1. Introduction
WisQu ("we," "our," or "us") operates the WisQu Islamic Chatbot application (the "Service"), available at chat.wisqu.ai, wisqu.ai, and through our mobile applications on Apple App Store and Google Play Store.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using WisQu, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not access or use the Service.
2. Information We Collect
2.1 Information You Provide Directly
Account Information:: Email address, full name, and password (hashed) when you register, or your Google account profile (name, email, profile picture, Google ID) if you sign in with Google OAuth.Profile Information:: Profile picture (if uploaded), preferred language, and timezone.Chat Conversations:: Messages you send, including questions about Islamic jurisprudence, Quranic interpretation, and other religious topics, along with AI-generated responses.Voice Messages:: Audio recordings you submit for transcription, processed and stored temporarily (7–30 days).File Uploads:: Documents, images, or other files you upload for processing within the chat.Feedback:: Ratings (like/dislike), feedback comments, and helpfulness assessments on AI responses.Support Tickets:: Messages and information you provide when contacting our support team.Payment Information:: If you make a donation, payment processing is handled by a third-party payment processor. We store transaction reference IDs only — we do not store your credit card number, CVV, or full payment card details on our servers.Account Deletion Feedback:: If you choose to provide a reason when deleting your account.2.2 Information Collected Automatically
Device & Session Information:: IP address, browser type, user agent string, device information, and operating system when you create a session or log in.Usage Data:: Message counts, token usage, features used (e.g., chat modes: standard, scholarly, deep search), and interaction timestamps.Cookies:: We use an HTTP-only refresh token cookie for authentication. This cookie is strictly functional and is not used for advertising or tracking. See Section 8 for details.2.3 AI Memory System
WisQu uses an AI memory system to remember relevant facts from your conversations to provide personalized and contextually accurate responses. This may include:
Your preferred Islamic jurisprudential authority (marja taqlid)Your geographic region (for Hijri date calculations and prayer times)Language preferences and conversation contextOther facts you share during conversations that improve response qualityMemory data is stored in vector and graph databases on our infrastructure. You can ask WisQu to forget specific information during a chat session.
3. How We Use Your Information
Provide the Service:: Process your questions, generate AI responses, search Islamic knowledge sources, and deliver personalized content.Authenticate & Secure:: Verify your identity, manage sessions, and protect against unauthorized access.Personalize:: Remember your preferences (language, marja, region) for a tailored experience.Improve Quality:: Analyze usage patterns, AI response quality, and feedback to improve accuracy and reliability of Islamic content.Monitor & Debug:: Track system performance, detect errors, and ensure service reliability.Enforce Safety:: Apply content guardrails to prevent misuse and ensure responses align with authentic Islamic scholarship.Process Payments:: Manage donations through our third-party payment processor.Communicate:: Send transactional emails (email verification, password reset OTPs) and respond to support tickets.4. Third-Party Service Providers
To provide the Service, we share certain data with categories of third-party service providers who process data on our behalf. These providers are contractually bound to protect your data and use it only for the purposes we specify.
AI Language Model Providers:: Process your questions and generate AI responses — chat messages and conversation context are shared.AI Vision & Speech Providers:: Image analysis and speech-to-text transcription — uploaded images and audio files are shared.Web Search Providers:: Searching the web for supplementary information — search queries derived from your questions are shared.Search Relevance Providers:: Improving the relevance and ranking of search results — text snippets for relevance scoring are shared.AI Quality & Monitoring Providers:: Monitoring AI response quality and system performance — pseudonymized user ID, chat messages, AI responses, usage metrics, and feedback scores are shared.Authentication Providers:: Social sign-in (e.g., Sign in with Google) — OAuth tokens; the provider shares your name, email, and profile picture with us.Payment Processors:: Processing donations — payment details are handled directly by the processor; we store only transaction reference IDs. The identity of our payment processor is disclosed at the point of payment.Email Delivery Providers:: Sending transactional emails (verification, password reset) — email address and email content (OTP codes, verification links) are shared.We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Upon request, we can provide the specific identity of any third-party provider processing your data, as required by applicable law.
5. Data Storage & Security
5.1 Where We Store Data
Relational Database:: Account data, conversations, messages, and settings.Vector Database:: AI memory embeddings and document search indexes.Graph Database:: Entity relationships for knowledge retrieval.Object Storage:: Profile pictures, uploaded files, and audio recordings.In-Memory Cache:: Session data, rate limiting, and response cache.Our infrastructure is hosted on secure servers. Data in transit is encrypted using TLS/HTTPS. Passwords are hashed using bcrypt with 12 rounds. API keys are hashed before storage.
5.2 Data Retention
Account & profile data:: Until you delete your account.Conversations & messages:: Until you delete them or your account.AI memory (preferences, marja):: Until you request deletion or delete your account.Profile pictures:: Until you remove them or delete your account.Voice recordings:: 7–30 days (automatically deleted).Temporary file uploads:: 24 hours (automatically deleted).General file uploads:: 90 days (automatically deleted).Session data:: 60 minutes (access token) / 30 days (refresh token).OTP codes:: 15–30 minutes (automatically deleted).Usage analytics:: Per our analytics provider's retention policy.Payment records:: Per our payment processor's retention policy and legal requirements.Application logs:: 7–30 days.6. Your Rights & Choices
6.1 All Users
Access:: View your profile, preferences, and conversation history through the app.Correction:: Update your profile information, name, and preferences at any time.Deletion:: Delete individual conversations, or permanently delete your entire account via Settings > Delete Account.Session Management:: View active sessions, revoke individual sessions, or revoke all sessions.Data Training Opt-Out:: Control whether your data is used for AI training improvements via the allow_data_for_training setting.Memory Control:: Ask WisQu to forget specific information it has memorized about you.6.2 European Economic Area (EEA) Residents — GDPR
If you are located in the EEA, you have additional rights under GDPR: right to access, rectification, erasure ("Right to Be Forgotten"), restriction of processing, data portability, objection, and withdrawal of consent.
Legal Basis for Processing: We process your data based on (a) your consent, (b) performance of our contract with you, (c) our legitimate interests (improving the Service, ensuring security), and (d) compliance with legal obligations.
To exercise these rights, contact us at privacy@wisqu.com. We will respond within 30 days.
6.3 California Residents — CCPA/CPRA
California residents have the right to know what personal information we collect, request deletion, opt out of sale (we do not sell your personal information), non-discrimination, correction, and to limit use of sensitive personal information. Contact us at privacy@wisqu.com to exercise these rights.
6.4 Other Jurisdictions
We respect privacy rights worldwide, including under Brazil's Lei Geral de Proteção de Dados (LGPD), Canada's PIPEDA, United Kingdom GDPR, and Australia's Privacy Act 1988. Contact us and we will accommodate your request to the extent required by applicable law.
7. Children's Privacy
WisQu is not directed to children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@wisqu.com.
8. Cookies & Tracking Technologies
We use minimal cookies strictly necessary for the Service to function:
refresh_token (HTTP-only, Strictly Necessary):: Authentication — maintains your login session for 30 days.We do not use advertising cookies, analytics cookies, social media tracking pixels, or any third-party tracking technologies for behavioral advertising. We do not participate in cross-site tracking.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, compliance with applicable data transfer regulations, and data processing agreements with all third-party providers.
10. Account Deletion
You can permanently delete your account at any time through the app (Settings > Delete Account) or by contacting privacy@wisqu.com. The following data is permanently and irreversibly deleted from our systems:
Your account profile and authentication data.All conversations and messages.All uploaded files and profile pictures.Your preferences, settings, and AI memories.Your session data and authentication tokens.Support tickets and feedback.Note: Payment processor records are retained by the processor per their legal obligations. Some anonymized, aggregated usage statistics may be retained for analytics purposes.
11. Data Security
We implement industry-standard security measures including encryption in transit (TLS/HTTPS), password hashing (bcrypt with 12 rounds), API key hashing before storage, HTTP-only secure cookies for authentication tokens, rate limiting and abuse prevention, content guardrails and input validation, role-based access controls, and regular security monitoring and logging.
No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@wisqu.com.
12. AI-Generated Content Disclaimer
WisQu provides AI-generated responses about Islamic topics based on authentic sources. However:
AI responses are informational and should not be considered authoritative religious rulings (fatwa).For matters requiring a formal religious ruling, consult a qualified Islamic scholar or your marja taqlid's office directly.We strive for accuracy but cannot guarantee that all AI-generated content is free from errors.Your conversations are processed by third-party AI providers (see Section 4), which means your messages are transmitted to these providers for processing.13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy with a new "Last Updated" date and sending an in-app notification or email for significant changes. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
14. Contact Us
Privacy:: privacy@wisqu.comGeneral Support:: support@wisqu.comSecurity Issues:: security@wisqu.comWebsite:: wisqu.comFor GDPR-related inquiries, we will respond within 30 days. For CCPA-related inquiries, we will respond within 45 days.