Privacy Policy

[Your Company Name] ("we," "our," or "us") operates Rooted. This Privacy Policy explains what personal data we collect, how we use and protect it, and the choices you have. By using the App, you agree to the practices described here.

We do not sell your personal data to third parties.

Account and profile data

• Email address
• Name
• Gender
• Relationship status
• Faith level (self-reported)
• Preferred Bible translation

App activity data

• Prayer journal entries
• Scripture memory progress and verse selections
• Intimacy prompt responses (stored and processed using a double-blind matching system — your individual responses are never directly disclosed to your partner)
• Conversation card history
• Couple pairing data (linked partner account reference)
• Streak data and engagement counts
• Badge and achievement progress

Technical data

• Device and browser type, collected automatically by Supabase when you authenticate
• Service worker cache data stored locally on your device for offline functionality (this data does not leave your device)

Payment data

If you subscribe, payment is processed by Stripe. We do not store your full card number or CVV. We receive a Stripe customer ID and subscription status from Stripe after a successful transaction.

Analytics

We do not currently use any third-party analytics or advertising trackers.

• Provide the service — to authenticate you, display your content, enable couple pairing, and deliver personalized growth experiences.
• Improve the App — to understand feature usage at an aggregate level and fix issues.
• Process payments — to manage subscriptions and billing through Stripe.
• Communicate with you — to send account-related emails (password resets, subscription receipts). We will not send marketing emails without your explicit consent.
• Comply with legal obligations — to respond to lawful requests from courts or government authorities.

All user data is stored in Supabase, a cloud database and authentication platform hosted on Amazon Web Services (AWS) infrastructure. Data is encrypted in transit (TLS) and at rest. Supabase's data processing practices are described at supabase.com/privacy.

Service worker cache data (used to enable offline access) is stored locally on your device only and is not transmitted to our servers.

We share your data only in the following limited circumstances:

• Supabase — our database and authentication provider, acting as a data processor on our behalf.
• Stripe — our payment processor. Stripe receives payment information you provide at checkout. Stripe's privacy policy is at stripe.com/privacy.
• Your paired partner — certain shared activity data (streaks, journey progress, conversation card history, double-blind intimacy match results) is visible to your paired partner as a core feature of the App. Intimacy prompt raw responses are never shared directly.
• Legal requirements — we may disclose data if required by law, court order, or to protect the safety of our users or the public.

We do not share your data with advertisers, data brokers, or any other third parties.

Rooted is not designed for, marketed to, or directed at children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at [contact email] and we will delete it promptly.

• Access and correction — you can view and update your profile information at any time through account settings.
• Data deletion — you can delete your account through account settings. Deleting your account will permanently remove your profile, journal entries, activity data, and pairing associations. Stripe billing records may be retained as required by financial regulations.
• Export — to request a copy of your data, contact us at [contact email].
• Withdraw consent — where we rely on consent to process your data, you may withdraw it at any time. Withdrawal does not affect processing that occurred prior to withdrawal.

Depending on your location (e.g., EU/EEA, California), additional rights may apply. Contact us at [contact email] to exercise any of these rights and we will respond within 30 days.

We retain your data for as long as your account is active or as needed to provide the service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., financial records).

We take reasonable technical and organizational measures to protect your data, including TLS encryption in transit, encryption at rest via Supabase/AWS, and access controls limiting which personnel can access production data. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For material changes, we will provide notice through the App or by email. Continued use of the App after changes are posted constitutes your acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: [contact email]

You may also write to us at: [Your Company Name]