Privacy Policy

Mizan is an open-source Progressive Web App (PWA) published by github.com/nmittra/mizan. It is not operated by a registered company. There is no organisation behind it — it is a personal project provided as-is.

None, on our end. Mizan has no backend, no database, and no user accounts.

The following data is created by you and stored on your device only using your browser’s built-in IndexedDB storage:

• Your selected mindset (Rationalist, Activist, or Stoic)
• Any principles you have bookmarked
• Any journal entries you have written
• Your reading progress per pillar

This data never leaves your device. It is not transmitted to any server, not backed up to the cloud, and not accessible to us or any third party.

Mizan makes one type of outbound network request: fetching Quran verse text from api.alquran.cloud. This API is publicly available, carries no authentication, and does not receive any personal data from your device. The only information transmitted is the surah and verse number being requested.

No other external requests are made. There are no analytics scripts, no advertising pixels, no error-reporting services, and no CDN-loaded resources.

Mizan does not use cookies. User preferences are stored in IndexedDB — a browser-native database that is scoped to this origin and is not a cookie. It cannot be read by other websites.

Depending on where you live, you may have legal rights regarding personal data — including under the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA), the Saudi Arabia PDPL, the UAE Federal Decree-Law No. 45 of 2021, Indonesia’s Law No. 27 of 2022, and similar laws.

Because all data is stored locally on your device and we never receive it, you are in full control at all times:

• Right of access: Use the “Export my data” button in Settings to download a JSON copy of everything stored on your device.
• Right to erasure: Use the “Delete all my data” button in Settings to permanently delete all locally stored data.
• Right to portability: The exported JSON file is in a standard, machine-readable format.

Because we hold no data about you, we cannot fulfil data subject requests on your behalf — there is nothing for us to provide, correct, or delete on any server.

Mizan does not knowingly collect data from anyone. Given our local-first architecture, this applies equally to users of all ages. The app contains no age-gating mechanism because no account or personal data is required to use it.

Mizan is served over HTTPS with strict security headers including Content-Security-Policy, Strict-Transport-Security, Cross-Origin-Opener-Policy, and X-Frame-Options. These headers prevent data injection, clickjacking, and cross-origin attacks.

Data stored in IndexedDB is protected by the same-origin policy of your browser. No other website can read it.

If this policy changes materially, the “Last updated” date above will be updated and a note will appear in the app. Because we hold no email addresses, we cannot notify you directly.

Questions or concerns about this policy can be raised as an issue at github.com/nmittra/mizan/issues.