Data Rights & Requests
Effective Date: February 21, 2026At RhemaOS, we respect your rights over your personal data. This page explains the data rights available to you under applicable privacy laws — including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other regional privacy legislation — and how to exercise them.
This page supplements our Privacy Policy, which describes what data we collect and how we use it.
1. Your Data Rights
Depending on where you reside, you may have some or all of the following rights:
1.1 Right of Access
You have the right to request a copy of the personal data we hold about you. We will provide this in a commonly used, machine-readable format (JSON or CSV) within 30 days of your verified request.1.2 Right to Rectification
You have the right to request that we correct inaccurate or incomplete personal data. You can update most information directly through your Settings page.1.3 Right to Erasure ("Right to Be Forgotten")
You have the right to request deletion of your personal data. You can:- Self-service: Delete your account from Settings > Danger Zone. This permanently removes all personal data within 30 days.
- By request: Email legal@rhemaos.app and we will process the deletion within 30 days.
1.4 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format. Upon request, we will provide an export of your:- Profile information
- Prayer history and bookmarks
- Journal entries
- Prayer request history
1.5 Right to Restrict Processing
You have the right to request that we limit how we use your data while a complaint or request is being resolved.1.6 Right to Object
You have the right to object to processing of your personal data for certain purposes, including:- Direct marketing (you can opt out of newsletters at any time)
- Processing based on legitimate interests
1.7 Right to Withdraw Consent
Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing. This includes:- Newsletter subscriptions
- Feedback usage consent
- Testimonial or media consent
1.8 Right to Non-Discrimination
We will not discriminate against you for exercising any of your data rights. You will not receive different pricing, service quality, or access for making a privacy request.2. How to Submit a Request
To exercise any of the rights above: Email: legal@rhemaos.app Subject line: Data Rights Request
Please include:
- Your full name and account email address
- The specific right(s) you wish to exercise
- Any details that help us locate the relevant data
3. Legal Bases for Processing (GDPR)
For users in the European Economic Area (EEA) and United Kingdom (UK), we process personal data under the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Account creation and authentication | Contract performance |
| Delivering prayer features and tracking | Contract performance |
| AI-generated prayer personalisation | Contract performance + Legitimate interest |
| Product analytics (anonymised) | Legitimate interest |
| Email notifications (magic links, account) | Contract performance |
| Newsletter emails | Consent |
| Security and fraud prevention | Legitimate interest |
| Legal compliance | Legal obligation |
4. International Data Transfers
RhemaOS is operated from and primarily hosted in the United States. If you are located outside the US, your data may be transferred to and processed in the US and other countries where our service providers operate.
For transfers from the EEA/UK, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Service provider certifications and data processing agreements
5. Data Protection Officer
For GDPR-related inquiries, you may contact our data protection point of contact:
- Email: legal@rhemaos.app
- Subject line: DPO Inquiry
6. Supervisory Authority
If you are in the EEA or UK and believe your data protection rights have not been adequately addressed, you have the right to lodge a complaint with your local data protection supervisory authority.
7. California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the CCPA/CPRA:
7.1 Right to Know
You may request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the third parties with whom we share it.7.2 Right to Delete
You may request deletion of your personal information, subject to certain exceptions.7.3 Right to Opt Out of Sale/Sharing
We do not sell or share your personal information for cross-context behavioural advertising. No opt-out is necessary because we do not engage in these practices.7.4 Categories of Personal Information
| Category | Collected | Sold | Shared |
|---|---|---|---|
| Identifiers (name, email) | Yes | No | No |
| Internet activity (usage data) | Yes | No | No |
| Geolocation (approximate, via IP) | Yes | No | No |
| Financial (subscription status) | Yes | No | No |
| Inferences (prayer preferences) | Yes | No | No |
8. Cookie Preferences
For information about cookies and how to manage your preferences, see our Cookie Policy.
9. Changes to This Page
We may update this page from time to time. Changes will be posted here with an updated effective date.
10. Contact Us
For data rights requests or privacy questions:
- Email: legal@rhemaos.app
- Subject line: Data Rights Request