Privacy Policy for Sanctify App

Effective Date: 09/01/2025

Welcome to Sanctify. We are committed to protecting your privacy and ensuring transparency about how we collect, use, and store your information.

⸻

1. INFORMATION WE COLLECT

1.1 Account & Authentication Information
• Email address and password (for email/password authentication)
• OAuth data from third-party providers:
 • Google: Name, email, profile picture
 • Apple Sign-In: Name, email (or private relay email)
 • Facebook: Name, email, profile information
• Anonymous device identifiers for guest users (format: anon_{platform}{timestamp}{random}), stored locally until account creation

1.2 Spiritual & Personal Information
• Onboarding data: First name, preferred pronouns, age group

1.3 AI Chat & Spiritual Guidance Data
• Chat conversations with the AI spiritual assistant
• Prayer requests, questions, and AI-generated responses
• Bible verse references, conversation context, and metadata

1.4 Bible Study & Usage Data
• Daily verse interactions and reading history
• Chapter and verse access patterns, devotional engagement
• App feature usage metrics

1.5 Subscription & Payment Information
• RevenueCat customer ID, transaction and subscription status
• Product IDs, platform details, renewal/expiration dates

1.6 Technical & Device Information
• Device type, OS version, app version, platform
• Rate limiting metrics, error logs, crash reports

⸻

2. HOW WE USE YOUR INFORMATION

2.1 Core App Functionality
• Deliver personalized spiritual guidance based on your background
• Generate Bible-based responses tailored to your profile
• Provide daily verses and track growth through usage patterns
• Enable cross-device sync of your spiritual journey

2.2 AI Processing & Personalization
• Send anonymized chat data to OpenAI for guidance generation
• Include spiritual profile context for relevant responses
• Recommend Bible verses tailored to your spiritual needs

2.3 Subscription Management
• Process subscriptions via RevenueCat
• Validate subscription status and feature access
• Provide billing support through app store platforms

⸻

3. DATA SHARING & THIRD-PARTY SERVICES

3.1 AI Processing Partners
• OpenAI (ChatGPT)
• Data shared: Anonymized spiritual questions and context
• Purpose: Generate scriptural guidance
• Retention: Per OpenAI’s privacy policy

3.2 Authentication Providers
• Google, Apple, and Facebook for account creation and login

3.3 Backend & Infrastructure
• Supabase: Stores all user data, with Row Level Security enabled
• Data encrypted at rest and in transit

3.4 Subscription Processing
• RevenueCat: Manages and validates in-app purchases

3.5 Bible Content APIs
• PublicBibleAPI: Provide biblical text

⸻

4. DATA SECURITY & ENCRYPTION

4.1 Local Device Security
• iOS Keychain / Android Keystore for encrypted local storage
• Secure deletion on logout

4.2 Database Security
• Encrypted database (Supabase)
• HTTPS/TLS for all connections
• Row Level Security (RLS) to isolate user data

4.3 Anonymous User Protection
• No cross-device tracking
• Anonymous data deleted or migrated upon signup

⸻

5. DATA RETENTION & DELETION

5.1 Account Data
• Retained while active; deleted within 30 days of account deletion
• Subscription data may be retained for legal compliance (up to 7 years)

5.2 Chat & Spiritual Data
• Stored locally with encryption and deleted on logout/uninstall
• Retained in the database until account deletion

5.3 Anonymous User Data
• Automatically purged after 90 days or migrated upon signup

⸻

6. USER RIGHTS & CONTROLS

6.1 Data Access Rights
• Request data export in JSON format
• Download conversation history and usage logs

6.2 Data Deletion Rights
• Request full account deletion
• Selectively delete specific content

6.3 Data Portability
• Exports available in JSON and CSV
• Fulfilled within 30 days

⸻

7. SPECIAL CONSIDERATIONS FOR SPIRITUAL DATA

7.1 Sensitivity of Religious Information
• Treated as sensitive data
• Not used for advertising or profiling

7.2 AI Guidance Disclaimers
• Not a substitute for pastoral care
• Based on widely accepted Christian doctrine

7.3 Crisis Situations
• Links to emergency hotlines and professional referrals provided

⸻

8. CHILDREN’S PRIVACY (COPPA)

8.1 Age Restrictions
• Intended for users 13+
• Parental consent required under 13

⸻

9. INTERNATIONAL USERS

9.1 GDPR (EU)
• Legal basis: Consent and legitimate interest
• Data controller: Sacred Studios LLC
• Standard contractual clauses for transfers

9.2 CCPA (California)
• We do not sell personal data
• Right to know, delete, and opt out upheld

⸻

10. UPDATES & NOTIFICATIONS

10.1 Policy Changes
• Notice given via email and in-app messages 30 days in advance

10.2 Breach Notification
• Notified within 72 hours
• Reported per law

⸻

11. CONTACT INFORMATION

11.1 Privacy Inquiries
• Email: support@sacredstudios.org
• We aim to respond within 30 days

11.2 Data Protection Officer (DPO)
• Email: support@sacredstudios.org

⸻

Thank you for trusting Sanctify. We treat your data with the same care we offer our prayers.