Privacy Policy

1. Information We Collect

Account information: email address and an encrypted password handled by our authentication provider. We do not see or store your password in plain text.

Journal content: emotions you select, written reflections, prayer requests, handwriting drawings, and any media you choose to add. Entries are tied to your user account and synced across your devices.

Activity data: study-plan progress, Bible highlights, song listening history, recommendation history, and prayer request follow-ups. This data is stored in the cloud so you can resume activity on any signed-in device.

Community posts: any prayer request, encouragement, comment, or report you submit to the community wall, along with a pseudonymous handle (e.g., "Prayer Warrior #1234").

Device & technical data: language preference, app version, platform (iOS, Android, or web), basic diagnostic logs, and locally cached content (devotionals, translations, highlights).

Subscription data: purchase status and entitlement information from Apple, Google, or RevenueCat. We do not receive or store your full payment card details.

2. How We Use Your Information

• Provide core features: journaling, Scripture, devotionals, study plans, music previews, and AI prayers.
• Personalize Scripture, song, and devotional recommendations based on your most recent emotional input.
• Operate the community prayer wall, including reporting, moderation, and safety review.
• Verify and manage your subscription entitlement.
• Improve performance, fix bugs, and prevent abuse.
• Communicate important account, security, or service messages.

3. AI-Generated Content

Personalized prayers, chapter summaries, and devotionals are generated by third-party large language models (currently Google Gemini, accessed through the Lovable AI Gateway). When you request generated content, the inputs needed for that request (such as a selected emotion, verse reference, or song title) are sent to the model provider. We do not send your full journal entries or identifying information to model providers, and these requests are not used by us to train AI models. AI output is offered as encouragement and is not a substitute for pastoral, medical, or professional advice.

4. Third-Party Services

• Authentication & database: our managed backend (Lovable Cloud, powered by Supabase) stores your account, journal entries, and community posts with row-level security.
• Bible text: the AO Lab Free Use Bible API provides Scripture in English, Spanish, French, and Portuguese translations.
• Music previews: 30-second previews and metadata come from Apple Music via Apple MusicKit. Apple may collect data per its own policies.
• Subscriptions: billing is processed by Apple App Store, Google Play, or RevenueCat. Their terms and privacy policies govern those transactions.
• AI: Google Gemini models accessed via the Lovable AI Gateway.

5. Community Wall & Safety

The community wall is shared with other users of the app. Do not post personally identifying information you do not want others to see. Posts are attributed to a pseudonymous handle, not your email. We use an automated profanity and self-harm filter, and users can report content. We may remove posts, restrict accounts, or contact emergency resources when there is a credible risk of harm.

6. Cloud Sync & Device Storage

To enable seamless use across devices, your journal entries, study-plan progress, prayer requests, and highlights are stored in our managed cloud database and synced to each device you sign into. Cloud data is encrypted in transit (TLS/HTTPS) and at rest. While signed in, a local copy is cached on your device for offline access and performance. When you sign out, sensitive local data is cleared from that device, but your cloud copy remains available for the next sign-in. You may also clear app data from your device settings.

7. Data Sharing

We do not sell your personal information. We do not share your journal entries, prayers, or emotional check-ins with advertisers. We share data only with the service providers listed above to the extent needed to operate the app, or when required by law, valid legal process, or to protect the rights, safety, and property of our users or the public.

8. Data Retention

We retain account and journal data for as long as your account is active. You may delete individual journal entries or community posts at any time. If you request account deletion, we remove your personal data from our active systems within 30 days, except where retention is required for legal, security, or fraud-prevention reasons.

9. Your Rights

Depending on where you live (including under the GDPR, UK GDPR, and CCPA/CPRA), you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, contact us using the details below. We will respond within the timeframes required by applicable law.

10. Children's Privacy

The app is intended for users 13 years of age and older (16 in the European Economic Area). We do not knowingly collect personal data from children below these ages. If you believe a child has provided us data, contact us and we will delete it.

11. Security

We use encryption in transit (TLS/HTTPS), encrypted storage at rest, row-level security (RLS) policies that restrict every database row to its owning user, and authenticated access controls. No system is perfectly secure; please use a strong, unique password, keep your sign-in credentials confidential, and notify us if you suspect unauthorized access to your account.

12. International Transfers

Our service providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses for cross-border transfers.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated in the app or by email. Continued use after an update means you accept the revised Policy.

14. Contact Us

Questions, requests, or concerns? Email privacy@rootedinfaithai.com.