Privacy Policy

By using the Services, you acknowledge that you have read and understand this Privacy Policy. If you do not agree, please do not use the Services.

1. Information We Collect

We collect information that you provide directly, that is generated when you use Generous Prayer, and that comes from your device or integrations you enable. We group this information as follows.

1.1 Account and profile information

• Identity and contact details: name and email address used to register and sign in.
• Profile details: birthdate, city or general location you choose to share, and an optional avatar photo.
• Credentials and security: authentication data processed through our identity provider (for example, hashed passwords or tokens—we do not store plaintext passwords where our systems are designed to avoid it).

1.2 Prayer content and community activity

• Prayer requests: text you submit, including titles, descriptions, and updates you add to requests.
• Audio recordings: voice prayer requests and prayer voicemails you record and upload or store through the Services.
• Comments and responses: comments, reactions, or other responses tied to prayer content, where those features are available.
• Prayer updates: follow-up messages or status updates you associate with a request.

1.3 Usage, spiritual health, and engagement data

• Prayer participation: records of prayers you join, offer, or complete within the app.
• Prayer sessions: session metadata such as start or end times, duration, or session identifiers, as implemented in the product.
• Prayer health metrics: in-app measures related to your prayer habits or spiritual wellness, as displayed in the Services (for example, trends or scores the product surfaces).
• Streaks and activity: consecutive use or participation streaks and related activity events logged for product features and integrity.

1.4 Social graph and organizational context

• Relationships: followers, people you follow, and “inner circle” or friend connections you establish.
• Groups and organizations: memberships in groups, communities, or organizations within Generous Prayer, and roles or permissions associated with those memberships.

1.5 Device and technical data

• Push notification tokens: identifiers used by Apple, Google, or similar services to deliver notifications to your device when you opt in.
• Timezone preference: your selected timezone used to schedule reminders and other notification timing windows in your local day.
• Device type and environment: information such as device model, operating system version, app version, and diagnostic logs needed to operate and secure the Services.
• Network and security logs: IP address, request timestamps, and similar technical data collected by our hosting and infrastructure providers for reliability and abuse prevention.

1.6 Information we do not intend to collect

We design account creation so that children under 13 cannot register (see Section 13). We ask that you not send us sensitive government identifiers or financial account numbers except where a specific feature clearly requires it and we describe that collection separately.

2. Google user data and Google API Services

When you choose Sign in with Google on our web or mobile apps, Generous Prayer uses Google API Services (including Google Sign-In) as part of authentication. Our use of those services is subject to the Google APIs Terms of Service and the Google API Services User Data Policy. This section supplements the rest of this Privacy Policy and describes how we access, use, store, share, retain, and delete Google user data for that feature.

Data accessed

We access only the Google user data needed to create and maintain your Generous Prayer account via our identity provider, Supabase, which completes the OAuth flow with Google. Depending on your Google account settings and what Google makes available for the scopes we request, this may include:

• Google Account subject identifier (a stable ID for your Google Account within our auth system).
• Email address associated with your Google Account.
• Name (such as display name) as provided by Google for sign-in.
• Profile photo URL, if Google supplies it for your account during sign-in.
• OAuth tokens (for example, access and refresh tokens) handled by Supabase to maintain your session and securely refresh your login where supported—we do not use Google user data to access Gmail, Google Drive, Google Calendar, Contacts, or other Google APIs beyond what Supabase requires for authentication, unless we introduce separate features and update this policy before doing so.

We request the minimum Google permissions appropriate for sign-in and account linking (typically OpenID Connect “openid,” “email,” and “profile”-type scopes as implemented by Supabase and Google for this flow). We do not use Google user data for surveillance, resale, or advertising as described under “Data usage” below.

Data usage

We use Google user data obtained through Google Sign-In only to:

• Authenticate you and create or link your Generous Prayer account to your Google identity.
• Populate your profile with the name, email, and profile image we receive (you can update many profile fields in the product where the Service allows).
• Operate security and integrity of the Service, including detecting unauthorized access, abuse, or account takeover attempts.
• Comply with law and enforce our terms, as described elsewhere in this Privacy Policy.

We use Google user data only to provide and improve user-facing features of Generous Prayer that depend on authentication and profile information, consistent with the Limited Use requirements in the Google API Services User Data Policy. We do not sell Google user data; do not use it for third-party advertising, retargeting, or interest-based advertising; and do not use it to determine credit-worthiness or for lending. Human access to Google-derived account content is limited to the exceptions permitted by that policy (for example, security, legal compliance, or with your clear agreement for support).

Data sharing

Google user data may be processed by:

• Google LLC when you authenticate with Google and when Google provides identity services; Google’s privacy notices and terms apply to data processed on Google’s systems during sign-in.
• Supabase as our authentication and database provider, which stores account identifiers, profile fields, and session tokens needed to operate the Service, under our instructions and applicable agreements.
• Our hosting and infrastructure providers (for example, Vercel) where they transmit or host application traffic and metadata but do not use Google user data for their own purposes beyond providing services to us.

We do not disclose Google user data to data brokers, advertising platforms, or information resellers. We may disclose information when required by law or to protect users, as described in Section 5 (Information Sharing).

Data storage and protection

Google user data received through Sign in with Google is stored and protected using the same administrative, technical, and organizational measures described in Section 14 (Data Security), including encryption in transit and encryption at rest where supported by our infrastructure. Access to production systems is limited to authorized personnel who need it to operate or secure the Service.

Data retention and deletion

We retain Google-derived account data for as long as your account is active and as needed to provide the Service. When you delete your Generous Prayer account or ask us to delete your personal data, we follow the retention, grace-period, and erasure practices in Section 7 (Data Retention) and Section 10 (Account Deletion, Suspension, and Recovery). You may exercise privacy rights (including deletion) by contacting privacy@generousprayer.org or through in-product account tools where available, as described in Section 8 (Your Privacy Rights).

Disconnecting or revoking Generous Prayer’s access in your Google Account settings may affect your ability to sign in with Google but does not automatically delete data we already hold; use account deletion or a privacy request as above to remove data subject to our retention rules.

3. How We Use Your Information

We use the information above to:

• Provide the Services: create and maintain your account; display prayer requests, audio, comments, and updates; power social features such as followers, inner circle, and group or organization membership; compute streaks, sessions, and prayer health metrics shown in the app.
• Operate and improve the product: troubleshoot issues, understand feature usage in aggregate, prioritize development, and maintain performance and reliability.
• Send notifications: deliver push or in-product notices you have opted into, such as prayer reminders or activity alerts, consistent with your settings.
• Keep the community safe: detect, investigate, and help prevent fraud, abuse, spam, or violations of our terms or policies; enforce restrictions (including age-based content limits for users under 18 where applicable).
• Comply with law: respond to lawful requests and meet accounting, tax, or nonprofit reporting obligations where applicable.
• Communicate with you: send service-related messages (for example, security notices or policy updates) and, where permitted, information about Radical Advocacy or Generous Prayer that we believe will serve our mission.

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area, Switzerland, or the United Kingdom, we process personal data only where we have a valid “legal basis” under the General Data Protection Regulation (“GDPR”). Depending on the activity, we rely on one or more of the following:

• Performance of a contract: processing necessary to provide the Services you request (for example, hosting your account and prayer content).
• Consent: where we ask for your consent—for example, optional marketing communications, non-essential cookies or similar technologies if used, certain notifications, or recording audio as described in Section 11—you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Legitimate interests: where we use data in ways you would reasonably expect and that have a minimal privacy impact, or where there is a compelling justification—such as securing the Services, preventing abuse, improving stability, or analyzing aggregated usage—balanced against your rights. You may object to processing based on legitimate interests as described in Section 8.
• Legal obligation: where we must process data to comply with applicable law.

Certain information you share through Generous Prayer may reveal religious or spiritual life. Where GDPR Article 9 applies, we process this information only when permitted by law, including where you have manifestly made the data public through the Services, or where processing is necessary for substantial public interest on the basis of Union or Member State law, or with your explicit consent when required. See Section 12.

5. Information Sharing

We do not sell your personal information as “sale” is commonly understood under U.S. state privacy laws, and we do not sell it for money. We share information only in these situations:

• Service providers and processors: trusted vendors who process data on our instructions under written agreements requiring appropriate security and confidentiality (see Section 6).
• Within the product as you direct: prayer content, profile elements, and social connections are visible to other users according to the visibility, group, and sharing settings you choose in the app.
• Legal and safety: when we believe in good faith that disclosure is required by law, regulation, legal process, or governmental request; to enforce our terms or policies; or to protect the rights, safety, or property of Radical Advocacy, our users, or the public.
• Organizational relationships: if you join or interact with an organization on Generous Prayer, limited account or activity information may be visible to authorized administrators of that organization as the product design provides.
• Business transfers: if Radical Advocacy engages in a merger, acquisition, reorganization, asset sale, bankruptcy, or similar transaction, information may be transferred as part of that process. We will require the successor to honor this Privacy Policy or provide notice of material changes.

6. Third-Party Sub-Processors and Integrations

We use the following categories of providers to operate Generous Prayer. They may process personal data on our behalf under contractual safeguards:

• Supabase: database, authentication, file storage, and related backend infrastructure for account data, prayer content, and media.
• Vercel: hosting and delivery of our web applications and APIs.
• Google: Sign in with Google (OAuth) for account creation and login, in addition to push notifications and related platform services for Android and mobile clients where applicable.
• Apple: Sign in with Apple and push notification services and related platform services for devices running our mobile applications.
• Expo: tooling and runtime components used in building and running our mobile applications.

When you use third-party services outside our control (for example, opening a link in your browser), those services’ privacy policies govern their collection of information.

7. Data Retention

• Active accounts: we retain account data, prayer content, usage records, and related information for as long as your account remains open and we need the data to provide the Services.
• Soft deletion: when you delete your account or request deletion, we may apply a 30-day grace period during which your account is deactivated and scheduled for permanent erasure, to allow recovery in case of accidental deletion or security review, unless a shorter or longer period is displayed in the product or required by law.
• Permanent deletion: after the grace period (or immediately if you select a hard-delete or equivalent option where offered), we delete or irreversibly anonymize personal data except where limited retention is necessary for legal, security, or backup reasons as described below.
• Legal and security holds: we may retain certain records beyond deletion where required to comply with law, resolve disputes, enforce agreements, or protect against fraud or harm; such data is accessed only on a need-to-know basis.
• Backups: residual copies in encrypted backups may persist for a limited period before automatic rotation overwrites them.

8. Your Privacy Rights

Depending on where you live, you may have the rights described below. To exercise these rights, contact privacy@generousprayer.org. We will verify your request in line with applicable law and may need additional information to confirm your identity.

8.1 GDPR (EEA, UK, Switzerland)

You may have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase (“right to be forgotten”) data in certain circumstances.
• Restrict processing in certain situations.
• Object to processing based on legitimate interests or for direct marketing.
• Data portability—receive a structured, commonly used, machine-readable copy of data you provided where technically feasible.
• Withdraw consent where processing is based on consent, without affecting prior lawful processing.
• Lodge a complaint with a supervisory authority in your country of residence.

8.2 California (CCPA/CPRA) and similar U.S. state laws

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”) may grant you the right to know categories and specific pieces of personal information collected; to delete personal information subject to exceptions; to correct inaccurate personal information; to opt out of “sale” or “sharing” of personal information for cross-context behavioral advertising (we do not sell personal information for monetary consideration; if our practices change we will describe opt-out mechanisms); and to limit use of sensitive personal information where that right applies. We will not discriminate against you for exercising these rights.

Residents of Virginia (Virginia Consumer Data Protection Act), Colorado (Colorado Privacy Act), and Connecticut (Connecticut Data Privacy Act), among other states with comprehensive privacy laws, may have similar rights to access, delete, correct, obtain a portable copy, or opt out of certain processing, subject to exceptions. Submit requests to the contact in Section 19; we will respond under the timelines and procedures required by your state’s law.

9. Data Export

Where the product provides a data export, you may download a machine-readable copy of your personal information (for example, in JSON format) for portability or your records. If an in-app export is unavailable for your account type, contact privacy@generousprayer.org and we will assist in line with applicable law.

10. Account Deletion, Suspension, and Recovery

• Soft delete: deletion requests may place your account into a deactivated state with a 30-day recovery window before permanent erasure, unless the product specifies otherwise.
• Hard delete: where offered, you may request immediate or expedited permanent deletion without waiting for the full grace period, understanding that recovery may not be possible.
• Suspension: we may suspend access to your account where necessary to investigate misuse, comply with law, or protect users, after notice where appropriate.

11. Audio Recordings and Consent

Voice prayer requests and prayer voicemails involve processing audio that may identify you. The first time you use any recording feature (or when we materially change how recordings work), we require your informed consent through a clear in-app prompt. We log the date and time of your consent server-side for audit purposes.

What we record: when you choose to record a prayer voicemail for another user, we capture audio from your device microphone during the prayer session. Recordings shorter than two seconds are automatically discarded.

How recordings are used: your voicemail is delivered to the prayer request owner, who can listen to and delete it at any time. We do not use recordings for advertising, training, or any purpose other than delivering your prayer to the intended recipient.

Declining or revoking consent: you may decline; the prayer feature will still work without recording. You can revoke microphone permission through your device or browser settings at any time; revoking consent does not affect the lawfulness of prior processing. You may also manage your voice recording preferences in your account Settings.

Audio is stored and transmitted using the security measures described in Section 14.

12. Sensitive Data (Including Religious and Spiritual Life)

Prayer requests, updates, comments, participation data, and related profile or group context may reveal information about your religious beliefs, spiritual practices, or health-adjacent concerns. We treat this information with additional care and only use it to provide Generous Prayer, keep the community safe, comply with law, or for other purposes described in this policy and permitted under GDPR Article 9 and applicable U.S. law. Where required, we obtain explicit consent before processing sensitive categories.

13. Children’s Privacy (COPPA and Teen Safety)

Generous Prayer is not directed to children under 13. We do not knowingly collect personal information from children under 13, and our account creation flows are designed to block users under 13 from registering. If you believe we have collected information from a child under 13, contact us immediately at privacy@generousprayer.org and we will take steps to delete it.

Users under 18 may have restricted access to mature content or certain features intended for adults, as implemented in the product and consistent with our terms and safety policies.

14. Data Security

We implement administrative, technical, and organizational measures appropriate to the risks involved, including encryption in transit (such as TLS for network connections) and encryption at rest where supported by our infrastructure. Our backend relies on Supabase and other providers that maintain industry-standard certifications and security practices. No method of transmission or storage is completely secure; we encourage you to use a strong password and protect your device.

15. Data Breach Notification

If we become aware of a personal data breach that poses a risk to individuals, we will investigate promptly, mitigate harm, and, where required by the GDPR, notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware, unless the breach is unlikely to result in a risk to rights and freedoms. Where high risk to you is likely, we will also communicate with affected users and describe steps you can take, unless exceptions apply. We will comply with applicable U.S. state breach-notification laws where they apply to Radical Advocacy or Generous Prayer.

16. International Data Transfers

Radical Advocacy is based in the United States. If you access the Services from outside the United States, your information will be processed in the United States and potentially in other countries where our subprocessors operate. In particular, data may be stored in or processed through Supabase infrastructure hosted in the United States (and other regions Supabase uses to deliver the service).

For transfers of personal data from the EEA, UK, or Switzerland to countries not deemed to provide an adequate level of protection, we implement appropriate safeguards such as the EU Commission-approved Standard Contractual Clauses (and the UK or Swiss addenda where applicable) with our vendors, or other lawful transfer mechanisms. You may request more information about these safeguards by contacting privacy@generousprayer.org.

17. Consent Records and Policy Versioning

We maintain records showing when you accepted our Terms of Service and Privacy Policy and which version was in effect at acceptance, along with timestamps and, where available, the method of acceptance (for example, account signup or in-app acknowledgment). We also record the timestamp of your voice recording consent (see Section 11) for audit and compliance purposes. When we update legal terms materially, we may prompt you to review and accept the new version before continued use where required by law.

18. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, the Services, or legal requirements. We will post the revised policy on this page and update the effective date. If changes are material, we will provide additional notice as appropriate—such as through the Generous Prayer application, email to your registered address, or a prominent notice on generousprayer.org—before the changes take effect where required by law. Your continued use of the Services after the effective date constitutes acceptance of the updated policy, except where your consent is required for specific new processing.

19. Contact Information and Data Protection

Radical Advocacy (operator of Generous Prayer)

Privacy inquiries: privacy@generousprayer.org

Websites: generousprayer.org, app.generousprayer.org

EU/UK data protection and DPO contact: For questions about processing of personal data under the GDPR, including requests to exercise your rights, contact privacy@generousprayer.org. Where the GDPR requires Radical Advocacy to designate a Data Protection Officer, we will publish the officer’s name and contact details in this section; until then, the address above serves as our data protection contact for the European Economic Area, United Kingdom, and Switzerland.

For EU residents, you also have the right to lodge a complaint with your local data protection authority.