Privacy policy

Last updated: October 17, 2025

Effective Date: 2025-10-17

equantulife operates this store and website, including all related information, content, features, tools, products and services (collectively, the "E-commerce Services"), as well as the iTasbeeh mobile application (the "App Service"). This policy uniformly describes how we collect, use, store, share, and protect your personal information when you visit and use any or all of these services (the "Services"), and what rights you have.

equantulife is powered by Shopify, which enables us to provide the E-commerce Services to you. This Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described herein.

 

1. Policy Cumulation and Conflict Resolution Principles

 

This Comprehensive Privacy Policy represents the formal merger and harmonization of the previous equantulife Privacy Policy (dated October 17, 2025) and all subsequent policies, including the iTasbeeh App Service Policy.

• Cumulative Obligation Principle: All rights, obligations, definitions, and disclosures contained within both predecessor policies are hereby deemed cumulative and additive, such that no provision in one policy shall be construed as negating or diminishing a provision in the other. The rights and remedies set forth herein are intended to be cumulative and are in addition to, and not in substitution for, any other rights or remedies provided by applicable law or equity, or by either predecessor policy, and may be exercised concurrently or independently.²

• Most Protective Standard: If any clause in this policy conflicts with a predecessor policy or applicable law, we shall default to the provision offering the highest level of consumer protection or the most favorable right to the consumer.⁴ This approach ensures that, for instance, the shortest legal response time for a consumer request will govern across the broadest applicable jurisdiction.⁵

 

2. Personal Information Collected or Processed

 

When we use the term "personal information," we are referring to information that identifies or can reasonably be linked to you or another person. We may collect or process the following categories of personal information, including inferences drawn from this personal information:

 

2.1. E-commerce Services (Website/Store) Data

 

This information is primarily related to your shopping, transactions, and site usage:

• Contact Details: Your name, address, billing address, shipping address, phone number, and email address.

• Financial Information: Credit card, debit card, and financial account numbers, payment card information, financial account information, transaction details, form of payment, payment confirmation and other payment details.

• Account Information: Your username, password, security questions, preferences and settings.

• Transaction Information: The items you view, put in your cart, add to your wishlist, or purchase, return, exchange or cancel and your past transactions.⁶

• Communications with us & User Content: The information you include in communications with us (e.g., customer support inquiry), and user content such as photos or audio data (e.g., product reviews).⁶

• Device Information: Information about your device, browser, or network connection, your IP address, and other unique identifiers.

• Usage Information: Information regarding your interaction with the Services, including how and when you interact with or navigate the Services (e.g., app launches, taps, clicks).⁶

 

2.2. App Services (iTasbeeh) Specific Data

 

This information is primarily related to the App's functionality, device connectivity, and religious features:

• Account Information (provided by you): email, username/nickname, password, language, gender; optional: phone, height, weight.

• Location & Geocoding (Sensitive Data): latitude/longitude, country/region code, address elements (city, province, street), accuracy; may include IP-based fallback.

  • Note on Precise Geolocation: This is considered Sensitive Personal Information.⁷ It is collected only with your explicit permission for the specific purposes of prayer time calculation, Qibla direction, Azan reminders, and localization.⁹

• Bluetooth & Device Information: Bluetooth device name, Bluetooth address (identifier), RSSI, device parameters (battery, firmware version, etc.).

• Counts & Tasks (generated during use): daily/history counts, round counts, task list & status, device-reported counts, sync status & timestamps.

• App Preferences & Settings (local persistence): prayer algorithm and madhhab, location cache, language/theme, Bluetooth/sync local states.

• Authentication Tokens & Session: access token and write time.

• Logs & Diagnostics (development mode): request/response logs may be printed only in development; disabled in production.

 

2.3. Personal Information Sources

 

We may collect personal information from the following sources:

• Directly from you: Including when you create an account, visit or use the Services, communicate with us, or otherwise provide us with your personal information.¹⁰

• Automatically through the Services: Including from your device when you use our products or services, and through the use of cookies and similar technologies.

• From our service providers: Including when we engage them to enable certain technology and when they collect or process your personal information on our behalf.

• From our partners or other third parties.

 

3. How We Use Your Personal Information

 

Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:

• Provide, Tailor, and Improve the Services: We use your personal information to provide you with the Services, including to perform our contract with you, process payments, fulfill orders, remember preferences, process returns, manage your account, arrange shipping, enable reviews, and create a customized shopping experience.

• App Specific Service Delivery: Used for registration, authentication, cross-device backup/restore, cloud sync, visualization, and to scan, connect, sync data with, and update your Tasbih device.

• Marketing and Advertising: We use your personal information for marketing and promotional purposes, such as to send communications by email, text message or postal mail, and to show you online advertisements for products or services on the Services or other websites.

• App Specific Marketing Policy: The App Service (iTasbeeh) does not include any advertising SDKs, and we do not sell or share App-specific data for advertising purposes.

• Security and Fraud Prevention: We use your personal information to authenticate your account, provide a secure payment and shopping experience, detect, investigate or take action regarding possible fraudulent, illegal, unsafe, or malicious activity, protect public safety, and secure our services.¹¹

• Communicating with You: We use your personal information to provide you with customer support, and to maintain our business relationship with you.

• Legal Reasons: We use your personal information to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies.¹²

 

4. How We Disclose Personal Information

 

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

• With Shopify and Service Providers: With Shopify, vendors and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).

• With Business and Marketing Partners: To provide marketing services and advertise to you. For example, we use Shopify to support personalized advertising with third-party services based on your online activity with different merchants and websites. Note: App-specific data (e.g., Bluetooth IDs, prayer counts) is excluded from this sharing.

• When you Direct or Consent: When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products.

• In Connection with a Business Transaction (Business Transfer Clause): In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations, to enforce any applicable terms of service or policies, and to protect or defend the Services. If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage. We ensure the acquiring entity commits to using or sharing the data in a manner that is not "materially inconsistent" with the promises made in this merged policy.¹³

 

5. App Services (iTasbeeh) Permissions and Local Storage

 

 

5.1. Mobile Application Permissions (iTasbeeh)

 

We request and use permissions only for the stated features. You may revoke them in system settings, which may affect related features. We follow the principle of graceful degradation if permissions are denied.¹⁵

• Location: Obtain coordinates and geocoding for prayer times and Qibla.

• Bluetooth: Scan, connect, communicate, and perform firmware updates.

• Storage/Media/Documents (on-demand): Only when you choose files (avatar, logs, firmware, etc.).

 

5.2. Local Storage and Data Retention

 

We use local storage (e.g., AsyncStorage) to persist essential data for offline and smoother user experience:

• token: access token with timestamp; auto-removed upon expiry.

• prayer-storage: city/country, coordinates, time zone, method, last update time, today’s prayer times.

• device-store: today/history counts, device list, task list, device prayer times, sync states, etc.

• userStore: user id, name, gender, height, weight, role, etc.

• goals-store: daily/weekly/monthly/yearly goals.

• cache-pool: page caches (e.g., Azan data, sync time).

• lastSyncTime: last cloud sync timestamp.

Retention: Local data remains until you uninstall, clear app data, or logout/clear in-app. Cloud data is retained for cross-device and history until you request deletion (e.g., account deletion).¹²

 

6. Relationship with Shopify

 

The Services are hosted by Shopify. For the purpose of applicable data protection laws, we (equantulife) are the primary Data Controller of your personal information.¹⁶ We determine the purposes and means of processing.¹⁷

Shopify acts as a Data Processor or service provider in executing transactions and managing the technical platform based on our instructions. Information you submit to the Services will be transmitted to and shared with Shopify. To learn more about how Shopify uses your personal information when acting as an independent Data Controller, you can visit the Shopify Consumer Privacy Policy.¹

 

7. Your Rights and Choices

 

Depending on where you live, you may have some or all of the following rights in relation to your personal information.¹ These rights include the right to know, correction, deletion, and portability.

• Right to Correct/Access: You may view and edit your personal information (e.g., nickname, gender, height/weight) in profile pages (App Service) or account settings (E-commerce Service).

• Right to Delete: You may contact us to request the deletion of cloud data/account. Logging out of the App Service will clear local data.

• Right of Portability: You can request the export of your core statistics (e.g., via cloud sync APIs).

• Right to Opt-out of Sale or Sharing for Targeted Advertising: You have the right to opt out of the "sale" or "share" of your personal information, or to opt out of the processing of your personal information for purposes considered to be "targeted advertising".¹⁹

• Right to Limit Use of Sensitive Personal Information (CPRA): You can direct us to limit the use of your sensitive personal information (including precise geolocation and financial account data) for limited purposes, such as providing you with the services you requested.⁷ We will be prohibited from requesting consent from you for 12 months after you direct us to limit the use of your sensitive data.⁸

Important Notice: Accelerated Response Timeline

Pursuant to the Most Protective Standard principle and compliance requirements like the New Jersey Data Privacy Act (NJDPA), we commit to processing all valid US resident opt-out requests (sale, sharing, or sensitive data limitation) within a maximum of fifteen (15) days.⁵

We also acknowledge the Global Privacy Control (GPC) signal as a valid request to opt-out for the device and browser you use.²⁰ Other than GPC, we do not recognize other "Do Not Track" signals.

 

8. International Transfers and Data Security

 

 

8.1. International Transfers

 

We may transfer, store and process your personal information outside the country you live in. If we transfer your personal information out of the European Economic Area (EEA) or the United Kingdom (UK), we rely on recognized transfer mechanisms:

• The European Commission’s Standard Contractual Clauses (SCCs); or

• The International Data Transfer Addendum (IDTA) or equivalent contracts issued by the relevant UK competent authority.²¹

• We will adopt non-binding Model Contractual Terms (MCTs) for data access and use as benchmarks when developing future agreements with data recipients, as recommended by EU authorities.²²

Technical and Organizational Supplemental Measures (TOMs):

To ensure data protection remains "essentially equivalent" during international transfer, we implement robust supplemental measures ²³:

• Transport Security: All APIs use HTTPS for data in transit; all transactions use TLS 1.3.¹¹

• Encryption: Data at rest is protected using industry-standard AES-256 encryption.

• Access Control: We enforce strict Role-Based Access Controls (RBAC) based on the principle of least privilege, ensuring access is limited to authorized personnel.²⁶

 

8.2. Data Security

 

We cannot guarantee "perfect security".¹¹ However, we employ proactive security measures:

• Credential Protection: Authentication tokens are stored in AsyncStorage and auto-cleaned upon expiry; auto-redirect to login on invalid credentials.

• Code Hardening: Android builds enable code shrinking/obfuscation and resource shrinking to protect code integrity.

• Monitoring: Continuous monitoring for suspicious activities to protect against unauthorized access, alteration, or loss of data.²⁷

 

9. Children's Data

 

The Services are not intended to be used by children. We do not knowingly collect any personal information about children under the age of majority in your jurisdiction. If we learn that a minor provided data without consent, we will delete it promptly. Note: In certain jurisdictions, such as New Jersey, we must obtain affirmative consent to process the personal data of minors (aged 13 to 17) for targeted advertising.²⁸

 

10. Loyalty Programs and Financial Incentives Disclosure

 

If the E-commerce Services include loyalty programs, membership discounts, or rewards systems, these constitute "Financial Incentives" under the CCPA/CPRA, requiring specific disclosure.²⁹

If you participate, the incentive is reasonably related to the value of your data. We perform periodic valuations to determine that the incentive provided (e.g., discounts, points) is justified by the operating expenses and value derived from the data collected, retained, and used (e.g., Transaction history, Usage information).³¹

You have the right to receive a Notice of Financial Incentive (NOFI) prior to opting-in, detailing the material terms and categories of data implicated, and you may opt-out at any time without affecting core membership status.³³

 

11. Changes to This Privacy Policy

 

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the "Last updated" date and provide notice as required by applicable law. Major changes to the App Service policy will be notified in-app or in release notes. Continued use indicates acceptance of the updated policy.

 

12. Contact

 

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please contact us:

• App Service Privacy Contact (iTasbeeh): support1@equantu.com

  • Response Time Commitment: We aim to respond to App Service inquiries and requests within 15 business days.

• E-commerce Services/General Contact: service@equantu.com

• Mailing Address: 1942 Broadway St STE 314C, Boulder, CO 80302, US, STE 314C, Boulder, CO, 80302, US

For the purpose of applicable data protection laws, we are the data controller of your personal information.