Privacy Policy

1. Data We Collect

1.1 Account Information

When you create an account, we collect your email address, display name, and (if you use Google sign-in) your Google profile picture URL. This is required for authentication, subscription management, and the referral program.

1.2 Aggregated Activity Statistics

If you are signed in, the extension syncs daily aggregate statistics to our servers. These include counts of: images filtered, sites blocked, audio streams muted, prayer lock events, and screen time totals. These are numerical summaries only — we never collect the URLs you visit, the content of pages, images, videos, or any browsing history.

1.3 Camera & Microphone Access Logs

When a website requests camera or microphone access, the extension logs the domain name, whether it was audio or video, and the timestamp. This helps you review which sites have requested media permissions. We do not record, intercept, or transmit any actual audio or video content.

1.4 Subscription & Payment Data

Payment processing is handled entirely by Stripe. We receive your subscription plan and status from Stripe but never see or store credit card numbers, bank details, or billing addresses.

1.5 Extension Settings

Your feature preferences, protection levels, blocklist customizations, and prayer time configuration are stored locally in Chrome storage and optionally synced to your account.

1.6 Referral Information

If you participate in the referral program, we store your unique referral code and track how many users signed up with it. We do not share your identity with people you refer.

2. Data We Do NOT Collect

HalalSurf does not collect, transmit, or store:

• Your browsing history or URLs visited
• Content of web pages, images, or videos you view
• Keystrokes, form inputs, or passwords
• Camera or microphone recordings
• Files on your computer
• Location data (geolocation is used on-device only for prayer time calculation and is never sent to our servers)

3. On-Device AI Processing

HalalSurf uses machine learning models (TensorFlow.js, NSFWJS, Human.js) that run entirely on your device using WebAssembly (WASM). Image and video analysis for content filtering happens locally in your browser — no images or video frames are ever uploaded to our servers or any third party. This is a core architectural decision to protect your privacy. The extension’s Content Security Policy includes wasm-unsafe-eval solely to enable these on-device AI models.

4. How We Use Your Data

• Authentication: To verify your identity and manage your session.
• Subscription management: To determine which features are available to you.
• Daily reports: To generate browsing reports on your dashboard.
• Leaderboard: Aggregated stats power an opt-in community leaderboard. Your display name may appear to other leaderboard participants.
• Referral program: To track and reward successful referrals.
• Product improvement: Aggregate, anonymized usage patterns help us improve feature effectiveness.

5. Host Permissions Justification

HalalSurf requires broad website access (<all_urls>) to perform its core functions. Specifically, the extension needs to run on every website to:

• Scan images and video frames for inappropriate content (on-device AI)
• Block access to sites on the user’s blocklist
• Monitor camera and microphone permission requests
• Remove ads and control social media feeds
• Display prayer time reminders and lock screens
• Apply grayscale browsing mode

All processing happens locally on your device. No page content is sent to external servers.

6. Data Storage & Security

Your data is stored on Supabase (hosted on AWS) with Row-Level Security (RLS) policies ensuring you can only access your own data. Authentication tokens are stored in Chrome’s session storage (cleared when the browser closes) and local storage (for session persistence). All communication between the extension and our servers uses HTTPS encryption.

7. Third-Party Services

• Supabase: Database and authentication (Privacy Policy)
• Stripe: Payment processing — we never store your card details (Privacy Policy)
• Google OAuth: Optional sign-in method (Privacy Policy)
• OpenStreetMap Nominatim: Reverse geocoding for prayer time location lookup (only coordinates are sent, no personal data)

We do not use any advertising, tracking, or third-party analytics services.

8. Data Retention & Deletion

Your data is retained for as long as your account is active. Browsing statistics older than 90 days are automatically archived. You can request full account and data deletion at any time by contacting us at privacy@kunventures.com, and we will process the request within 30 days. Uninstalling the extension immediately removes all locally stored data (settings, cached tokens, activity logs).

9. Children’s Privacy

HalalSurf is designed to be family-friendly and can be used as a parental control tool. We do not knowingly collect personal information from children under 13. If a parent or guardian becomes aware that their child has provided us with personal information, please contact us and we will delete it promptly.

10. Your Rights

You have the right to:

• Access: Request a copy of all data we hold about you.
• Rectification: Update your profile information in Settings.
• Erasure: Request deletion of your account and all associated data.
• Portability: Export your data in a portable format.
• Withdraw consent: Uninstall the extension at any time.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by updating the “Last updated” date and, for significant changes, through the extension or email notification.

12. Contact

For privacy-related inquiries or data requests, contact us at privacy@kunventures.com