Introduction
Prayfully ("we," "us," "our," or "Company") respects your privacy and is committed to protecting it. This Privacy Policy explains how we collect, use, disclose, and otherwise handle your information when you use our mobile application, website (prayfully.net), and related services (collectively, the "Service").
Please read this policy carefully. By accessing or using Prayfully, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree with our practices, please do not use our Service.
1. Information We Collect
We collect information in the following ways:
1.1 Information You Provide
- Account Information: When you create an account, we collect your email address and display name.
- Profile Information: Your username and any other information you choose to add to your profile.
- Prayer Journal Entries: The personal prayer journals and entries you create within the app.
- Prayer Preferences: Your settings and preferences related to prayers, prayer frequency, and notification preferences.
- Prayer Circle Activity: Any posts, comments, and interactions you make within prayer circles or community features.
- Subscription Data: Information related to your subscription status and purchase history (processed through RevenueCat).
1.2 Information Collected Automatically
- Push Notification Tokens: We collect push notification tokens to send you prayer reminders and notifications you have opted to receive.
- Device Information: Basic device information (device type, operating system version) for analytics and to ensure compatibility.
- Usage Analytics: Information about how you use the app, including features accessed and user flow patterns, to help us improve the Service.
- Log Data: Server logs that may include IP address information, device identifiers, and access timestamps.
1.3 Information from Third-Party Services
We use third-party services that may collect information on our behalf:
- Supabase: For authentication and secure data storage. Supabase collects data necessary to verify your identity and store your account information.
- RevenueCat: For subscription and payment processing. RevenueCat processes subscription transactions and may collect payment-related information in accordance with its privacy policies.
- Expo Push Notifications: For delivering notifications. Expo receives push tokens but does not store personal identifying information.
2. Sensitive Personal Information
2.1 What Qualifies as Sensitive
Some of the information you provide to Prayfully — including the prayers, journal entries, and prayer requests you write, and your engagement with religious content within the Service — relates to your religious or philosophical beliefs. Under the EU and UK General Data Protection Regulation this is a special category of personal data (Article 9). Under the California Consumer Privacy Act it is Sensitive Personal Information.
2.2 Lawful Basis (EEA / UK / Switzerland)
We process this information on the basis of your explicit consent, which you provide at account creation by ticking a dedicated, separate checkbox acknowledging that you understand Prayfully will process information about your religious beliefs to deliver the Service. You may withdraw this consent at any time by deleting your account, which removes all such information from active systems within 30 days.
2.3 California — Limited Use
California users have the right to limit the use and disclosure of Sensitive Personal Information. Prayfully uses your Sensitive Personal Information only to (i) provide the Service you signed up for, (ii) maintain account security, and (iii) comply with law. We do not use it to infer characteristics about you, we do not sell or share it for cross-context behavioral advertising, and we do not disclose it to third parties for any purpose other than the limited service-provider arrangements described in “How We Share Your Information.”
2.4 What We Do Not Do
We do not use your prayer content, journal entries, or other religious information to train machine-learning models, to target advertising, or to build profiles for marketing purposes.
3. How We Use Your Information
We use the information we collect for the following purposes:
- To create, maintain, and manage your account and access to the Service
- To deliver the core functionality of Prayfully, including prayer journaling, prayer circles, and community features
- To send push notifications and reminders based on your preferences
- To process subscriptions and manage your subscription status
- To improve and optimize the Service through analytics and usage insights
- To respond to your inquiries and provide customer support
- To comply with legal obligations and enforce our Terms of Service
- To detect, prevent, and address fraud, abuse, and security issues
- To communicate important updates about the Service
4. How We Share Your Information
4.1 Service Providers and Sub-Processors
We share information with third-party service providers ("sub-processors") who perform services on our behalf. Each sub-processor is bound by a written agreement and may only process your information for the purposes described below.
| Provider | Purpose | Data Categories | Processing Location | Retention |
|---|---|---|---|---|
| Supabase, Inc. | Authentication, database, and file storage | Account identifiers, prayer and journal content, prayer circle data, push tokens | United States | Duration of account; deleted within 30 days of account deletion |
| RevenueCat, Inc. | Subscription management and entitlement verification | Anonymous user ID, subscription status, transaction metadata (no payment card data) | United States | Duration of account; subscription history retained per RevenueCat's policy |
| Apple Inc. (Sign in with Apple) | Federated authentication | Apple-issued identifier, optionally relayed email address | United States | Duration of account |
| PostHog, Inc. | Product analytics and usage insights | Anonymous device identifier, screen views, feature events (no prayer or journal content) | United States | Up to 12 months |
| Functional Software, Inc. (Sentry) | Crash and error monitoring | Device model, OS version, stack traces, anonymized error context (sensitive fields are scrubbed before transmission) | United States | Up to 90 days |
| Expo (650 Industries, Inc.) | Push notification delivery and over-the-air updates | Push notification token, app version metadata | United States | Duration of account or until token is invalidated |
Where a sub-processor processes information outside your country of residence, that transfer is subject to applicable safeguards described in our data processing arrangements with that provider.
We will provide at least 15 days' advance notice on this page before adding or replacing a sub-processor that materially changes how your information is processed.
4.2 Legal Requirements
We may disclose information when required by law, including in response to subpoenas, court orders, or other legal processes, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4.3 Data We Do Not Sell
We do not sell, trade, or otherwise transfer your personal information to third parties for commercial purposes. Your data is never sold to marketing companies, data brokers, or other entities for profit.
4.4 Prayer Circle and Community Features
When you participate in prayer circles or post public comments within the app, that information is visible to other members of those circles or communities as part of the Service's design. Please be mindful of what you share in these community spaces.
5. Data Storage and Security
5.1 Data Location
Your data is stored in the United States through Supabase's cloud infrastructure. By using Prayfully, you consent to the transfer and storage of your information in the United States.
5.2 Security Measures
We implement industry-standard security measures to protect your information, including:
- Encryption in transit (HTTPS/TLS) for all communications
- Encryption at rest for sensitive data stored on our servers
- Access controls and authentication mechanisms through Supabase
- Regular security monitoring and updates
However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your information, but we strive to use reasonable and appropriate measures to protect your data.
6. Data Retention
We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. When you delete your account (see Section 9), we will remove your personal data from active systems within 30 days, though some data may be retained in backups for a reasonable period for recovery and legal compliance purposes.
7. Your Rights and Choices
7.1 Access and Portability
You have the right to request access to your personal information and to understand how it is being used. You may also request a copy of your data in a portable format.
7.2 Correction
You can update, correct, or modify your account information at any time through the app settings.
7.3 Deletion
You have the right to request deletion of your account and associated personal data. You can delete your account directly through the app by accessing your account settings and selecting the account deletion option. This will permanently remove your profile, prayer entries, and personal information from our systems (with exceptions for legally required retention).
7.4 Opt-Out of Communications
You can manage your notification preferences within the app settings at any time. You can disable push notifications or adjust the frequency of prayer reminders.
7.5 Opt-Out of Analytics
You can opt out of certain analytics collection through your device settings or by contacting us at support@prayfully.net.
8. CCPA and GDPR Compliance
8.1 California Privacy Rights (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You can request what personal information we collect, use, and share.
- Right to Delete: You can request deletion of personal information we have collected from you.
- Right to Opt-Out: You can opt out of the sale or sharing of your personal information. We do not sell your data, but you may still exercise this right.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise these rights, please contact us at support@prayfully.net with your request.
8.2 European Privacy Rights (GDPR)
If you are in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
- Right of Access: You can request access to your personal data.
- Right to Rectification: You can correct inaccurate or incomplete personal data.
- Right to Erasure: You can request deletion of your personal data ("right to be forgotten").
- Right to Restrict Processing: You can request limitation of how we process your data.
- Right to Data Portability: You can request your data in a structured, commonly used format.
- Right to Object: You can object to certain processing activities.
To exercise these rights, please contact us at support@prayfully.net. We will respond to your request within 30 days.
9. Account Deletion
You can permanently delete your Prayfully account at any time using the account deletion feature in the app:
- Open the Prayfully app
- Navigate to your account settings
- Scroll to the bottom and select "Delete Account"
- Confirm your decision (this action cannot be undone)
Once you delete your account, your email address, display name, prayer journal entries, and community posts will be permanently removed from the Service. Your subscription (if applicable) will be automatically cancelled.
10. Children's Privacy and Minimum Age
10.1 Minimum Age
Prayfully is intended for users 16 years of age or older. We do not knowingly permit anyone under 16 to create an account or use the Service, regardless of jurisdiction.
10.2 Age Verification
When you create an account, we ask for your year of birth to confirm you meet the minimum age. We collect year of birth only — not your full date of birth — to minimize the personal information we hold about you. If the year you provide indicates you are under 16, account creation is blocked.
10.3 If We Learn a User Is Under 16
If we become aware that an account belongs to someone under 16 — whether through a report, a parent's request, or our own review — we will promptly deactivate the account, delete the associated personal information, and retain only a minimal record (account identifier, date of deletion, and the basis for our determination) for up to three years to demonstrate our compliance, after which that record is also deleted.
10.4 Parents and Guardians
If you believe a child under 16 has provided us with personal information, please contact us at privacy@prayfully.net. We will respond within 30 days and, where the child is confirmed to be under 16, delete the information without further verification of parental status.
10.5 United States — COPPA
Because Prayfully is not directed to children under 13 and we do not knowingly collect information from them, the Children's Online Privacy Protection Act (“COPPA”) obligations regarding verifiable parental consent do not apply. We rely on the year-of-birth gate as our reasonable measure to avoid actual knowledge of underage users.
10.6 European Economic Area, United Kingdom, and Switzerland
Article 8 of the GDPR (and equivalent UK and Swiss provisions) requires verifiable parental consent for users under the age set by each member state, which ranges from 13 to 16. Our 16+ floor is set above the highest applicable threshold, which removes the need for parental-consent workflows.
10.7 Quebec
Under Quebec's Law 25, users aged 14 and over may consent to the processing of their own personal information. All Prayfully users are 16 or older and therefore consent on their own behalf.
10.8 California — Minors
California's Age-Appropriate Design Code (CA AADC) imposes heightened obligations on services likely to be accessed by users under 18. Because some of our users will be 16 or 17, we apply data minimization and privacy-protective defaults globally and have completed an internal Data Protection Impact Assessment for this group.
11. Third-Party Links and Services
Prayfully may contain links to third-party websites or services that are not operated by us. This Privacy Policy applies only to information we collect through our Service. We are not responsible for the privacy practices of third-party services, and we encourage you to review their privacy policies before providing information to them.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable laws. We will notify you of material changes by updating the "Last Updated" date at the top of this policy and, when appropriate, by sending you an email notification or displaying a prominent notice in the app. Your continued use of Prayfully after such modifications constitutes your acceptance of the updated Privacy Policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
We will do our best to address your inquiry within 10 business days.
14. Data Subject Rights Requests
For GDPR or CCPA data subject access requests, please submit your request in writing to support@prayfully.net. Please include sufficient information to allow us to identify you and your request. We will respond within 30 days or as otherwise required by law.
15. International Users
If you access Prayfully from outside the United States, please be aware that your information may be transferred to, stored in, and processed in the United States. U.S. data protection laws may not provide the same level of protection as those in your home country. By using Prayfully, you consent to this transfer and processing of your information.
Important Note on Spiritual Content
Prayfully is a spiritual and religious application. The information you share—including prayers, meditation practices, and spiritual beliefs—is particularly sensitive. We treat this information with the utmost care and respect for your privacy and your spiritual practice.