legal Basis for Processing (GDPR Article 6)
- Consent (Art. 6(1)(a)) — for personalized advertising via AdMob and for any tracking-eligible signals, granted through the Google UMP consent form and the iOS App Tracking Transparency prompt. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
- Legitimate interests (Art. 6(1)(f)) — for security, abuse prevention, delivery of the audio you request, and the minimal Firebase processing required to keep the App stable. We have weighed this against your rights and concluded that diagnostic data limited to aggregated metrics has a minimal privacy impact.
- Compliance with legal obligations (Art. 6(1)(c)) — where applicable (for example, responding to lawful requests from authorities).
14.4 Your Rights
Subject to the conditions set by the GDPR, you have the right to:
- Access (Art. 15) — request confirmation of whether we process personal data about you and obtain a copy of it.
- Rectification (Art. 16) — ask us to correct inaccurate personal data.
- Erasure / "right to be forgotten" (Art. 17) — ask us to delete personal data we hold about you. Because your content lives only on your device, the most direct way to exercise this is to delete the App; for Firebase / AdMob signals you can also reset your identifiers and reinstall the App.
- Restriction of processing (Art. 18) — ask us to stop processing your data while a complaint or correction request is being resolved.
- Data portability (Art. 20) — receive your personal data in a structured, machine-readable format. Since we hold no personal data about you on any server, there is nothing for us to export.
- Object (Art. 21) — object to processing based on legitimate interests, including profiling. We will stop the relevant processing unless we demonstrate compelling legitimate grounds that override your interests.
- Withdraw consent — at any time, from the in-app "Privacy options" form, or from iOS Settings > Privacy & Security > Tracking.
- Lodge a complaint — with your local supervisory authority (for example, the CNIL in France, the ICO in the UK, the AEPD in Spain, the Garante in Italy, or any other EU/EEA data protection authority).
To exercise any of these rights, contact us at contact@maincreator.com. We will respond within one month (extendable by two further months for complex requests, in line with Art. 12(3)). There is no fee for reasonable requests.
14.5 International Data Transfers
Some of our processors — notably Google (Firebase, AdMob) — operate global infrastructure that may transfer personal data outside the EU/EEA or the UK, including to the United States. Such transfers rely on safeguards recognized under the GDPR, including the European Commission's Standard Contractual Clauses (SCCs) and applicable adequacy decisions. You can request more information about these safeguards by contacting us.
14.6 Data Retention
- On-device data: retained for as long as the App is installed; permanently removed when you delete the App.
- Firebase Analytics: retained for the default user-and-event retention period configured for our project (up to 14 months), then aggregated.
- AdMob signals: retained by Google per its own retention policies.
14.7 California (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA") grants you similar rights — including the right to know what categories of personal information we collect and share, the right to delete personal information, the right to correct inaccurate information, and the right to opt out of the "sale" or "sharing" of personal information for targeted advertising. We do not sell your personal information for money. The processing of advertising identifiers via AdMob may qualify as "sharing" under the CPRA — you can opt out at any time by declining the ATT prompt or by enabling "Limit Ad Tracking" in iOS Settings. To exercise your CCPA/CPRA rights, contact us at contact@maincreator.com.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated Privacy Policy on this page and updating the "Last Updated" date at the top. We encourage you to review this page periodically. Continued use of the App after changes constitutes your acceptance of the updated policy.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
MainCreator Lab
Email: contact@maincreator.com