Privacy Policy

Provider: [LEGAL ENTITY NAME] · Effective: [DATE] · Version: [v1.0]

Draft for legal review — not yet effective. Replace every [BRACKETED] placeholder and have counsel review and localize before publishing.

We collect as little as possible, never sell personal data, and keep your faith activity private to you. The app has no public posting or messaging.

1. Who is responsible

[LEGAL ENTITY NAME], [address], [email], is the data controller. [Appoint an EU/UK representative and/or DPO if thresholds are met.]

2. What we collect

Account data: your email and/or the identifier from Google/Apple sign-in, and authentication metadata.
Profile: your chosen display name; consents and consent timestamps.
Your faith activity (private to you): journal entries, prayer intentions, bookmarked days, and your “I prayed” taps on curated communal intentions.
Preferences: reminder time and theme (stored on your device).
Diagnostics: crash and basic performance data via Firebase Crashlytics [and analytics, if/when enabled].

We do not collect contacts, precise location, or advertising identifiers, and the app has no public posting, so your activity is not exposed to other users.

3. Special-category (religious) data

Your use of the app reveals religious beliefs and activity, which is special-category data under GDPR Article 9. Our lawful basis for processing it is your explicit consent, requested separately at onboarding. You may withdraw consent at any time; withdrawing means deleting the related data.

4. Why we process data

To provide the app’s features to you (service / consent).
To secure the service and prevent abuse (legitimate interests).
To diagnose crashes and improve reliability (legitimate interests / consent where required).
To send the optional daily reminder (consent — you enable it).

5. Processors & third parties

We use Google Firebase (Authentication, Cloud Firestore, Cloud Functions, Hosting, Cloud Messaging, Crashlytics) as our backend and Apple/Google for optional sign-in. These act as our processors/sub-processors. [List all processors + roles; confirm font delivery; add a DPA reference.] We do not sell or share personal data for advertising.

6. International transfers

Data may be processed on servers outside your country (e.g., the United States). [Transfer mechanism — Standard Contractual Clauses, etc.]

7. Retention

We keep your data while your account is active. When you delete your account, we delete your profile, journals, prayer intentions, bookmarks, and prayer taps. [Backup retention window; legal-hold exceptions.]

8. Your rights

You may have rights to access, export, correct, and delete your data, and to withdraw consent. The app provides self-service Export my data and Delete account in Settings. For other requests, contact [email].

EEA/UK (GDPR): the rights above, plus the right to lodge a complaint with a supervisory authority.
California (CCPA/CPRA): rights to know, delete, correct, and to opt out of “sale”/“sharing” — we do not sell or share personal information. [Confirm applicability + disclosures.]

9. Security

We use role-based access controls and server-enforced security rules, restrict internal access, and never expose your identity beyond your chosen display name. No system is perfectly secure.

10. Children’s privacy

The app is not directed to children under [age], and we do not knowingly collect their data. [Describe COPPA handling / parental consent.]

11. Changes

We will post changes here and, for material changes affecting your data, ask you to re-consent in the app.

12. Contact

Privacy questions: [email] · [mailing address].