Privacy Policy
This Privacy Policy applies to all mobile applications, services, and websites published by Sakinah Labs, including but not limited to CoinJar and any future apps we release. References to "the App" or "our Apps" refer to any and all applications under the Sakinah Labs developer account.
- We use Google Sign-In for authentication — we never see or store your password.
- We store family and chore data you create inside the app, on our own secure server.
- Children's profiles are created and controlled entirely by a parent or guardian.
- We do not sell your data, show targeted ads, or share data without your consent.
- You can request full account and data deletion at any time.
1. Who We Are
Sakinah Labs is an independent mobile app studio. Our apps are built and maintained by a single developer. You can reach us at sakinahlabs.io@gmail.com.
2. What Data We Collect
We only collect data that is strictly necessary for the app to function.
2.1 Account & Identity Data
We use Google Sign-In via Firebase Authentication. When you sign in, we receive from Google your:
- Display name (e.g., "Ahmed Hassan")
- Email address
- Profile photo URL (if provided by Google)
- A unique, anonymous Firebase UID assigned by Google
We never receive or store your Google password. Authentication is handled
entirely by Google. We store a record of your account on our server
(api.sakinahlabs.com) linked to your Firebase UID, along with a secure
API session token (issued by our backend) that keeps you logged in.
2.2 App Content You Create
In CoinJar, the data you voluntarily enter and that we store includes:
- Family name — the name you give your family group (e.g., "The Hassan Family")
- Children's profiles — a first name and a chosen avatar colour for each child. No child email addresses or personal identifiers are collected.
- Chore/task records — the names of chores you create and assign (e.g., "Wash dishes")
- Coin activity logs — a record of coins awarded, deducted, or redeemed, including which parent performed the action and when
- Reward tier settings — the custom reward tier names and coin values you configure
- Parent PIN — a numeric PIN used to protect the Parent Portal. This is stored as a secure cryptographic hash; we cannot read or recover your actual PIN.
- Subscription status — whether your family is on a Free or Premium plan, including trial and expiry dates
2.3 Technical & Diagnostic Data
We may automatically collect limited technical information to keep the app stable:
- Crash reports — anonymous crash logs and device/OS information (e.g., Android 14, Pixel 7) via Firebase Crashlytics
- API session metadata — timestamps of sign-in and API activity for security and session management
- Device registration token — used to identify your device for session management (not for push notifications at this time)
We do not collect: precise location, contacts, camera or microphone access, browsing history, or any data unrelated to app functionality.
3. How We Use Your Data
| Data | Why We Use It |
|---|---|
| Google sign-in details | To create your account and keep you securely logged in |
| Family & children's names | To display your family inside the app |
| Chore & coin activity | To track chores, balances, and history — the core feature of the app |
| Parent PIN (hashed) | To verify access to the Parent Portal without storing a readable PIN |
| Subscription status | To determine which plan features your family has access to |
| Crash logs | To identify and fix bugs and app crashes |
We will never: sell your data to any third party, use your data for advertising or profiling, share it without your explicit consent (except as required by law), or use children's data for any purpose other than operating the app.
4. Children's Privacy
CoinJar is designed to be used by families with children. We take this responsibility seriously. Our approach is:
- No direct data collection from children. Children do not sign in, create accounts, or enter any personal information. A parent or guardian creates the family account and manages all children's profiles.
- Children's profiles contain only a name and avatar colour — both chosen by the parent. We do not collect a child's date of birth, school, contact details, or any other sensitive information.
- No behavioural advertising. We do not display any ads, targeted or otherwise, to users of any age.
- If you believe we have inadvertently collected personal information from a child without proper parental consent, please contact us immediately at sakinahlabs.io@gmail.com and we will delete it promptly.
5. Data Storage & Security
Your app data is stored on our backend server at api.sakinahlabs.com, a dedicated API running on a secured VPS with a MySQL database. Data in transit is encrypted using HTTPS/TLS.
Security measures include:
- All API communication encrypted with HTTPS/TLS
- API session tokens issued and managed by Laravel Sanctum (not stored in plain text)
- Parent PINs stored only as bcrypt hashes — never reversible
- Family-scoped authorization — users can only access their own family's data
- Rate limiting on authentication endpoints to prevent brute-force attacks
- The app uses Google Sign-In only — we never handle or store passwords
No system is 100% secure. If we ever become aware of a data breach that affects your personal information, we will notify you promptly in accordance with applicable law.
6. Third-Party Services
Our apps use the following third-party services. Each operates under its own privacy policy, which we link below:
Handles user sign-in. Google receives your authentication information when you sign in. We receive a verified identity token in return — we never receive your Google password.
Google Privacy Policy →Collects anonymous crash reports to help us identify and fix bugs. Reports include device model, OS version, and the app state at the time of crash — no personal data.
Firebase Privacy Policy →Required for core Android functionality (e.g., app updates, device integrity checks). Governed by Google's standard terms.
Google Privacy Policy →We do not use any advertising SDKs, analytics tracking platforms (e.g., Mixpanel, Amplitude), or social media SDKs.
7. Data Retention
We keep your data for as long as your account is active. Specifically:
- Your account and family data are retained while you use the app.
- If you request account deletion, all personal data and family data is permanently deleted within 30 days.
- Anonymised crash logs (which contain no personal identifiers) may be retained for up to 90 days for debugging purposes.
- We do not retain data for any purpose beyond what is described in this policy.
8. Your Rights & Choices
You have the right to:
- Access — request a summary of the personal data we hold about you
- Correct — update your display name or family details within the app
- Delete — request full deletion of your account and all associated data
- Object — opt out of non-essential data processing (currently there is none beyond app function)
To exercise any of these rights, email sakinahlabs.io@gmail.com. We will respond within 30 days.
9. Account & Data Deletion
In compliance with Google Play's User Data policy, you may request permanent deletion of your account and all data at any time — including all family records, children's profiles, chore history, and coin balances.
🗑️ Request Account Deletion
Email us from the address associated with your account with the subject "Delete My Account". We will permanently delete all your data and confirm within 30 days.
Request Deletion →10. Changes to This Policy
We may update this Privacy Policy when we release new apps or change how we handle data. When we do, we will update the "Last Updated" date at the top of this page. For significant changes, we may also display an in-app notice. Continued use of our apps after a policy update constitutes acceptance of the revised policy.
11. Contact Us
Questions, concerns, or requests about this Privacy Policy or your data:
Sakinah Labs — Privacy Inquiries
We're a small studio and we respond personally. Expect a reply within 2–3 business days.
✉️ sakinahlabs.io@gmail.com