Prayer Shield — Privacy Policy

1. Scope

This Privacy Policy applies only to Prayer Shield. It does not apply to other apps, products, or services unless they specifically link to or reference this Privacy Policy.

2. Who we are

Pinnacle River LLC is the business responsible for deciding how and why your personal information is processed for Prayer Shield. In privacy law terms, Pinnacle River LLC is generally the controller or business for the data described in this Policy, while certain service providers we use act as our processors or service providers. European Commission.

3. Information we collect

We collect only the categories of information needed to operate, secure, support, and improve Prayer Shield. Depending on how you use the Service, we may collect:

• User ID — A unique identifier associated with your account.
• Email address — Used for account creation, login, account support, important service-related communications, and account recovery where applicable.
• Profile information — Display name and profile photo if you choose to add them, used to represent you in Prayer Circles, friends features, and related social surfaces.
• Product interaction data — How you interact with Prayer Shield (for example features used, screens viewed, taps, prayer completion flows, streak-related events, shield or daily-prayer modes, onboarding steps, notification interactions, and similar in-app events).
• Faith and community activity data — Structured prayer-request or encouragement categories you select, emoji reactions or similar lightweight responses you send, Circle memberships and invitations, Circle metadata you can see or edit within the product (such as names or icons administrators configure), friendships or connection states the product uses to route activity, unread or delivery states for inbox-style features, settings for how your activity appears on a friends Prayer Wall, and analogous records needed for those features.
• Prayer Wall and publicly visible request data — Prayer requests or related items you affirmatively place on surfaces intended to be visible to people beyond a private one-to-one chat — for example a public Prayer Wall on our website or broadly available in-app feeds, subject to product controls. This can include timestamps, emoji counts or reaction aggregates associated with wall-visible items, and deduplicated or summarized feed records our infrastructure maintains.
• Text you submit for AI-assisted features — Words you type or generate through flows that invoke personalized prayer wording, devotional companion experiences, journaling-style inputs, personalization prompts, summaries, clarifications, or similar AI-powered assistance. Depending on settings and context, inputs may implicitly reveal religious intentions, emotional topics, relationships, health concerns, or other sensitive themes; treat free-text fields accordingly.
• Blocking and safety records — Identifiers and metadata needed to enforce user blocks (for example who you have blocked or who has blocked you, where the product implements mutual visibility rules), consistent with in-app controls.
• Performance data — Technical data about app performance, responsiveness, and functionality.
• Crash data — Diagnostic information generated when the app crashes or malfunctions.
• Purchase history — Information related to subscriptions, entitlements, trial state, and purchase status as reported by app marketplaces and reconciled through our subscription tooling.

4. Prayer Circles, friends, the Prayer Wall, blocking, and "anonymous" requests

Prayer Circles and friends. When you join Circles or connect with friends inside Prayer Shield, other participants can see activity the product is designed to show — for example that you are a member, that you sent an encouragement or chose a structured support type, or that you reacted with an emoji. Administrators or members may see additional metadata depending on how the Circle is configured. Do not share information in those spaces that you are unwilling for other members to observe under the product’s rules.

Public or shared prayer requests. If you post to the Prayer Wall or another shared surface, you are directing us to make that content available to the audience that surface is built for (which may include visitors on the web or a wide set of app users). Others may copy, screenshot, or remember what you post outside our control.

"Anonymous" or limited-name display. Some flows may hide your display name from certain viewers while still storing the request under your account on our systems. That lets you delete the request, remove it from the wall, change visibility, enforce blocks, comply with law, and protect the community. It does not mean the content is unassociated from your account in our databases, and it does not guarantee that every derived metric (for example aggregated reaction counts) can be erased from all historical analytics immediately.

Blocking. When you block another user (where available), we process identifiers needed to prevent the blocked interactions the product defines — for example hiding certain feed items, preventing direct reactions, or suppressing profile visibility between accounts. Blocking may not retroactively delete every historical log line; it is forward-looking enforcement on top of the Service’s data model.

Removing content. Where the app offers controls to remove a prayer request from the Prayer Wall or delete a request outright, we process those instructions as described in-product. Removal may take a short time to propagate to every cache, device, or partner system; backups may persist for a limited window consistent with Section 10.

5. How we collect information

We collect information:

• directly from you, such as when you create an account, edit your profile, join a Circle, post a request, type into an AI-assisted field, or adjust settings;
• automatically from your use of Prayer Shield;
• from platform billing systems and service providers involved in subscription management, analytics, authentication, cloud hosting, AI inference, and security.

6. Purposes of processing

We use personal information for the following purposes:

• to create and manage your account;
• to authenticate you and provide access to Prayer Shield;
• to manage subscriptions, purchases, trials, and entitlements;
• to operate faith-formation and habit features (including shields, daily prayer modes, streaks, verses, and companion flows as implemented in the app);
• to operate Prayer Circles, friends networking, notifications, encouragements, structured support requests, and emoji reactions;
• to operate public or shared prayer surfaces, including rendering feeds, aggregating reactions, and enforcing visibility or removal instructions;
• to operate AI-assisted features when you use them, including generating or refining text outputs;
• to enforce blocking, investigate abuse, and maintain the security and integrity of the Service;
• to analyze feature usage and improve the Service;
• to diagnose bugs, crashes, and performance issues;
• to provide customer support;
• to comply with legal obligations and enforce our terms.

We do not use your data for third-party advertising sales, and we do not sell your personal information.

7. Legal bases for processing

Where required by applicable law, we process personal data on one or more of the following legal bases:

• Performance of a contract: to provide the Service you request, including account access, subscription handling, Circles, the Prayer Wall, AI features you invoke, and core app functionality;
• Legitimate interests: to improve performance, understand product usage in aggregate, maintain security, troubleshoot issues, and protect users — where those interests are not overridden by your rights;
• Legal obligation: where processing is required to comply with applicable law;
• Consent: where consent is required by law for a specific processing activity.

8. Service providers, AI processing, and processing locations

We use the following categories of service providers to operate Prayer Shield:

• Adapty — subscription and entitlement management;
• Supabase — authentication, database storage, server-side logic, and related cloud infrastructure;
• PostHog — product analytics, app performance monitoring, funnel measurement, and crash analysis;
• Commercial AI model providers — for example OpenAI or other vendors we may use or rotate for reliability, safety, latency, or regional availability — to perform inference on the inputs you provide when you use AI-assisted features.

These providers process data on our behalf to support the Service. We require service providers to handle data under appropriate contractual and security obligations consistent with applicable law. GDPR requires controllers to use processors that provide sufficient guarantees and appropriate safeguards. GDPR.eu.

What we send for AI. When you trigger an AI-backed experience, we transmit the text or structured content needed to generate a response (for example your prompt, personalization fields, or selected mode), limited session or language metadata, and security-related identifiers our infrastructure requires. We do not use AI to replace private end-to-end messaging you do not have with us; there is no confidential "pastor–parishioner" relationship created solely because an output references Scripture or prayer language.

Model training. Where our commercial agreements allow, we instruct AI vendors to limit use of customer content for training public models. Vendors may still retain and process inputs for abuse monitoring, safety classifiers, fraud prevention, legal compliance, and service improvement as described in their policies, and may use de-identified or aggregated telemetry.

Outputs. AI-generated text can be mistaken, offensive, theologically incomplete, or inappropriate. You should review outputs before sharing them with others or treating them as guidance for high-stakes decisions.

Your information may be processed and stored in countries other than your own, depending on where our providers or infrastructure operate. Where required by law, we take steps intended to provide an appropriate level of protection for cross-border transfers.

9. Sharing of information

We do not sell personal information.

We do not share personal information with third parties for their own independent marketing purposes.

We may disclose personal information only in the following limited circumstances:

• to the service providers identified above, solely to operate and support Prayer Shield;
• to other users as directed by the product when you post to Circles, friends surfaces, or the Prayer Wall;
• if required by law, regulation, legal process, or governmental request;
• to protect the rights, property, safety, security, or integrity of Pinnacle River, our users, or others;
• in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality and legal protections.

10. Data retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

• maintain your account;
• provide subscription access and app functionality;
• operate Circles, friends features, Prayer Wall mechanics, emoji reactions, and AI logs tied to troubleshooting;
• resolve support requests and disputes;
• comply with legal, tax, accounting, or regulatory obligations;
• enforce our agreements.

Retention periods may vary by data type and legal requirement.

11. Account deletion and data deletion

If you delete your Prayer Shield account — where offered in-product — your Supabase account and associated account-data records we use for authentication and primary app persistence are deleted from active systems consistent with how the Service is engineered at the time of your request.

Data previously processed through PostHog and Adapty is not retained in a directly identifiable form tied to your deleted account. After account deletion, data in those systems is intended to be anonymized or disassociated so that it is no longer directly connected to you as an identifiable user through Prayer Shield, subject to vendors’ architectures and timelines.

Prayer Wall submissions you removed before deleting your account may already have been replicated to web caches, CDN edges, collaborators’ devices, or third-party scrapers outside our custody; we cannot control copies made by others on the open internet.

We may retain limited information only where required for legal, tax, accounting, security, fraud prevention, or compliance purposes. If you want to request deletion or have questions about the deletion process, you may contact us using the contact details below.

12. Your privacy rights

Depending on where you live, you may have rights regarding your personal information, including the right to:

• know what personal information we collect, use, and disclose;
• request access to the personal information we hold about you;
• request correction of inaccurate personal information;
• request deletion of your personal information;
• request a copy of certain personal information in a portable format;
• object to or restrict certain processing in some circumstances;
• withdraw consent where processing is based on consent;
• not be discriminated or retaliated against for exercising applicable privacy rights.

California privacy law includes rights to know, delete, correct, and not be retaliated against for exercising privacy rights. California DOJ.

To exercise any rights available to you, contact us at the email listed below. We may need to verify your identity before fulfilling certain requests, as contemplated by California privacy regulations. California DOJ.

13. Children’s privacy

Prayer Shield is not directed to children under the age at which parental consent is required under applicable law, and we do not knowingly collect personal information from such children. If you believe a child has provided personal information in violation of applicable law, contact us and we will take appropriate steps.

14. Data security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

15. Third-party platforms and store disclosures

If you download Prayer Shield through the Apple App Store or Google Play, additional disclosures about app privacy and data handling may appear in those storefronts. We aim to keep those disclosures accurate and up to date, including data collected directly by us and through third-party SDKs and service providers integrated into the app. Apple and Google both place responsibility for accurate disclosures on the developer. Apple Developer.

16. California notice

If you are a California resident, you may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including rights to know, correct, delete, and access certain information about our handling of personal information. California DOJ.

We do not sell personal information and do not share personal information for cross-context behavioral advertising as described under California law, based on the data practices described in this Policy.

17. International users

If you access Prayer Shield from outside the country where our systems or service providers are located, your information may be transferred to and processed in other jurisdictions. Where required, we use measures intended to support lawful international transfers.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last Updated" date above and take any additional steps required by applicable law.

19. Contact us

If you have questions, requests, or complaints regarding this Privacy Policy or our privacy practices, contact us at:

Pinnacle River LLC
Email:support@pinnacleriverllc.com

We aim to respond to privacy inquiries promptly and in accordance with applicable law.