Privacy Policy

Effective Date: February 17, 2026

RhemaOS ("we", "us", "our") operates the RhemaOS platform at rhemaos.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

1.1 Information You Provide

Account Information: When you create an account, we collect your name, email address, and authentication credentials (via email magic link or Google sign-in).
Prayer Activity: Your prayer selections, completed chapters, prayer history, bookmarks, and streaks.
Personal Circumstances: If you use the circumstance-aware prayer feature, the categories or free-text circumstances you enter. These are encrypted at rest and automatically deleted after 90 days.
Feedback: Any feedback, bug reports, or feature requests you submit through the app, along with the optional consent choices you make about how that feedback may be used.
Payment Information: If you subscribe to a paid tier, payment is processed by LemonSqueezy. We do not store your credit card details — only your subscription status and billing identifiers.

1.2 Information Collected Automatically

Usage Data: Pages visited, features used, session duration, and interaction patterns to improve the product.
Device Information: Browser type, operating system, device type, and screen resolution.
IP Address: Collected for rate limiting, security, and fraud prevention. Not used for advertising.
Cookies: We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

2. How We Use Your Information

We use your information solely to:

Provide the Service: Deliver personalised Scripture-based prayers, track your prayer journey, and manage your account.
Improve the Product: Analyse aggregated, anonymised usage patterns to improve features and fix bugs.
Communicate: Send you magic link emails, account notifications, and (if opted in) prayer inspiration newsletters.
Security: Prevent abuse, enforce rate limits, and protect the integrity of the platform.
Legal Compliance: Comply with applicable laws and legal processes.

We never sell your personal data. We never use your prayer activity or personal circumstances for advertising.

3. AI-Powered Features

RhemaOS uses AI (Anthropic Claude) to generate dynamic, personalised prayers. When you use this feature:

Your selected Scripture passage and prayer adaptation type are sent to the AI.
If you provide personal circumstances, a category label only (e.g., "health", "finances") is sent unless you are on a Disciple or Warrior tier, in which case anonymised free-text may be sent.
The AI does not retain your data after generating a response.
Generated prayers may be cached (without personal identifiers) to improve performance for common requests.

4. Data Sharing

We share your information only in these limited circumstances:

Service Providers: Supabase (database and authentication), Vercel (hosting), Anthropic (AI prayer generation), LemonSqueezy (payments), and Sentry (error monitoring). Each provider processes data under contract and in accordance with their own privacy policies.
Anonymised Analytics: We may share aggregated, non-identifying statistics (e.g., "10,000 prayers completed this week") publicly.
Legal Requirements: If required by law, court order, or to protect our rights and safety.
With Your Consent: If you opt in to share feedback as a testimonial or in marketing materials (always anonymised).

We do not share data with advertisers, data brokers, or any unrelated third party.

5. Data Retention

Data Type	Retention Period
Account & profile	Until you delete your account
Prayer history	Until you delete your account
Personal circumstances	90 days (auto-deleted)
Dynamic prayer cache	30 days or when cache is rotated
Feedback submissions	Until resolved, then archived
Payment records	As required by tax/legal obligations
Server logs	30 days

6. Your Rights

Depending on your jurisdiction, you may have the right to:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate data.
Deletion: Request deletion of your account and all associated data. You can do this from Settings > Danger Zone, or by emailing support@rhemaos.com.
Portability: Request your data in a machine-readable format.
Withdraw Consent: Withdraw any optional consents at any time without affecting the lawfulness of prior processing.

To exercise these rights, email us at support@rhemaos.com.

7. Data Security

We implement industry-standard security measures including:

TLS/HTTPS encryption for all data in transit.
Encryption at rest for sensitive data (personal circumstances, prayer requests).
Row Level Security (RLS) on all database tables ensuring users can only access their own data.
Rate limiting on all API endpoints.
Regular security audits and dependency updates.

No system is 100% secure. If we become aware of a data breach that may affect you, we will notify you within 72 hours.

8. Children's Privacy

RhemaOS is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child, please contact us immediately at support@rhemaos.com.

9. International Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the platform and updating the "Effective Date" above. Continued use of the service after changes constitutes acceptance.

11. Contact Us

For privacy questions, data requests, or concerns:

Email: support@rhemaos.com
Subject line: Privacy Request

We will respond within 30 days.