Privacy Policy

1. Scope

This Policy explains what data we process, for what purposes, on which legal bases, how long we keep it, with whom we share it, and your rights. We do not sell personal data.

2. Data we process

• Account: name/alias, e‑mail (and password hash if you sign in by e‑mail), language/region.
• Religious preferences (special category in the EEA): the tradition/religion you select for personalization; spiritual entries you write (prayers, reflections/“confessions”, intentions, affirmations). Processed only with your explicit consent, which you can withdraw by requesting account deletion or contacting us.
• Loved Ones & PrayMary Tree: names/relations/dates you add (manual entry; we do not import device contacts).
• Events you create in our internal calendar (manual entry; we do not access your device calendar).
• AI chat voice dictation (optional): if you choose to speak in the AI chat, your audio is transcribed to generate a response; you can always type instead.
• Technical & transactional: device/OS, app version, push token, region/language, crash logs (via a third‑party crash reporting provider), and subscription/in‑app transaction metadata from app stores (we do not receive full card data).
• Analytics & attribution: minimal analytics and campaign performance/attribution via a third‑party analytics provider to understand feature usage, measure campaigns and improve quality.

The App is not intended for persons under 13. If you live in a country where a higher age is required to use online services without parental consent (for example, in most EEA countries and the UK), you may use the App only once you meet that higher age or have verifiable consent from your legal representative. We do not knowingly collect personal data of persons who have not reached the applicable age.

3. Purposes of processing

• Provide and personalize App features
• Send notifications and reminders
• User support and responses to requests
• Analytics, debugging and service quality improvement (including campaign attribution)
• Compliance with law, protection of rights and fraud/abuse prevention

We do not sell personal data.

4. Legal bases & special category consent

• Contract: to provide and personalize features you use
• OS permissions (device‑level): authorizations you grant in your device settings (e.g., Microphone for AI chat dictation; Notifications for reminders and service messages)
• Explicit consent (GDPR Art. 9(2)(a)): processing of religious preferences/spiritual entries
• Legitimate interests: security, fraud prevention, service quality (analytics and crash logs)
• Legal obligations: accounting/tax

Note: OS permissions are technical authorizations to use specific device functions and do not by themselves constitute GDPR consent. Where GDPR consent is required (for example, for special‑category data), we rely on your explicit consent; otherwise our legal bases are contract, legitimate interests or legal obligation as described above.

Providing information about your religious or spiritual beliefs and creating spiritual records, prayers and similar content in the App is entirely voluntary. Some features may depend on such content being present, but you control what you enter and when you delete it.

You may delete individual items at any time (for example, specific prayers, spiritual notes or Family Tree entries), and you may also delete your account entirely, which will result in deletion of associated user content, except where we must retain certain data under law or for legitimate grounds.

5. Sharing & processors

We use processors for hosting, analytics, crash reporting, push, text‑to‑speech, payments (Apple/Google) and AI processing (e.g., OpenAI API). Where possible, we configure providers not to use API data for model training and to retain logs only as needed for abuse monitoring.

6. International transfers

Where data is transferred outside your jurisdiction (e.g., EEA/UK → U.S.), we use Standard Contractual Clauses (SCCs) and, where applicable, adequacy frameworks such as the EU–U.S. Data Privacy Framework (DPF), plus technical/organizational measures (encryption in transit, access controls, logging).

7. Security

We implement reasonable technical and organizational measures including encryption in transit, access controls, logging, least‑privilege access, backups and recovery, and periodic reviews. However, no system can be absolutely secure.

8. Your rights (GDPR)

• Right of access
• Right to rectification
• Right to erasure (“right to be forgotten”)
• Right to restriction of processing
• Right to object to processing
• Right to data portability
• Right to withdraw consent (including consent for processing religious preferences)

You also have the right to lodge a complaint with a data protection authority.

We will respond to your request without undue delay, typically within one month of receiving it. Where necessary, this period may be extended by a further two months taking into account the complexity and number of requests. In that case, we will inform you of any extension and the reasons for it within one month of receiving your request.

9. Retention

• Account & spiritual content: until you delete the account (or request deletion)
• Crash logs: ~180 days; analytics: 12–24 months (aggregated/pseudonymized)

10. Permissions & notifications

We request the Microphone only for AI chat voice dictation and Notifications for reminders and service messages; both can be disabled at any time in OS settings. Promotional push notifications are sent only with a separate opt‑in. We do not request access to your device Contacts or Calendar.

11. Cookies & identifiers (SDKs)

Mobile SDKs/identifiers (e.g., app/device identifiers) may be used for analytics, performance, and campaign attribution. Manage permissions in your device settings. We do not engage in cross‑context behavioral advertising.

12. AI & automated decision‑making

Some features rely on AI technologies. We do not make legally significant decisions based solely on automated processing. You may object to profiling related to personalization of prayers/audio content.

13. Feature‑specific notes

• Audio prayers & subtitles: provided for inspiration/study; not official or canonical; translations/transliterations may vary.
• Religious library (books): provided for study; not official doctrinal publications unless explicitly stated.
• Events calendar: entries are created by you inside the App; we do not access your device calendar.
• Soul Reset: self‑reflection tool; not a sacrament/ritual; not psychological or medical care.
• Soulmates & Family Tree: you add data manually; lists are private and not imported from Contacts.
• Spiritual Letter Service: personal affirmations/remembrance; does not transmit messages to the deceased.
• Best Flight: one‑minute prayer playback; symbolic support only.
• Auto Prayers: notification‑based reminders; no canonical effect.
• Light of Faith: on‑screen prayer subtitles with optional background music; we do not record your voice in this feature.
• Voice of Faith (AI chat): if you enable dictation, audio is transcribed to text to generate a response; you can always type instead.
• System share: when you share content outside the App via the OS share sheet, third‑party apps process that content under their own policies.

14. Store disclosures

We complete App Store Privacy and Google Play Data Safety disclosures to reflect actual data collection/use, encryption in transit, deletion options (including web account deletion), and sensitive categories (religious beliefs).

15. Changes

We may update this Policy; material changes will be notified in‑App or on our website.

16. Third-party AI service

When you use our chatbots, we use OpenAI to generate responses. We may share with OpenAI: (1) your message text, (2) recent chat messages to provide context, and (3) settings such as language, selected religion, and other parameters. We use this data solely to provide AI-generated responses.

16. Contacts & requests

For privacy questions, GDPR/CCPA requests and complaints: info@praymory.com. We may request identity verification to process your request.