Arihna Biha logo

Arihna Biha

Arihna Biha

Trust

Personal Data Privacy Policy

This policy explains which personal data Arihna Biha processes, why we process it, how long we keep it, and which rights you can exercise.

Who is responsible for processing

JISRIFY publishes Arihna Biha and acts as data controller for the personal data processed through the service.

Controller

JISRIFY

SASU with a share capital of EUR 1,000

37 rue de la Republique, 92800 Puteaux, France

SIRET 100 701 705 00012

SIREN 100 701 705 - RCS Nanterre 100 701 705

Privacy contact

For any privacy request, contact support@arihna-biha.com.

Please use the email attached to your account whenever possible so we can verify the request safely.

What data we process

Arihna Biha keeps data processing narrow and tied to the product workflow.

Account and security data

  • Email address, password hash, role, and verification status
  • Session versioning and action tokens for verification and password reset
  • Security and anti-abuse signals used to protect authentication and sensitive account flows

Prayer setup and workspace data

  • Saved location, timezone, calculation method, school, selected prayers, and buffer settings
  • Preview drafts, managed calendar selection, sync history, undo history, and workspace job history
  • App-owned event references used to update, delete, or restore only events created by Arihna Biha

Connected provider data

  • Connected Google or Microsoft account email and display name
  • Provider account identifiers and selected calendar identifiers
  • OAuth access and refresh tokens stored encrypted at rest when a provider connection is active
  • When a provider connection is disconnected, stored tokens are removed locally; Google token revocation is requested where available, and Microsoft consent can be revoked from Microsoft account or organization permissions

Support and service operations

  • Emails you send to support
  • Operational email-delivery data needed to send account and security messages
  • Server, security, and application logs reasonably necessary to operate and defend the service

Why we process it

We process data only where it is needed to provide Arihna Biha or comply with legal obligations.

Contract and service delivery

  • Create and secure user accounts
  • Generate prayer previews and save workspace settings
  • Connect Google Calendar and Outlook calendars chosen by the user
  • Create, refresh, delete, and restore app-owned prayer blocks

Legitimate interests and legal obligations

  • Protect the service against abuse, fraud, and technical misuse
  • Respond to support, privacy, and legal enquiries
  • Maintain auditability for sync and delete actions
  • Comply with accounting, security, and legal retention duties

Processing summary

This summary links the main processing purposes to their legal bases, retention approach, and recipients.

Account access and security

  • Purpose: create accounts, verify email ownership, maintain sessions, and protect sensitive flows.
  • Legal basis: contract for account access, legitimate interest for security, and legal obligation where records must be retained.
  • Retention: active account lifetime, plus short security windows for verification and reset tokens.

Prayer and calendar features

  • Purpose: generate prayer previews, save Prayer Defaults, connect calendars selected by the user, and deliver Prayer Blocks.
  • Legal basis: contract for requested product features and legitimate interest for auditability of calendar actions.
  • Retention: active account lifetime, unless the user deletes the account or disconnects a provider earlier.

Support, billing, and operations

  • Purpose: respond to support requests, send service emails, process Supporter billing, and maintain reliability.
  • Legal basis: contract, legitimate interest, and legal obligations for accounting and security records.
  • Retention: as long as needed for the request, billing/legal duties, security, and reliability.

Retention

Retention follows the product lifecycle and the shorter security windows already built into the app.

Short-lived security items

  • Email verification tokens expire after 24 hours
  • Password-reset tokens expire after 1 hour

Account and workspace data

  • Account, prayer-profile, calendar-selection, preview, sync, and undo data is kept while the account remains active
  • Connected provider tokens are kept only while the calendar connection remains active, are stored encrypted at rest, and are deleted when the connection is disconnected
  • Support exchanges and technical logs may be retained for as long as reasonably needed to resolve issues, maintain security, or meet legal duties

Provider and billing data

  • Provider tokens are deleted when the related connection is disconnected or the account is deleted.
  • Stripe billing records and invoices may be retained for the legal accounting period handled through Stripe and JISRIFY records.
  • Operational logs are retained only as long as reasonably needed for security, troubleshooting, and reliability.

Recipients and hosting

Arihna Biha relies on a small number of service providers that are directly tied to the product.

Named service providers

  • Hetzner Online GmbH for European hosting infrastructure
  • Stripe for payments, subscriptions, invoices, billing portal access, and payment events
  • Resend for transactional and service emails
  • Cloudflare Turnstile for anti-abuse checks on sensitive flows
  • Sentry for error monitoring and reliability diagnostics when enabled

Provider and location services

  • Google and Microsoft for calendar connection and calendar operations initiated by the user
  • OpenStreetMap Nominatim for location search when a user looks up a place
  • IP geolocation providers such as ipwho.is or ipapi.co when location detection is used

International transfers

Some providers may process data outside the European Union or the European Economic Area.

Where a provider processes data internationally, Arihna Biha relies on the provider's published transfer safeguards, contractual protections, and any applicable adequacy decision or standard contractual clauses. Users can contact support for details about the providers involved in their account.

Google API data use and Limited Use

When a user connects Google Calendar, Arihna Biha uses Google user data only for the calendar features the user chooses in the product.

How Google data is used

  • Identify the connected Google account and show the account email in Arihna Biha
  • List Google calendars so the user can choose which calendars to read from or write to
  • Read calendar events only where needed to display connected agenda information or prepare user-requested calendar actions
  • Create, update, or delete only the prayer blocks the user asks Arihna Biha to manage
  • Request Google OAuth token revocation when the user disconnects a Google Calendar connection

Limited Use commitments

  • Google user data is not sold, transferred to advertising platforms, or used for retargeting, personalized ads, credit, or lending purposes
  • Google user data is not used to train generalized AI models or for unrelated analytics
  • Google user data is transferred only when necessary to provide or secure Arihna Biha, comply with law, or complete an action the user requested
  • Human access to Google user data is limited to support, security, legal, or operational needs and only where reasonably necessary

Arihna Biha's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Users can also review or remove Google provider authorization from Google Account permissions.

Microsoft Graph data use

When a user connects Outlook, Arihna Biha uses Microsoft Graph data only for the calendar features the user chooses in the product.

How Microsoft data is used

  • Identify the connected Microsoft account and show the account email in Arihna Biha
  • List Outlook calendars so the user can choose which calendars to read from or write to
  • Read calendar events only where needed to display connected agenda information or prepare user-requested calendar actions
  • Create, update, or delete only the prayer blocks the user asks Arihna Biha to manage
  • Use refresh tokens only to keep the user-selected calendar connection working until the user disconnects it

Microsoft data commitments

  • Microsoft calendar data is not sold, transferred to advertising platforms, or used for retargeting, personalized ads, credit, or lending purposes
  • Microsoft calendar data is not used to train generalized AI models or for unrelated analytics
  • Microsoft calendar data is transferred only when necessary to provide or secure Arihna Biha, comply with law, or complete an action the user requested
  • Human access to Microsoft calendar data is limited to support, security, legal, or operational needs and only where reasonably necessary

When a user disconnects Outlook inside Arihna Biha, stored local Microsoft tokens are removed. Users can also review or remove provider consent from their Microsoft account permissions or their organization's app permissions portal.

Your rights

Depending on the situation and applicable law, you may have rights of access, rectification, deletion, restriction, objection, and portability.

To exercise a privacy right, contact support@arihna-biha.com. We may ask for reasonable proof of identity before acting on a request. You may also lodge a complaint with the competent data protection authority, including the CNIL in France when applicable.