This Privacy Policy explains how OnePrayer, a place to reflect, ("we," "us," or "our"), collects, uses, and protects your information when you use our mobile application, website, and related services (the "Services").

1. Information We Collect & Legal Basis

a. Information You Provide

Account information (name, email, optional profile photo), content (prayers, journal entries, community posts), and preferences (theme, notifications, faith tradition).

Legal Basis: Contract performance (providing our services), Consent (for optional profile features), Legitimate interests (service improvement)

b. Information Collected Automatically

Usage data (app interactions, device type), log data (IP address, timestamps), and cookies/local storage for sessions and personalization.

Legal Basis: Legitimate interests (service functionality, security, performance optimization). Analytics cookies require your explicit consent.

c. Subscription & Payment Data

Payments are processed by app stores (Apple, Google). We do not store payment card details.

Legal Basis: Contract performance (processing subscription payments), Legal compliance (tax and financial regulations)

d. Sign in with Google, Apple, or Facebook

When you sign in with a social provider, we receive your name, email, and profile photo from that provider. The provider (Google, Apple, or Facebook) processes your data according to their privacy policy.

Legal Basis: Consent (you choose to sign in with a social provider)

2. How We Use Your Information

To provide and personalize the Services; generate guided prayers and journaling experiences; enable community features; improve functionality; and communicate important updates. We do not sell your personal information.

3. Sharing of Information

We may share limited information with service providers for hosting, analytics, and support; to comply with laws; or when you choose to share content publicly. Private journal entries remain private.

4. Data Retention

We retain your data while your account is active. You may request deletion at any time. We may retain aggregated, non-identifiable data for analytics.

5. Security

We use technical and organizational measures (including encryption and secure hosting) to protect your data. No system is completely secure; please safeguard your credentials.

6. Children's Privacy

OnePrayer is not directed to children under 13. If we learn we have collected information from a child without parental consent, we will delete it.

7. Your Rights

Depending on your region, you may have rights to access, correct, delete, or export your data, and to withdraw consent. Contact us at support@oneprayer.ai to make a request.

8. Data Deletion & Account Closure

You may request deletion of your account and associated data at any time, subject to legal or compliance requirements.

9. Data Controller & Contact Information

Data Controller

IronByte d.o.o.
Business Address: Gustava Krkleca 38A, 10000 Zagreb, Croatia
Email: support@oneprayer.ai
Privacy Contact: privacy@oneprayer.ai

EU Representative

If you are located in the European Union, our designated representative is:
Irena Andrassy
Contact details available upon request

10. International Data Transfers

Your information may be processed outside your home country. We comply with applicable data transfer regulations.

Third-Party Services:

  • Mixpanel: Analytics service hosted in EU (api-eu.mixpanel.com) with Standard Contractual Clauses (SCCs)
  • Supabase: Database hosting with EU region selection and GDPR compliance
  • OpenAI: AI prayer generation, image generation, and voice synthesis; user content (intentions, journal entries) is processed per OpenAI's privacy policy
  • RevenueCat: Subscription management for Apple and Google in-app purchases; processes user ID and purchase data
  • Sentry: Error tracking and crash reporting; receives device info and error logs to improve stability
  • Google, Apple, Facebook: Sign-in providers; these providers receive and process data when you authenticate
  • App Stores: Apple and Google payment processing with their respective privacy frameworks

11. Updates to This Policy

We may update this Privacy Policy periodically. Changes will be posted in-app or sent by email. Continued use of the Services indicates acceptance of the updated policy.

12. Language and Interpretation

In case of conflict, the English version prevails.

13. Contact Us & Data Subject Rights

For questions or privacy requests, contact us at support@oneprayer.ai, or write to our business address.

Your Rights (EU/UK residents):

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for data processing at any time

Response Time: We will respond to requests within 30 days (may be extended by 60 days for complex requests).

California Residents

If you are a California resident, you have additional rights under the CCPA/CPRA: the right to know what personal information we collect; the right to delete your data; the right to opt-out of the sale of your information (we do not sell your personal information); and the right to non-discrimination for exercising these rights.