Privacy Policy

Welcome to Rooted Pray ("we", "our", or "us"), operated by Rooted Pray Inc., a company incorporated in the United States. We provide an AI-powered Bible study, prayer, and faith companion mobile application ("App") and website at rootedpray.com ("Service").

This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your personal data. By using our Service, you agree to this Privacy Policy. If you do not agree, please do not use our Service.

Our Service is intended for users aged 18 and older. We do not knowingly collect personal data from children under 13 (or under 16 in the EEA/UK).

2.1 Information You Provide Directly

• Account Information: Name, email address, password (hashed), country, and preferred language when you register.
• Profile Information: Profile photo (optional), display name, bio.
• Prayer Requests & Messages: Content you submit, share, or post within the App including prayer requests, testimonies, and AI chat conversations.
• Support Communications: Emails or messages you send to our support team.
• Payment Information: Subscription purchases are processed by Google Play or Apple App Store and RevenueCat. We do not store your credit card or payment details on our servers.

2.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers, push notification tokens.
• Usage Data: Features you use, screens visited, session duration, crash reports, and error logs.
• Log Data: IP address, timestamps, request data, and server logs.
• Push Notification Tokens: To send you prayer reminders and app notifications (with your permission).

2.3 Third-Party Sign-In

If you sign in using Google OAuth or Apple Sign-In, we receive your name and email address from those providers. We do not receive your passwords from these services.

• Create and manage your account and authenticate your identity.
• Provide AI-powered spiritual guidance, Bible study content, devotionals, and prayer features.
• Process and verify subscriptions through RevenueCat, Google Play, and Apple App Store.
• Send transactional emails (account verification, password reset) via Amazon Simple Email Service (AWS SES).
• Send push notifications for prayer reminders and updates (with your consent).
• Personalize content based on your language preference and usage.
• Analyze usage to improve the App, fix bugs, and develop new features.
• Comply with legal obligations and enforce our Terms of Service.
• Prevent fraud, abuse, and unauthorized access.

We do not sell your personal data. We share your information only in these limited cases:

• Service Providers: Trusted vendors listed in Section 5 who help us operate the App under confidentiality agreements.
• Legal Requirements: If required by law, court order, or government authority (US, EU, or other applicable jurisdiction).
• Business Transfers: If Rooted Pray Inc. merges, is acquired, or sells assets, your data may be transferred. We will notify you via email or in-app notice.
• Safety: To protect the rights, safety, or property of our users or the public.
• With Your Consent: For any other purpose with your explicit consent.

Community prayer requests and testimonies that you mark as "public" are visible to other app users. Do not share sensitive personal information in public posts.

We use the following third-party services to operate our App:

Each third-party service has its own privacy policy. We encourage you to review them. We do not sell your data to any third party for advertising purposes.

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

• Account Data: Retained until you delete your account.
• Chat / AI Conversations: Retained for up to 12 months, then automatically deleted.
• Prayer Requests: Retained until you delete them or your account.
• Subscription Records: Retained for 7 years for financial/tax compliance.
• Log Data: Retained for 90 days.

To delete your account and all associated data, email support@rootedpray.com or use the in-app "Delete Account" option in Settings.

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) or equivalent laws:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data.
• Right to Restriction of Processing: Request that we limit how we use your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

Our legal basis for processing is:

• Contract performance (providing the App service)
• Legitimate interests (improving the App, security)
• Consent (push notifications, marketing emails)
• Legal obligation (tax records, law enforcement requests)

We may transfer your data outside the EEA to the United States. We use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.

To exercise your rights, contact us at support@rootedpray.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of your personal information.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• Right to Limit Use of Sensitive Personal Information: We do not process sensitive personal information beyond what is necessary to provide our Service.

Categories of personal information collected: Identifiers (name, email, device ID), commercial information (subscription records), internet/network activity (usage data), geolocation (country only), audio/visual data (profile photos), inferences (language preferences).

To submit a verifiable consumer request, email support@rootedpray.com with subject line "CCPA Request".

Our Service is operated from the United States and is subject to US export control laws, including the Export Administration Regulations (EAR) administered by the U.S. Bureau of Industry and Security. By using the Service, you represent that you are not located in a country that is subject to a U.S. Government embargo (currently Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine), and that you are not listed on any U.S. Government list of prohibited or restricted parties.

If you are accessing the Service from outside the United States, you consent to the transfer of your information to the United States, which may have different data protection laws than your country.

Our Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). For users in the EEA, we do not knowingly collect data from children under 16.

If we discover that we have inadvertently collected personal data from a child under the applicable age limit, we will delete it immediately. If you believe we have collected data from a child, please contact us at support@rootedpray.com.

We implement industry-standard security measures to protect your personal information:

• All data transmitted between the App and our servers is encrypted using TLS/HTTPS.
• Passwords are hashed using bcrypt — we never store plain-text passwords.
• Authentication tokens (JWT) are stored securely on-device and expire periodically.
• Our servers are hosted on secure cloud infrastructure with firewall protection and regular security updates.
• Access to personal data is restricted to authorized personnel only.

Despite these measures, no method of data transmission or storage is 100% secure. In the event of a data breach affecting your rights, we will notify you as required by applicable law.

Rooted Pray offers optional premium subscriptions ("Disciple Monthly" and "Disciple Yearly") processed through Google Play (Android) and Apple App Store (iOS), managed by RevenueCat.

• We do not collect or store your credit/debit card information. All payment processing is handled by Google, Apple, and RevenueCat.
• Subscriptions auto-renew unless cancelled at least 24 hours before the end of the current period.
• To cancel, manage your subscription through your Google Play or App Store account settings.
• Refunds are subject to the refund policies of Google Play and Apple App Store.

With your permission, we send push notifications for prayer reminders, community updates, and app alerts via Firebase Cloud Messaging (FCM) on Android and Apple Push Notification Service (APNs) on iOS. You can opt out at any time in your device Settings or in the App under Notifications settings.

Our website (rootedpray.com) may use cookies and similar tracking technologies for:

• Essential cookies: Required for the website to function.
• Analytics cookies: To understand how visitors use our site (we use privacy-respecting analytics).

You can control cookies through your browser settings. Disabling cookies may affect website functionality.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:

• Updating the "Last Updated" date at the top of this page.
• Sending an email notification to your registered email address.
• Displaying an in-app notice.

Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: