Privacy Policy
Last updated: June 2026
Overview
Rhemn ("we," "us," or "our") operates the Rhemn browser extension and related web properties (collectively, the "Service"). This Privacy Policy explains what personal information we collect, how we use it, and your rights regarding that information.
By using the Service you agree to the practices described here. If you do not agree, please discontinue use and uninstall the extension.
Information We Collect
1. Account Information
When you sign in with Google or Apple we receive:
- Display name — provided by your identity provider
- Email address — used to identify your account
- Profile photo URL — provided by your identity provider
- Authentication tokens — short-lived Firebase ID tokens used to verify your identity on our servers; never stored long-term in plaintext
We do not receive or store your Google or Apple password.
2. User-Created Content
The following content is created by you and stored so it syncs across your devices:
- Tasks (to-dos) and task lists
- Notes (text content, title, tags)
- Focus intentions you type into the focus bar
- Saved ("favorited") Quran verses
- App preferences (weather unit, prayer calculation method, display settings)
3. Voice Notes & AI Features
When you record a voice note, audio from your microphone is captured only while you are actively recording and is sent — by way of our backend — to our speech-to-text provider (OpenAI) to generate a written transcript. We use the audio solely to produce that transcript and do not retain the audio recording after transcription completes.
When you use AI features, the relevant text is sent to a third-party AI provider to generate the response. It is processed only to return your result; our providers do not use it to train their models. Different features use different providers:
- Note AI features — note summaries, voice-note summaries and structuring, and in-editor AI writing tools (continue, rewrite, summarize, translate, and similar) — send your note content or voice-note transcript to OpenAI, our default provider for these features. (Depending on our configuration, this note text may instead be processed by Anthropic.)
- Quran AI features — Quran insights, Ask, tafsir, related verses, and verse reflections — send the verse you are viewing (and, for reflections, the intention you enter) to Anthropic.
4. Location Information
The weather widget and prayer times feature require your approximate location (latitude and longitude). Location coordinates are obtained via the browser Geolocation API only when you enable these features and are sent directly to our third-party data providers (OpenWeatherMap for weather; Aladhan for prayer times). We do not store your precise GPS coordinates on our servers. Your city-level location preference may be stored locally in the extension and in your account preferences.
5. Usage Analytics (opt-in only)
If you accept analytics when prompted, we collect anonymous feature-usage events such as "task added," "qibla opened," or "prayer times viewed." These events are linked to a randomly generated identifier — not your name or email — and are processed by PostHog. You can withdraw consent at any time in Settings.
6. Subscription & Billing Information
If you subscribe to Rhemn Pro, payment is processed entirely by Stripe. We never see or store your full card number, CVV, or bank details. We retain your Stripe customer ID and subscription status (active / cancelled / trial) to unlock Pro features.
7. Technical Information
Our servers receive standard HTTP request information when the extension communicates with our backend, including your IP address. We do not use IP addresses for tracking or advertising; they may appear in server logs that are automatically purged after 30 days.
What we do NOT collect
- Browsing history or URLs you visit in any tab
- Keystrokes, clipboard contents, or screenshots
- Data from any other browser extension
- Precise persistent location (only passed to weather / prayer time APIs per request)
- Information about other apps on your device
- Biometric data
How We Use Your Information
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Account information | Authenticate you; display your name in greetings; link your data across devices | Contract performance |
| User-created content | Sync tasks, notes, and preferences to your account | Contract performance |
| Voice-note audio (transient) | Transcribe your recording into text via our speech-to-text provider | Consent (feature is opt-in) |
| Note / verse text (AI features) | Generate AI summaries, structured notes, and Quran insights | Consent / contract performance |
| Location (transient) | Fetch weather and calculate prayer times on demand | Consent (feature is opt-in) |
| Analytics events | Understand which features are used so we can improve the product | Consent (opt-in banner) |
| Subscription status | Gate Pro features; manage billing relationship | Contract performance |
| Server logs / IP address | Security, abuse prevention, debugging | Legitimate interest |
We do not use your information for automated decision-making that produces legal or similarly significant effects.
Data Retention
- Account data & user content — retained for the lifetime of your account. Deleted within 30 days of an account-deletion request.
- Server logs (including IP addresses) — automatically purged after 30 days.
- Analytics events — retained in PostHog for up to 12 months, then aggregated or deleted.
- Stripe records — Stripe retains transaction records as required by financial regulations (typically 7 years); we retain only subscription status.
-
Local extension data — stored in
chrome.storage.localon your device and cleared when you uninstall the extension or use the in-app "Delete my data" function.
Your Privacy Rights
Depending on where you live, you may have some or all of the following rights. To exercise any of them, email privacy@rhemn.com from the address associated with your account. We will respond within 45 days (or the timeframe required by applicable law).
Request a copy of the personal information we hold about you.
Ask us to fix inaccurate or incomplete information.
Request deletion of your account and all associated personal data.
Receive a machine-readable export of your todos, notes, and preferences.
Withdraw analytics consent at any time in Settings → Privacy.
We will not deny service, charge different prices, or provide a different level of service because you exercised a privacy right.
State-Specific Rights
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA)
Residents of Virginia, Colorado, Connecticut, Utah, and Texas have the right to: access personal data we process about you; correct inaccuracies; delete personal data you have provided; obtain a portable copy of your data; and opt out of the processing of personal data for purposes of targeted advertising or the sale of personal data (neither of which we do). To appeal a decision regarding your request, reply to our response email within 60 days.
European Union & United Kingdom (GDPR / UK GDPR)
If you are located in the EU or UK, you have the rights described above plus the right to object to processing based on legitimate interest and the right to lodge a complaint with your local supervisory authority. Our lawful bases for processing are described in the "How We Use Your Information" table above. We process EU/UK data on servers located in the United States; where required we rely on Standard Contractual Clauses for cross-border transfers.
Canada (PIPEDA / Law 25)
Canadian residents may request access to or correction of their personal information, and may withdraw consent where processing is consent-based, subject to legal and contractual restrictions. Québec residents have additional rights under Law 25, including the right to data portability and the right to be forgotten.
California Residents (CCPA / CPRA)
This section applies to California residents and supplements the rest of this Policy.
Categories of Personal Information Collected
| Category (Cal. Civ. Code § 1798.140) | Examples | Collected? |
|---|---|---|
| Identifiers | Name, email address | Yes |
| Personal information (Cal. Civ. Code § 1798.80) | Name, email | Yes |
| Protected classification characteristics | Religion inferred from use of Islamic features | No — we do not infer or store this |
| Commercial information | Subscription status | Yes |
| Internet / network activity | IP address in server logs | Yes (purged after 30 days) |
| Geolocation data | City-level location for weather/prayer times | Transient — passed to APIs, not stored on our servers |
| Inferences / profiles | — | No |
| Sensitive personal information | — | No |
| Biometric information | — | No |
Your California Rights
- Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete — request deletion of your personal information, subject to certain exceptions.
- Right to Correct — request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing — we do not sell or share your data, so this right is not applicable.
- Right to Limit Use of Sensitive Personal Information — we do not process sensitive personal information beyond what is necessary to provide the Service.
- Right to Non-Discrimination — we will not discriminate against you for exercising any of your rights.
To submit a verifiable consumer request, email privacy@rhemn.com. We will acknowledge your request within 10 business days and respond within 45 calendar days. We do not charge a fee unless requests are manifestly unfounded or excessive. We will verify your identity by confirming the email address on your account.
You may designate an authorized agent to submit a request on your behalf by providing written authorization.
Shine the Light (Cal. Civ. Code § 1798.83): We do not disclose personal information to third parties for their direct marketing purposes, so no disclosure is required under this statute.
Data Security
We implement reasonable technical and organizational safeguards to protect your information, including:
- HTTPS encryption for all data in transit between the extension and our servers
- Firebase Authentication tokens verified server-side on every API request
- Database access restricted to authenticated backend processes
- Stripe's PCI-DSS compliant infrastructure for payment data
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you as required by applicable law.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Updating the "Last updated" date at the top of this page
- Sending an email to the address associated with your account for material changes
- Displaying a notice in the extension for significant changes
Your continued use of the Service after the effective date of any changes constitutes acceptance of the revised Policy. If you disagree with any changes, please stop using the Service and contact us to delete your account.
Contact Us
For privacy-related questions, requests, or complaints:
Rhemn is an independent product. This privacy policy does not constitute legal advice. If you have questions about your specific legal rights, please consult a qualified attorney in your jurisdiction.