Legal
Privacy Policy
Effective date: to be set at v1.0 launch. Plain-English version: we don't collect your data. Period.
Living On Grace (“LOG”, “we”, “us”) is built on a simple principle: your spiritual journey is between you and God, and we don't watch it.
- We do not collect personal data unless you explicitly enable cloud sync.
- We do not use advertising or analytics SDKs.
- We do not sell, share, or rent data to third parties.
- We do not require an account to use the app.
- You can export everything. You can delete everything. At any time.
That is the policy. The rest of this document spells it out for legal and regulatory clarity.
1. Who we are
Living On Grace is an open-source spiritual-health app maintained by Makinda Jackson and contributors. The project is incorporated as: to be filled in at incorporation — until then, the maintainer holds responsibility as a sole proprietor.
Contact: support@livingongrace.app
Data Protection Officer (DPO): the maintainer, contactable at the same address.
2. What we collect — and what we don't
When you use the app without enabling cloud sync (default mode)
| Data type | Collected? | Where it lives |
|---|---|---|
| Mood check-ins | Only on your device | Local DB |
| Journal notes | Only on your device | Local DB |
| Prayer journal entries | Only on your device | Local DB |
| Gratitude entries | Only on your device | Local DB |
| Favorite verses | Only on your device | Local DB |
| Settings / preferences | Only on your device | Local DB |
| Email / name / phone | Not collected | — |
| Location | Not collected | — |
| Device identifier | Not collected | — |
| Usage analytics | Not collected | — |
| Crash reports | Only if you explicitly enable | Sentry (anonymized) |
When you enable cloud sync
| Data type | Collected? | Notes |
|---|---|---|
| Hashed email | Yes (for sign-in lookup) | sha256(email); plaintext email is never stored. |
| Mood check-ins (mood/timestamp/category) | Yes | Server-side, encrypted in transit. |
| Journal, prayer, gratitude text | Yes (encrypted client-side) | The server only ever sees ciphertext. |
| Settings | Yes | For multi-device sync. |
| Crash reports | Only if separately enabled | Sentry. |
What we never collect — even with sync enabled
- Real name, phone number, postal address, date of birth, gender.
- Religious denomination or demographic identifiers.
- Browsing behavior outside the app.
- Contacts, photos, microphone, camera, location.
- Device fingerprints.
- Behavioral analytics (taps, scrolls, dwell time).
3. Why we collect (lawful basis)
For the minimal cloud-sync data, the lawful basis under GDPR is performance of a contract (the sync service you opted into).
For the optional crash reports, the lawful basis is consent — you can revoke at any time in Settings.
We do not rely on “legitimate interest” to collect data the user didn't explicitly ask for.
4. How we use your data
Cloud-synced data is used only to:
- Synchronize your data across your own devices.
- Allow you to restore your data on a new device.
It is not used to:
- Build a profile of you.
- Train AI/ML models.
- Suggest products or features.
- Send you communications of any kind.
5. Sharing
We share data with:
| Third party | What | Why |
|---|---|---|
| Supabase (sync only) | Encrypted records | Hosting the sync service. |
| Apple (iOS users) | Push notification tokens | Sending opt-in notifications. |
| Google (Android users) | Push notification tokens | Same as Apple. |
| Huawei (HMS users) | Push notification tokens | Same. |
| Sentry (crash reporting users) | Anonymized crash logs | Diagnosing app crashes. |
| bible.helloao.org | Anonymous HTTP requests for scripture data | Fetching Bible text. |
That is the complete list. We do not share with advertisers, data brokers, marketing platforms, social networks, or any other third party. Each subprocessor's data-processing agreement is documented in subprocessors.md.
6. International transfers
If you live in the EU/UK and enable cloud sync, your data may be processed in the Supabase EU region by default. Sentry (if enabled) processes in the EU region. Standard Contractual Clauses (SCCs) are in place where any transfer outside the EEA might occur. If we cannot guarantee EU residency for your data, sync will be disabled automatically and you will be informed.
7. Retention
| Data | Retention |
|---|---|
| Local data on your device | Until you delete it. |
| Cloud-synced data | Until you disable sync or delete your account (then deleted within 24 hours). |
| Tombstones | 30 days post-deletion, then permanently removed. |
| Crash reports (if enabled) | 90 days, then deleted. |
| Email contact records | Until the issue is resolved + 90 days. |
8. Your rights
Regardless of your jurisdiction, you have the following rights:
- Right to access — Settings → Export my data. One-tap JSON of everything.
- Right to deletion — Settings → Delete my data. One-tap full wipe.
- Right to correction — All your data is editable in-app at any time.
- Right to portability — The export is in plain JSON; readable by any tool.
- Right to object — Disable sync, disable notifications, disable crash reporting. Use the app offline forever.
- Right to withdraw consent — Any opt-in you made can be reversed in Settings.
If a right cannot be satisfied via the app itself, write to support@livingongrace.app and we will respond within 30 days.
You also have the right to complain to your local data protection authority (e.g. the ICO in the UK, your state DPA in the EU, the CNIL in France).
9. Children
LOG is not specifically directed at children under 13. We do not knowingly collect data from children under 13. The app contains no advertising and is rated 4+ / Everyone.
If a parent believes their child under 13 is using sync with personal data, they may request deletion at support@livingongrace.app. We comply with COPPA in the US.
10. Security
- All data in transit uses TLS 1.2+.
- Sensitive synced fields (journal/prayer text) are encrypted client-side with a key derived from your password (Argon2id + AES-256-GCM).
- On-device data uses platform-native encryption (iOS Data Protection, Android EncryptedSharedPreferences / SQLCipher where supported).
- No personal data is stored in plaintext on our servers.
11. Changes to this policy
If we materially change this policy, we will:
- Update the “Effective date” at the top.
- Show an in-app notice on next launch.
- Allow you to review the changes before they apply.
- Never apply changes retroactively to data already collected under an older policy.
A diff of every change is recorded in the project's public decision log.
12. Contact
For questions, requests, or complaints:
- Email:
support@livingongrace.app - Response time: 30 days maximum; usually within 7.
“The Lord is my shepherd; I shall not want.”Psalm 23:1 — your data is not the price of your peace.