Legal · Effective March 2025

Privacy
Policy.

LYTDesign™ · Norway GDPR Compliant March 2025
Your recitation is between you and Allah. It should stay that way. This Privacy Policy explains what data QuraLYT collects, why, and how it is protected. We have designed QuraLYT from the ground up to collect as little as possible. In the free Core tier, we collect nothing at all. This page exists because the law requires us to tell you — and because you deserve to know.
Contents
01 Who We Are — Data Controller 02 Free Core App — What We Collect 03 Pro & Elite Accounts — What We Collect 04 Contact Form 05 Cookies & Website 06 Third-Party Processors 07 Your Rights Under GDPR 08 Data Breach Policy 09 Supervisory Authority & Contact
01 ——

Who We Are —
Data Controller.

GDPR Article 13 — Identity of Controller

Under the GDPR and the Norwegian Personal Data Act, the Data Controller responsible for your personal data is LYTDesign™, based in Norway, operated by Sohail.

Data Controller
LYTDesign™ · Norway
Operated by: Sohail (Founder)
Email: hello@lytdesign.com
Legal framework
This policy complies with: GDPR (EU) 2016/679 as incorporated into the EEA Agreement · Norwegian Personal Data Act (LOV-2018-06-15-38) · Apple App Store privacy requirements · Google Play Store privacy requirements.
Who this applies to
This policy applies to all users of the QuraLYT™ app and the QuraLYT website, regardless of where you are in the world. If you are in the EEA, GDPR rights apply fully.
02 ——

Free Core App —
What We Collect.

The short answer

In the free Core tier: nothing. QuraLYT runs entirely offline and locally on your device. No data is sent to any server. No account is needed. Nothing is collected.

Data typeCollected?Where storedPurpose
Reading position Local onlyYour deviceResume where you left off
Bookmarks Local onlyYour deviceSave your ayahs
App preferences Local onlyYour deviceRemember your settings
Identity / emailNot collected
LocationNot collected
Usage behaviourNot collected
Device identifiersNot collected
Crash/diagnostic dataNot collected

QuraLYT contains no analytics SDKs, no advertising SDKs, no crash reporting SDKs (such as Firebase, Mixpanel, or Amplitude) in the Core tier. What happens on your device stays on your device.

03 ——

Pro & Elite Accounts —
What We Collect.

When Pro and Elite tiers launch, a user account will be required only for cloud sync. Here is exactly what is collected and why:

Data typeCollected?PurposeLegal basis (GDPR)
Email address YesAccount identity, login, account recoveryArt. 6(1)(b) — contract performance
Password (hashed) YesSecure account accessArt. 6(1)(b) — contract performance
Bookmarks & reading position EncryptedCloud sync across devicesArt. 6(1)(b) — contract performance
App preferences EncryptedSync your settingsArt. 6(1)(b) — contract performance
Behavioural dataNever
Payment detailsNot by usHandled by Apple/Google only
Encryption
All account data is encrypted in transit using TLS and encrypted at rest. Your password is never stored in plain text — only a secure hash is retained.
Retention
Account data is retained for as long as your account is active. Upon deletion it is permanently removed within 7 days. Cloud sync data is deleted immediately on account deletion.
What we never do with account data
Your account data is never sold, shared with advertisers, used for profiling, or used for behavioural tracking. It exists solely to provide you with cloud sync. Period.
04 ——

Contact Form —
What We Collect.

If you contact us through the website contact form, we collect:

Name and email address
Used only to reply to your message. Retained for no longer than necessary to resolve your enquiry. Legal basis: Art. 6(1)(f) GDPR — legitimate interests (providing support).
Message content
Used only to understand and respond to your enquiry. Never shared with third parties. Deleted once resolved.
Deletion on request
Email hello@lytdesign.com at any time to request that your contact data be deleted. We will action it within 7 days.
05 ——

Cookies &
Website.

The short answer

The QuraLYT website uses no tracking cookies, no advertising cookies, and no analytics cookies. We do not track visitors to our website.

Session functionality
The contact form may use a short-lived session token to submit your message securely. This is a functional cookie only. It expires when you close your browser and contains no personal data.
No analytics cookies
We do not use Google Analytics, Facebook Pixel, Hotjar, or any other third-party analytics tool on this website. No visitor tracking of any kind.
No advertising cookies
We do not run retargeting campaigns. No advertising network has ever placed a cookie on this website. This will not change.

Norwegian cookie law: Under Norwegian ePrivacy regulations aligned with GDPR, consent is required for non-essential cookies. Since we use only essential functional cookies, no consent banner is required. If this ever changes, a proper consent mechanism will be added before any non-essential cookies are placed.

06 ——

Third-Party
Processors.

We use the minimum number of third-party services required to operate. Below is a full and transparent list:

Apple App Store
Distributes QuraLYT on iOS and macOS. Apple collects purchase and device data under their own privacy policy at apple.com/privacy. LYTDesign™ has no control over Apple's data practices as platform operator.
Google Play Store
Distributes QuraLYT on Android. Google collects device and usage data under their own privacy policy at policies.google.com. LYTDesign™ has no control over Google's data practices as platform operator.
Cloud sync provider (Pro & Elite — future)
When cloud sync launches, the provider will be named here with a link to their GDPR data processing agreement. We will only use providers that sign a DPA (Data Processing Agreement) with us and are GDPR compliant. No provider will be selected until this is confirmed.
No advertising networks — ever
QuraLYT does not use and will never use any advertising network, data broker, or third-party tracking service. This is not a gap in the list — it is intentional.
07 ——

Your Rights
Under GDPR.

If you are in the EEA (including Norway), you have the following rights under GDPR. To exercise any of these rights, email hello@lytdesign.com. We will respond within 30 days.

Right to Access
Request a copy of any personal data we hold about you. (Art. 15 GDPR)
Right to Rectification
Request correction of inaccurate personal data. (Art. 16 GDPR)
Right to Erasure
Request deletion of your personal data. We act within 7 days. (Art. 17 GDPR)
Right to Portability
Receive your data in a machine-readable format to transfer elsewhere. (Art. 20 GDPR)
Right to Object
Object to processing based on legitimate interests. (Art. 21 GDPR)
Right to Withdraw Consent
Where processing is based on consent, withdraw it at any time. (Art. 7 GDPR)

Since the Core app collects no data, most of these rights will confirm: "We hold no personal data about you." For Pro/Elite account holders, all rights apply fully to your account data.

08 ——

Data Breach
Policy.

72-hour notification rule
In the event of a personal data breach, we will notify Datatilsynet (the Norwegian Data Protection Authority) within 72 hours of becoming aware of it, as required by GDPR Art. 33.
Notifying affected users
If a breach is likely to result in a high risk to your rights and freedoms, we will notify affected users directly without undue delay, as required by GDPR Art. 34.
Why breaches are unlikely
Because the Core app collects no data and stores everything locally on your device, a server-side breach cannot expose Core users' data — there is nothing to breach. Pro/Elite data is encrypted at rest and in transit, minimising risk.
09 ——

Supervisory Authority
& Contact.

Norwegian Data Protection Authority (Datatilsynet)
If you believe we have processed your personal data unlawfully, you have the right to lodge a complaint with Datatilsynet — the supervisory authority for Norway.

Website: datatilsynet.no
Email: postkasse@datatilsynet.no
Phone: +47 22 39 69 00
Contact us first
We always prefer to resolve any concerns directly. Email hello@lytdesign.com and we will respond within 30 days. Data Controller: Sohail · LYTDesign™ · Norway.
Updates to this policy
We will notify users of material changes to this Privacy Policy via the app and this page with an updated effective date. Continued use after notice constitutes acceptance.
بِسۡمِ ٱللَّهِ

Your privacy is a trust. We carry it with the weight it deserves.

QuraLYT™ · LYTDesign™ · Norway · © 2025 · GDPR Compliant

Terms & Conditions Return to QuraLYT