Privacy Policy

1.1 Information you provide directly

• Account data: When you create an account we collect your email address, display name, and password (securely hashed and managed by Firebase Authentication; we never see or store your plain-text password).
• User-generated content: Journal entries, personal prayer intentions, prayer text, bookmarked Bible verses, reading progress, and conversations with the Seek & Learn companion.
• Spiritual journal data: During the daily check-in you may share how close you feel to God (a slider value), an emotional state, and a free-text reflection. This data is stored in your private account to generate your personal reflection and prayer.
• Preferences: Theme choice (dark/light/system), Bible translation preference, notification settings, and audio voice preference.

1.2 Information collected automatically

• Usage analytics: We use Google Analytics for Firebase to collect anonymous, aggregated data about which screens you visit, features you use, and session duration. This data does not identify you personally and is used solely to improve the App.
• Device information: Device type, operating system version, app version, and a randomly generated installation identifier for crash reporting (via Firebase Crashlytics).
• Activity data: We track which daily practices you complete (Scripture reading, Rosary, journal, prayer) to display your candle streak and activity history. This data is tied to your account and is never shared publicly.

1.3 Information we do NOT collect

• We do not collect precise geolocation data.
• We do not access your contacts, photos, camera, or microphone.
• We do not use advertising identifiers (IDFA) or run any ad network.
• We do not collect financial or payment information (the App is free).

• Provide and operate the service: Store your journal entries, prayers, bookmarks, reading progress, and activity so they persist across sessions and devices.
• Personalize your experience: Deliver daily content based on the Catholic liturgical calendar, display your prayer streak, and generate personalized reflections and prayers during the spiritual journal check-in.
• Generate content: When you use prayer composition, the spiritual journal, or the Seek & Learn companion, your input is processed to generate contextually appropriate responses. This processing happens on secure cloud infrastructure and your inputs are not used to train any models.
• Improve the App: Analyze aggregated, de-identified usage patterns to fix bugs, improve features, and plan new functionality. We never analyze the content of your journal entries or prayers for this purpose.
• Communicate with you: Send optional daily prayer reminders (only if you enable push notifications) and important service announcements (e.g., security updates, terms changes).
• Ensure security: Detect and prevent fraud, abuse, and unauthorized access to your account.

If you are in the European Economic Area (EEA), UK, or Switzerland, we process your data under these legal bases:

• Contract: Processing necessary to provide you the service you signed up for (account data, content storage, activity tracking).
• Legitimate interest: Analytics to improve the App, security measures to protect your account, crash reporting to maintain service quality.
• Consent: Push notifications (you can withdraw consent at any time in your device settings).

Your data is stored on Google Cloud Platform (Firebase / Cloud Firestore / Cloud Storage) in data centers located in the United States. We implement the following security measures:

• All data in transit is encrypted with TLS 1.2+.
• All data at rest is encrypted using AES-256 (Google-managed keys).
• Firebase Security Rules enforce that each user can only read and write their own data. No user can access another user's journal, prayers, or activity.
• Authentication is handled by Firebase Auth with secure token-based sessions.
• We conduct regular security reviews of our API endpoints and access controls.

Retention: We retain your account data for as long as your account is active. If you delete your account (available in App settings), we delete all associated personal data from our servers within 30 days, except where retention is required by law (e.g., financial records, legal disputes). Anonymous, aggregated analytics data that cannot identify you may be retained indefinitely.

We do not sell, rent, or trade your personal data. We share data only with the following categories of service providers, solely to operate the App:

• Google Cloud Platform / Firebase: Infrastructure provider for data storage, authentication, analytics, crash reporting, and content generation. Google processes data under its Data Processing Addendum.

We do not use third-party advertising networks, social media tracking pixels, or data brokers. We do not share the content of your journal entries, prayers, or spiritual reflections with any third party for marketing or commercial purposes.

We may disclose your data if required by law, subpoena, or court order, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Devote Good LLC, our users, or the public.

6.1 All users

• Access and export your data from within the App (journal export to PDF).
• Delete your account and all associated data from App settings.
• Update your profile information at any time.
• Opt out of push notifications in your device settings.

6.2 EEA, UK, and Swiss residents (GDPR)

In addition to the above, you have the right to:

• Access: Request a copy of all personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data (“right to be forgotten”).
• Restriction: Request that we limit processing of your data in certain circumstances.
• Portability: Receive your data in a structured, machine-readable format.
• Object: Object to processing based on legitimate interest.
• Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
• Lodge a complaint: With your local data protection authority.

6.3 California residents (CCPA/CPRA)

• Right to know what personal information we collect and how it is used.
• Right to request deletion of your personal information.
• Right to opt out of the sale or sharing of personal information. We do not sell or share your personal information.
• Right to non-discrimination for exercising your privacy rights.
• Right to correct inaccurate personal information.
• Right to limit the use of sensitive personal information. We use sensitive information (spiritual/religious data) only to provide the App's core functionality.

To exercise any of these rights, email us at connect@praylamp.com. We will respond within 30 days (or sooner where required by law).

Your data is processed and stored in the United States. If you access the App from outside the US, your data will be transferred to the US. For transfers from the EEA/UK, we rely on Google Cloud's Standard Contractual Clauses (SCCs) and supplementary measures as the legal mechanism for cross-border data transfers, in compliance with the GDPR.

The App is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at connect@praylamp.com and we will promptly delete it.

The praylamp.com website uses only essential, functional cookies required for the site to operate. We do not use advertising cookies, retargeting pixels, or third-party tracking scripts. We do not track your browsing activity across other websites.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top and, where appropriate, notify you via the App or email. Your continued use of the App after changes are posted constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy, want to exercise your data rights, or have a concern about how we handle your information: