Privacy Policy

1. Summary

In plain language:

• You can use the core App without creating an account.
• Many personal habit and study entries are stored locally on your device and/or in your personal iCloud, depending on your settings and platform.
• If you create an account, we use Supabase to provide account, profile, friendship, feed, reaction, challenge, and privacy-setting features.
• You can choose what types of activity may appear in your friends feed.
• We use TelemetryDeck for privacy-friendly usage analytics.
• We use RevenueCat to manage subscription access across platforms.
• Subscriptions and payments are processed by Apple and/or Google. We do not receive your full payment card details.
• We do not sell your personal data.
• We do not use analytics for third-party advertising tracking.

2. Information We Collect

2.1 Information You Enter in the App

The App may allow you to enter information such as:

• habits, goals, routines, and progress;
• study logs;
• notes or experiences;
• notification preferences;
• app settings;
• progress and streak data.

Depending on the feature and your settings, this information may be stored:

• locally on your device;
• in your personal iCloud account, if iCloud sync is enabled and available;
• in Supabase, if the information is part of an optional account or social feature.

We do not use your personal notes, experiences, or study content for advertising.

2.2 Optional Account Data

If you create an account, we may collect and process account-related information, including:

• email address;
• user ID;
• authentication/session data;
• account creation date;
• login-related metadata handled by Supabase;
• password reset and email confirmation data.

Passwords are handled by Supabase Auth. We do not store or see your plain-text password.

Account features are used to provide optional social and cloud-based functionality.

2.3 Profile Data

If you create a profile, you may provide or generate profile-related information such as:

• display name;
• username;
• selected avatar;
• optional profile text or bio;
• optional favorite Bible text;
• points or progress snapshots;
• number of tracked habits;
• longest streak or similar progress summaries.

Some profile information may be visible to other users depending on your privacy settings, friendship status, and app functionality.

You should not include sensitive information in profile fields if you do not want other users to see it.

2.4 Friends, Feed, Reactions, and Challenges

If you use the optional social features, we may process data related to:

• friend requests;
• friendships;
• friend removal or cancellation;
• activity feed events;
• emoji reactions;
• streak challenges;
• challenge invitations, status, and progress;
• daily completion summaries used for streak challenges;
• visibility and sharing preferences.

Feed events are designed to store limited progress summaries, not your full private habit history.

Examples of activity types that may be shared with friends, depending on your settings:

• habit completions;
• streak milestones;
• Faith House level progress;
• unlocked achievements.

The App includes privacy settings that allow you to control which supported activity types may appear in your friends feed.

The feed is intended for friends only. It is not designed as a public global feed.

2.5 Privacy Settings

We store privacy settings connected to your account, such as whether certain information or activity types may be visible to friends. These settings may include, for example:

• whether your feed activity is visible to friends;
• whether habit completions may be shared;
• whether streak milestones may be shared;
• whether Faith House levels may be shared;
• whether achievements may be shared;
• whether profile, stats, challenges, or favorite Bible text may be visible.

Some visibility settings may need to be readable by authenticated users so the App can correctly respect your sharing choices.

2.6 Anonymous or Privacy-Friendly Usage Analytics

We use TelemetryDeck to understand how the App is used and to improve onboarding, usability, and features. Examples of analytics events may include:

• app starts;
• onboarding screen views;
• paywall views;
• feature usage events;
• purchase success events, such as subscription period, without payment card details;
• general funnel and conversion information.

TelemetryDeck is designed to process analytics in a privacy-preserving way, including anonymization or hashing of identifiers.

We do not send your personal notes, experiences, study content, private habit names, or private journal content to TelemetryDeck.

2.7 Subscription and Payment Data

Subscriptions may be processed through:

• Apple App Store / StoreKit;
• Google Play Billing;
• RevenueCat, for subscription entitlement and subscription status management.

We do not receive or store:

• full credit card numbers;
• full billing addresses;
• Apple ID credentials;
• Google account credentials.

Apple, Google, and RevenueCat may process purchase-related information according to their own privacy policies.

We may receive subscription-related information such as:

• subscription status;
• product identifier;
• purchase date;
• renewal status;
• trial status;
• platform;
• anonymized or app-specific customer identifiers.

This data is used to unlock paid features, manage subscriptions, support purchases, and understand subscription performance.

2.8 Support Requests

If you contact us by email or another support channel, we may process information you provide, such as:

• your email address;
• your message;
• screenshots or diagnostic information you choose to send;
• information needed to resolve your request.

We use this information only to respond to your request and provide support.

3. How We Use Information

We use information to:

• provide the App and its features;
• create and manage optional accounts;
• enable profiles, friends, feed, reactions, and challenges;
• apply your privacy and sharing settings;
• sync or restore account-based data where applicable;
• provide subscriptions and premium access;
• improve onboarding, usability, stability, and performance;
• detect, prevent, and respond to misuse, abuse, fraud, or technical issues;
• respond to support requests;
• comply with legal obligations.

We do not sell, rent, or trade your personal data.

4. Legal Bases for Processing

If you are in the EU/EEA or a similar jurisdiction, we process personal data based on one or more of the following legal bases:

• Contract performance: to provide the App, account features, subscriptions, and requested services.
• Consent: where you choose to enable optional features, analytics where required, notifications, or sharing settings.
• Legitimate interests: to maintain security, improve the App, prevent abuse, and provide support.
• Legal obligations: where we are required to retain or process certain information by law.

5. Optional Social Sharing

Social features are optional.

If you choose to use them, certain information may be visible to other users, especially friends. This may include profile information, selected progress summaries, reactions, or challenge-related information.

You can control supported activity sharing through the App's privacy settings.

Please remember that if another user can view information you shared, they may see, remember, screenshot, or otherwise save that information outside the App. You should not share information that you consider highly sensitive.

6. iCloud Sync

If iCloud sync is available and enabled:

• certain local App data may be stored in your personal iCloud account;
• iCloud data is associated with your Apple ID;
• iCloud behavior is governed by Apple's privacy terms and settings.

We cannot directly access the contents of your personal iCloud account.

7. Third-Party Services

The App may use third-party services to provide functionality, analytics, subscriptions, authentication, hosting, and email delivery. These may include:

• Apple App Store / StoreKit for iOS subscriptions and purchases;
• Google Play Billing for Android subscriptions and purchases;
• RevenueCat for subscription entitlement and subscription status management;
• Supabase for optional account, authentication, profile, social, feed, privacy settings, and database functionality;
• Resend for transactional email delivery, such as confirmation and password reset emails;
• TelemetryDeck for privacy-friendly usage analytics;
• Apple iCloud, if iCloud sync is enabled.

Each provider processes data according to its own terms and privacy policy.

We aim to choose providers that are appropriate for the functionality they provide and to limit data sharing to what is necessary.

8. Authentication Emails

If you create an account or use account-related features, we may send transactional emails, such as:

• email confirmation;
• password reset;
• magic link sign-in;
• email change confirmation;
• security or reauthentication codes.

These emails may be sent through Supabase and Resend.

Transactional emails are necessary to provide account security and account access features.

9. Tracking and Advertising

We do not use your data for third-party targeted advertising.

We do not sell your data to advertisers or data brokers.

We do not use Apple's IDFA for analytics.

We do not use TelemetryDeck, Supabase, RevenueCat, or Resend to track you across unrelated apps or websites for advertising purposes.

10. Data Security

We use reasonable technical and organizational measures to protect data, including:

• secure communication with backend services;
• authentication and access controls;
• row-level security rules for account-based data;
• limited access to backend systems;
• minimizing the amount of data collected;
• using established service providers for authentication, database, payments, analytics, and email delivery.

No system can be guaranteed to be completely secure. You are responsible for keeping your login credentials safe.

11. Data Retention

We retain information only as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Examples:

• local data remains on your device until you delete it or uninstall the App;
• iCloud data remains in your iCloud account according to your Apple/iCloud settings;
• account data remains while your account exists;
• social data such as friend connections, feed events, reactions, and challenges may remain while your account exists or until deleted through App functionality;
• support emails may be retained as needed to handle your request and maintain records;
• analytics data may be retained in aggregated or privacy-preserving form.

12. Account Deletion

If you created an account, you may be able to delete it through the App or by contacting us.

Deleting your online account may delete or remove:

• your Supabase account;
• profile data;
• privacy settings;
• friend requests and friendships;
• feed events;
• reactions;
• streak challenges;
• other account-based social data.

Deleting your online account does not necessarily delete local data stored only on your device, unless the App explicitly offers and you choose such an option.

Some information may be retained where required for legal, security, fraud prevention, dispute resolution, or legitimate business purposes.

13. Your Rights

Depending on your location, including the EU/EEA, you may have rights such as:

• access to your personal data;
• correction of inaccurate data;
• deletion of your data;
• restriction of processing;
• objection to certain processing;
• data portability;
• withdrawal of consent where processing is based on consent;
• lodging a complaint with a data protection authority.

You can manage some information directly in the App, such as profile information, privacy settings, and account deletion where available.

For additional requests, contact us using the details below.

14. Children's Privacy

The App is not intended for children under 16 years old or the minimum age required in your country.

We do not knowingly collect personal data from children below the required age.

If we learn that we have collected personal data from a child without proper authorization, we will take appropriate steps to delete it.

15. International Data Processing

Some service providers may process data in different countries. Where data is transferred internationally, we rely on appropriate safeguards where required by applicable law.

We aim to use service providers and configurations that are suitable for users in the EU/EEA where possible.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make significant changes, we may notify you inside the App, by email, or by another appropriate method.

Continued use of the App after changes means you accept the updated Privacy Policy.

17. Contact

If you have any questions, requests, or concerns about this Privacy Policy, please contact: