Privacy Policy for Ibtikar

Last Updated: January 2025

1. Introduction

Ibtikar ("we," "our," or "us") operated by Ibtikar Development (Account ID: 8344367188917813700) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application Ibtikar (the "App").

By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use the App.

2. Information We Collect

2.1 Account and Authentication Information

When you connect your Twitter/X account through OAuth 2.0 authentication, we collect the following information:

• Twitter/X User ID: A unique identifier assigned by Twitter/X to your account
• Username: Your Twitter/X username (handle)
• Display Name: Your public display name on Twitter/X
• Profile Image URL: The URL of your Twitter/X profile picture
• Email Address: Derived from your Twitter/X username for account identification
• OAuth Tokens: Access tokens and refresh tokens (encrypted using Fernet encryption) that allow us to access your Twitter/X data on your behalf
• OAuth Scopes: Information about the permissions you granted (tweet.read, users.read, follows.read, offline.access)

2.2 Content and Post Data

To provide our AI-powered content analysis service, we collect and process the following data from your Twitter/X account:

• Posts and Tweets: Text content of posts from accounts you follow in your Twitter/X feed
• Post Metadata:
  • Post IDs (unique identifiers for each post)
  • Author IDs (Twitter/X user IDs of post authors)
  • Timestamps (when posts were created)
  • Language codes (detected language of posts)
  • Source information (platform identifier)
• Following List: Information about accounts you follow to fetch their posts for analysis

2.3 AI Analysis Results

When we analyze content using our AI models, we generate and store:

• Classification Labels: Whether content is classified as "harmful", "safe", or "unknown"
• Confidence Scores: Numerical scores (0.0 to 1.0) indicating the AI's confidence in its classification
• Analysis Timestamps: When each analysis was performed
• Aggregate Statistics: Counts of harmful, safe, and unknown classifications per user

2.4 App Usage and Technical Data

We may automatically collect certain information about how you use the App:

• Activation Status: Whether you have enabled or disabled the AI analysis feature
• App Preferences: Your settings and preferences within the App
• Error Logs: Technical error information to help us improve the App (may include device information, timestamps, and error messages)
• Performance Data: Information about App performance and responsiveness
• Device Information: Basic device information (operating system, app version) for troubleshooting

2.5 Information We Do NOT Collect

We want to be transparent about what we do not collect:

• Your Twitter/X password (we never have access to this)
• Your location data (unless explicitly provided)
• Your contacts or address book
• Your phone number (unless you provide it separately)
• Payment or financial information
• Biometric data
• Photos or media files from your device (we only access Twitter/X posts)

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Core Service Provision

• Content Analysis: To analyze posts from your Twitter/X feed using AI models to identify potentially harmful content
• Safety Alerts: To provide you with real-time alerts about harmful content in your feed
• Account Authentication: To authenticate and maintain your connection to Twitter/X
• Feed Access: To fetch and display posts from accounts you follow on Twitter/X

3.2 Service Improvement

• AI Model Enhancement: To improve the accuracy of our AI classification models (using anonymized data where possible)
• Bug Fixes: To identify and fix technical issues and errors
• Performance Optimization: To optimize App performance and user experience
• Feature Development: To develop new features and functionality

3.3 Communication and Support

• User Support: To respond to your inquiries, requests, and provide customer support
• Service Notifications: To notify you about important changes to our services or policies

3.4 Legal and Security

• Compliance: To comply with applicable laws, regulations, and legal processes
• Security: To protect the security and integrity of our services
• Fraud Prevention: To detect, prevent, and address fraud, abuse, or security issues

4. Third-Party Services and Data Sharing

4.1 Twitter/X (X Corp.)

We integrate with Twitter/X API to provide our services. When you connect your Twitter/X account:

• We access your Twitter/X data through their official API
• Your use of Twitter/X is also governed by Twitter's Privacy Policy
• We only access data you explicitly authorize through OAuth scopes
• You can revoke our access at any time through your Twitter/X account settings
• We do not share your data back to Twitter/X except as necessary to use their API

4.2 AI/ML Processing Services

We use AI models to analyze content:

• Custom Arabic BERT Model: We use a custom fine-tuned Arabic BERT (AraBERT) model for toxicity classification
• Hugging Face: We may use Hugging Face infrastructure or models for AI processing
• Processing: Content is processed securely and is not shared with third parties for purposes other than analysis
• No Training Data: Your content is not used to train third-party AI models without your explicit consent

4.3 Hosting and Infrastructure Services

Our services are hosted on third-party infrastructure:

• Render: Our backend API and database are hosted on Render (render.com). Render's privacy policy applies: Render Privacy Policy
• Data Storage: Your data is stored in SQLite databases hosted on Render's secure infrastructure
• Data Transmission: All data transmission between your device and our servers uses HTTPS/TLS encryption

4.4 Data Sharing Policy

We do NOT sell your personal data. We may share your information only in the following limited circumstances:

• Service Providers: With trusted service providers who assist us in operating our App (hosting, analytics) under strict confidentiality agreements
• Legal Requirements: When required by law, court order, or government regulation
• Protection of Rights: To protect our rights, privacy, safety, or property, or that of our users
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)

5. Data Storage and Security

5.1 Security Measures

We implement comprehensive technical and organizational security measures to protect your data:

• Encryption in Transit: All data transmission uses HTTPS/TLS 1.2 or higher encryption
• Encryption at Rest: OAuth tokens are encrypted using Fernet symmetric encryption (AES-128) before storage
• Secure Authentication: We use OAuth 2.0 PKCE (Proof Key for Code Exchange) flow for secure authentication
• Access Controls: Database access is restricted to authorized personnel only
• No Password Storage: We never store your Twitter/X password
• Regular Security Updates: We regularly update our systems and dependencies to address security vulnerabilities
• Secure Backend: Our backend API uses secure coding practices and input validation

5.2 Data Location

Your data is stored and processed:

• Primary Storage: On Render's servers, which may be located in various regions
• Processing: Data processing occurs on our backend servers and AI model infrastructure
• Backups: Backup copies may be stored in secure locations for disaster recovery

5.3 Data Breach Procedures

In the unlikely event of a data breach:

• We will notify affected users within 72 hours of becoming aware of the breach
• We will report breaches to relevant data protection authorities as required by law
• We will take immediate steps to contain and remediate the breach

6. Data Retention and Deletion

6.1 Retention Periods

We retain your data for the following periods:

• Active Accounts: Data is retained while your account is active and you are using the App
• Analyzed Posts: Retained to provide you with historical analysis and insights
• OAuth Tokens: Retained until you revoke access or delete your account
• Error Logs: Retained for up to 90 days for troubleshooting purposes

6.2 Account Deletion

When you delete your account (see Delete Account page):

• Immediate Deletion: Your account data is deleted immediately from our active databases
• Complete Removal: All of the following are permanently deleted:
  • Your user account and profile information
  • All analyzed posts and content data
  • OAuth tokens and authentication data
  • Analysis results and classifications
  • App preferences and settings
• Backup Deletion: Backup copies are deleted within 30 days
• No Recovery: Once deleted, your data cannot be recovered

6.3 Automatic Deletion

We may automatically delete data in the following circumstances:

• If your account is inactive for an extended period (12+ months)
• If you revoke Twitter/X OAuth access and do not reconnect within 90 days
• If required by law or regulation

7. Your Rights and Choices

You have the following rights regarding your personal data:

7.1 Access Rights

• View Your Data: You can view your analyzed posts and data within the App
• Request a Copy: You can request a copy of all data we hold about you by contacting us
• Account Information: You can view your account information in the App's profile section

7.2 Deletion Rights

• Delete Account: You can delete your account and all associated data at any time (see Delete Account page)
• Revoke Access: You can revoke Twitter/X OAuth access through your Twitter/X account settings
• Request Deletion: You can request deletion of specific data by contacting us

7.3 Control Rights

• Activation Control: You can enable or disable the AI analysis feature at any time
• OAuth Control: You can revoke or modify Twitter/X permissions at any time
• Data Processing: You can stop data collection by disabling the App or deleting your account

7.4 GDPR Rights (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data for certain purposes
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

7.5 Exercising Your Rights

To exercise any of these rights, please contact us at support@ibtikar.app. We will respond to your request within 30 days.

8. Children's Privacy

Our App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the App, you consent to the transfer of your information to these countries. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Cookies and Tracking Technologies

Our App does not use cookies or similar tracking technologies. We do not track users across other apps or websites. The App only uses necessary session data to maintain your login state.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page
• Updating the "Last Updated" date at the top of this policy
• Providing notice through the App (for significant changes)

Your continued use of the App after such changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about what personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at support@ibtikar.app.

13. Contact Us

Request Account Deletion | Back to App

This Privacy Policy is effective as of January 2025. Last Updated: January 2025.