Legal
Privacy Policy
Last updated: June 14, 2026
The short version
Prayora is a private space between you and God. We take that seriously, both spiritually and technically.
- Your prayers, declarations, and the feelings you share are encrypted at rest and are never sold.
- We use a small number of trusted service providers to make the app work (for example, to generate a prayer or play worship music).
- We only use your prayer content to improve our AI if you explicitly opt in — and you can opt out at any time.
- You can export all of your data or permanently delete your account and everything in it, at any time, from within the app.
The sections below explain this in full. If anything is unclear, email us at privacy@prayora.app.
1. Who we are
Prayora (“Prayora,” “we,” “us,” or “our”) provides the Prayora mobile application and related website (together, the “Service”). For the purposes of data protection law, Prayora is the data controller of the personal information described in this policy. [REVIEW: insert the registered legal entity name, address, and — if applicable — EU/UK representative and Data Protection Officer contact.]
2. Information we collect
We collect only what we need to provide the Service.
Account information. Your email address, a securely hashed password, and (optionally) your name.
Prayer content (sensitive). The moods and free-text feelings you enter, the situations or goals you share, the prayers and declarations generated for or by you, the scriptures shown to you, and the names of people you choose to pray for. Because this content can reveal your religious beliefs and emotional state, we treat it as a special category of personal data and protect it accordingly (see “How we protect your data”).
Usage & preferences. Your prayer history, streaks, saved declarations, bookmarks, notification times, preferred prayer voice and Bible translation, intentions, and weekly goals.
Subscription information. Whether you have an active subscription and related plan/status, processed through our payments provider (RevenueCat and the Apple App Store / Google Play). We do not receive or store your full payment card details.
Device & technical data. A push-notification token (if you enable notifications), and limited technical/diagnostic data such as error reports and, transiently, your IP address (used to select a regional music catalog and for security; it is not stored alongside your prayers).
3. How we use your information
- To create your account and provide the core prayer experience.
- To generate prayers, declarations, scripture selections, daily words, and worship recommendations tailored to what you share.
- To maintain your prayer history, streaks, and saved declarations across your devices.
- To send the notifications you have enabled.
- To manage subscriptions and premium features.
- To keep the Service secure, prevent abuse, fix bugs, and comply with legal obligations.
- To improve our AI models — only if you have given explicit, opt-in consent (see “AI and your prayers”).
4. AI and your prayers
To create a prayer, declaration, or daily word, the relevant content you provide is sent securely to our AI provider (Anthropic) for processing. If you use voice playback, prayer text is sent to our text-to-speech provider (OpenAI). These providers process the content to return a result and act as our processors under contract.
We do not use your prayer content to train AI models unless you opt in. Training-data capture is off by default. You can turn it on or off at any time under Settings. When it is off, we do not retain prompt content for model-improvement purposes; when it is on, the captured content is stored encrypted and used only to improve the prayer experience.
6. How we protect your data
Your prayer and declaration content is encrypted at rest using AES-256-GCM, and all data is transmitted over encrypted connections (HTTPS). Access to production systems is restricted. While no system can be guaranteed perfectly secure, we design Prayora so that your most sensitive content is protected by default.
Note that our AI and text-to-speech providers necessarily process your prayer content in unencrypted form at the moment of generation in order to produce a result; we do not store it in plain form.
7. Legal bases (EEA/UK users)
Where the EU/UK GDPR applies, we rely on the following legal bases:
- Performance of a contract — to provide the Service you sign up for.
- Explicit consent — for processing your prayer content (special-category data) and for optional AI training. You may withdraw consent at any time.
- Legitimate interests — to secure the Service, prevent abuse, and improve reliability.
- Legal obligation — where we must retain or disclose data to comply with the law.
8. Data retention
We keep your account and prayer history for as long as your account is active. (Some history-viewing features are limited by your plan, but your data is retained until you delete it.) When you delete your account, we permanently delete your personal data, including your prayers and declarations, except where we are required to retain limited records to comply with legal obligations. [REVIEW: confirm any legally-required retention periods, e.g. for payment records.]
9. Your rights and choices
You can export all of your data and permanently delete your account at any time from within the app. Depending on where you live, you may also have rights to access, correct, restrict, or object to certain processing, to data portability, and to withdraw consent.
- Access & portability: request a copy of your data (also available as an in-app export).
- Deletion: delete your account and all associated content in-app, or by contacting us.
- Consent: turn AI-training consent and notifications on or off at any time in Settings.
To exercise any right, email privacy@prayora.app. You also have the right to lodge a complaint with your local data protection authority.
10. International data transfers
We and our service providers may process your information in countries other than your own, including the United States. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for these transfers. [REVIEW: confirm transfer mechanisms with counsel.]
11. Children
Prayora is not directed to children under 13 (or the minimum age required in your country), and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.
12. U.S. state privacy rights
If you are a resident of a U.S. state with applicable privacy laws (such as California), you may have rights to know, access, delete, and correct your personal information, and to not be discriminated against for exercising them. We do not sell or “share” personal information as those terms are defined under such laws. [REVIEW: confirm state-specific disclosures.]
13. Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify you in the app or by email and update the date above. Continued use of the Service after changes take effect means you accept the updated policy.
14. Contact us
Questions, requests, or concerns? Email privacy@prayora.app. [REVIEW: add postal address and EU/UK representative if required.]