Privacy Policy
Last Updated:
Introduction
Welcome to Aya Chat! This Privacy Policy explains how Cloud 9 Holdings Limited ("we," "us," or "our") collects, uses, and protects your personal information when you use our Aya Chat mobile application and related services (collectively, the "Services").
We are committed to protecting your privacy and being transparent about how we handle your data. This policy describes what information we collect, how we use it, who we share it with, and your rights regarding your personal information.
By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our Services.
This Privacy Policy should be read in conjunction with our Terms of Service, which govern your use of our Services.
Who We Are
Cloud 9 Holdings Limited is a Hong Kong limited liability company that develops and operates the Aya Chat mobile application. We are the data controller for the personal information we collect through our Services.
Our mission is to create a reliable and user-friendly tool through which you can improve your relationship with Islamic knowledge and practice. We provide AI-powered Islamic guidance, Quran study tools, prayer times, and educational content.
Data Controller:
Cloud 9 Holdings Limited
Unit 1603, 16th Floor, The L. Plaza
367 - 375 Queen's Road Central, Sheung Wan, Hong Kong
Email: hello@cloud9labs.co
What Information We Collect
We collect several types of information to provide and improve our Services. The categories of personal information we collect include:
Category | Description | Examples |
|---|---|---|
Account & Profile Data | Information you provide when creating and maintaining your account | Email address, username, password, profile preferences, subscription status |
User Inputs and AI Interactions | Content you provide to our AI services and the responses generated | Questions, text messages, uploaded files, AI-generated responses, conversation history |
Usage Data | Information about how you use our Services | App features used, time spent, navigation patterns, preferences, settings |
Technical Data | Technical information collected automatically when you use our Services | IP address, device type, operating system, browser type, app version, crash reports |
Location Data | Location information for prayer times and Islamic calendar features | City, time zone, general geographic location (with your consent) |
Communication Data | Information from your communications with us | Support emails, feedback, survey responses, social media interactions |
Payment Data | Information related to your subscription and payments | Subscription type, payment dates, transaction IDs (payment details are processed by app stores) |
Social Media Data | Information from social media accounts when you connect them to our Services | Profile information, friend lists, photos, interests (only with your permission) |
Special Note on AI Interactions
When you interact with our AI chatbot, we collect your questions, inputs, and the AI-generated responses. This data helps us improve our AI models and provide better service. We take special care to protect this information and use it only for legitimate business purposes.
How We Use Your Information
We use your personal information for the following purposes:
Service Provision
Provide access to Aya Chat features and functionality
Generate AI responses to your questions and inputs
Deliver personalized Islamic content and guidance
Calculate accurate prayer times for your location
Maintain your account and subscription
Service Improvement
Analyze usage patterns to improve our Services
Train and improve our AI models
Develop new features and functionality
Fix bugs and resolve technical issues
Conduct research and analytics
Communication
Send service-related notifications and updates
Respond to your inquiries and support requests
Send marketing communications (with your consent)
Notify you about changes to our Services or policies
Legal and Safety
Comply with legal obligations and regulations
Protect against fraud and abuse
Enforce our Terms of Service
Resolve disputes and legal claims
Protect the safety and security of our users
Legal Basis for Processing
Under data protection laws, we must have a legal basis for processing your personal information. Our legal bases include:
Contractual Necessity
Processing necessary to provide our Services under our Terms of Service, including account management, AI interactions, and subscription services.
Legitimate Interests
Processing for our legitimate business interests, such as improving our Services, ensuring security, and conducting analytics, balanced against your privacy rights.
Consent
Processing based on your explicit consent, such as for marketing communications or optional features like location services.
Legal Compliance
Processing necessary to comply with legal obligations, such as responding to legal requests or maintaining records for tax purposes.
How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
Service Providers
We share information with trusted third-party service providers who help us operate our Services, such as cloud hosting, analytics, and customer support platforms. These providers are contractually obligated to protect your information.
AI Model Training
We may use anonymized and aggregated data from AI interactions to improve our models and services. We remove personal identifiers before using this data for training purposes.
Legal Requirements
We may disclose information when required by law, legal process, or government request, or to protect our rights, property, or safety, or that of our users or others.
Business Transfers
In the event of a merger, acquisition, or sale of our business, your information may be transferred to the new entity, subject to the same privacy protections.
With Your Consent
We may share information with third parties when you have given us specific consent to do so.
Data Retention
We retain your personal information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy. Our retention periods vary depending on the type of information:
Account Data
Retained until you delete your account, plus up to 30 days for backup deletion.
AI Interaction Data
Retained for up to 2 years for service improvement, or until you request deletion.
Technical and Usage Data
Retained for up to 1 year for analytics and service improvement.
Legal and Financial Records
Retained as required by applicable laws and regulations, typically 7 years.
When we no longer need your personal information, we securely delete or anonymize it. Some information may be retained in anonymized form for research and analytics purposes.
Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:
Encryption of data in transit and at rest
Regular security assessments and penetration testing
Access controls and authentication mechanisms
Employee training on data protection and security
Incident response and breach notification procedures
Regular security updates and patches
While we strive to protect your personal information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our security measures.
Your Role in Security
You can help protect your information by using strong passwords, keeping your login credentials confidential, and notifying us immediately if you suspect any unauthorized access to your account.
International Data Transfers
Your personal information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country.
When we transfer your information internationally, we implement appropriate safeguards to ensure your information receives an adequate level of protection, including:
Standard Contractual Clauses approved by the European Commission
Adequacy decisions by relevant data protection authorities
Binding corporate rules and certification schemes
Other appropriate safeguards as required by applicable law
By using our Services, you consent to the transfer of your information to countries outside your residence country, including the United States and other countries where our service providers operate.
Your Rights Under GDPR and UK Data Protection Laws
If you are located in the European Union, European Economic Area, or the United Kingdom, you have certain rights under data protection laws. You can exercise these rights by contacting us at hello@cloud9labs.co.
Right to Information
You have the right to receive clear and transparent information about how we process your personal information, which we provide in this Privacy Policy.
Right of Access
You have the right to access your personal information and receive a copy of the data we hold about you. Please include your account ID, name, and email address when making a request.
Right to Rectification
You have the right to correct inaccurate or incomplete personal information. You can update most information directly in your account settings, or contact us for assistance.
Right to Erasure (Right to be Forgotten)
You have the right to request deletion of your personal information in certain circumstances, such as when the information is no longer necessary for the original purpose or when you withdraw consent.
Right to Restrict Processing
You have the right to request that we limit how we process your personal information in certain circumstances, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability
You have the right to receive your personal information in a structured, commonly used format and to transmit it to another service provider where technically feasible.
Right to Object
You have the right to object to processing of your personal information for direct marketing purposes or when processing is based on legitimate interests.
Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.
Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection authority if you believe we have violated your privacy rights. You can contact:
Your local EU data protection authority
The UK Information Commissioner's Office (ICO) if you're in the UK
The Hong Kong Privacy Commissioner for Personal Data for our jurisdiction
Exercising Your Rights
To exercise any of these rights, please contact us with the following information:
Your full name and email address
Your account ID (if applicable)
A clear description of your request
Proof of identity (for security purposes)
We will respond to your request within one month, or inform you if we need additional time.
California Privacy Rights (CCPA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):
Right to Know
You have the right to know what personal information we collect, use, disclose, and sell about you.
Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out of Sale
You have the right to opt-out of the sale of your personal information. We do not sell personal information as defined by the CCPA.
Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA rights.
To exercise your CCPA rights, please contact us at hello@cloud9labs.co with "CCPA Request" in the subject line.
Children's Privacy
Our Services are not directed to children under the age of 18, and we do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
If we discover that we have collected personal information from a child under 18 without proper consent, we will take steps to delete that information promptly.
Parents and guardians are responsible for monitoring their children's internet activities and ensuring compliance with our age restrictions.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:
Update the "Effective Date" at the top of this policy
Notify you through our app or by email for material changes
Provide a summary of key changes when appropriate
Obtain your consent for changes that significantly affect your rights
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
Your continued use of our Services after changes are posted constitutes acceptance of the updated Privacy Policy.
Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
General Privacy Inquiries
Email: hello@cloud9labs.co
Subject: Aya Chat Privacy Inquiry
Data Protection Officer
Email: hello@cloud9labs.co
Subject: Data Protection Request
Mailing Address
Cloud 9 Holdings Limited
Unit 1603, 16th Floor, The L. Plaza
367 - 375 Queen's Road Central, Sheung Wan, Hong Kong
We aim to respond to all privacy inquiries within 30 days. For urgent matters, please indicate this in your subject line.