Qawiقوي
Sign inStart free

Privacy

Last updated 22 May 2026 · v1.0

Qawi is a private practice app for Muslims. You write down goals, score yourself, log habits, and review your week. We treat what you write as yours.

Who runs Qawi

Qawi is operated by Zubair Ashraf as an individual. There is no company entity yet. Reach me at salam@coachzubair.com for any privacy question, data request, or correction.

What we collect and why

When you sign up, we store your email, name, and a hashed password. We use them to sign you in and send the emails you turn on. Every reminder email carries a “Manage subscription or unsubscribe” link that opens a page where you can toggle each reminder type or stop everything in one click. No login required.

Inside the app, we store the things you create: your yearly vision across the five dimensions, quarterly themes, weekly plans, daily entries with self-scores, habits and habit logs, principles, coach conversations, and feedback you submit. We store your timezone, week start day, and vision day so the app shows the right page on the right day.

We do not sell data. We do not run ads. We do not share your entries with anyone.

Who we share with

These are the services that hold or process your data so the app can run:

  • Supabase (database and auth, US-West). Stores everything above. Policy: supabase.com/privacy
  • Resend (email sending). Receives your email address and the email body for reminders and notifications. Policy: resend.com/legal/privacy-policy
  • Vercel (hosting and CDN). Receives request logs, IP addresses, and user agents. Policy: vercel.com/legal/privacy-policy
  • Sentry (error monitoring). Receives error reports with emails, IPs, and request bodies scrubbed before send. Policy: sentry.io/privacy
  • GitHub (encrypted nightly database backup, stored as a private release with 30-day retention). Policy: docs.github.com/.../privacy-statement
  • Google Gemini (AI features). When you use a daily reflection, habit suggestion, weekly or quarterly synthesis, vision draft, or coach conversation, the relevant entries and your principles go to Gemini for one response. Free tier today. Policy: policies.google.com/privacy. You can bring your own Gemini key under Settings → AI; that keeps your AI calls on your own quota. By default the key stays in your browser's localStorage. If you also opt in to personalized scheduled features (morning email tied to yesterday's entry, evening question tied to today's), the same key is stored on Qawi's servers, encrypted at rest with AES-256-GCM, and used only by the reminder job for those emails. You can remove the server-stored copy any time.

We scrub emails, names, and request bodies from Sentry error events before they leave the server.

How long we keep things

Live data stays until you delete your account. Backups live in a private GitHub release for 30 days, then roll off.

Your controls

Open Settings to export your data as JSON or delete your account. Delete is final. It removes your profile, entries, habits, logs, feedback, and reminder preferences. It also cancels future reminders. The backup that contains your data ages out within 30 days.

If something goes wrong with export or delete, email salam@coachzubair.com and I will run it by hand.

Children

Qawi is not for children under 13. Do not sign up if you are under 13.

Changes

If we change anything that affects what we collect, share, or keep, we will email everyone with an account before the change takes effect.

Contact

salam@coachzubair.com