Privacy Policy

We collect the following categories of information when you use Prayer Connect:

• Account information: Your name, email address, and profile photo provided by Google when you sign in with Google OAuth.
• Prayer requests: The text you submit when requesting a prayer, along with the category you select.
• AI-generated responses: The prayers, messages, and scripture references generated on your behalf, saved to your journal.
• Usage data: Prayer counts, subscription status, and the month in which prayers were generated — used to enforce usage limits.
• Payment data: Subscription and billing information is handled entirely by Stripe. We never store your card details.

We use your information solely to operate and improve Prayer Connect:

• To authenticate you and maintain your account.
• To generate personalized prayer responses via OpenAI's API.
• To save your prayer journal so you can revisit past prayers.
• To enforce free-tier usage limits and manage Pro subscriptions.
• To send transactional communications (e.g. payment receipts via Stripe).
• If you accept analytics cookies via our cookie notice, to measure aggregate traffic and improve the Service (see Cookies below).

We do not use your prayer requests for advertising, sell your data to third parties, or use it to train AI models without your explicit consent.

Your data is stored securely using Google Firebase (Firestore), hosted on Google Cloud infrastructure. All data is encrypted at rest and in transit using industry-standard TLS encryption. Access to your data is restricted to authenticated requests tied to your account. We implement reasonable administrative and technical safeguards to protect your information, though no system can guarantee absolute security.

Prayer Connect uses the following trusted third-party services:

• Google Firebase: Authentication and database storage.
• OpenAI: prayer generation. Your prayer request text is sent to OpenAI's API to generate a response. OpenAI's data usage policies apply. We use API calls with data-not-used-for-training settings where available.
• Stripe: Payment processing. Stripe is PCI-DSS compliant. We never see or store your full card number.
• labs.bible.org: Bible text used for the daily verse and Bible-by-chapter reading (NET Bible). Your requests are sent only as needed to fetch scripture; we do not share your personal information with this service.
• Google Analytics: If you accept analytics cookies, aggregate usage data is processed by Google LLC according to Google's policies.

We retain your account information and prayer journal for as long as your account is active. If you delete your account, your personal data and prayer history will be permanently removed within 30 days. Anonymized usage statistics may be retained for analytical purposes.

Depending on your jurisdiction, you may have the right to:

• Access a copy of the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Object to or restrict certain processing of your data.

To exercise any of these rights, please contact us at contact@winvar.com.

Prayer Connect is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

Essential cookies. We use cookies that are necessary to operate the Service — for example, to keep you signed in after Google authentication and to protect security. These are required for core functionality.

Analytics (optional). If you click Accept on our cookie banner, we use Google Analytics (Google LLC) to understand aggregate traffic and how the Service is used. Analytics may set first-party cookies and send limited information to Google; we configure IP anonymization where supported. If you click Decline, analytics storage stays off and we do not use analytics cookies for measurement in that browser.

Advertising. We do not use advertising cookies or sell your data for targeted ads.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or by email. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

If you have any questions or concerns about this Privacy Policy or how we handle your data, please reach out to us at contact@winvar.com. We aim to respond within 48 hours.