Blissful Catholic — Privacy Policy
Effective: [Date — fill in when publishing]
Blissful Catholic ("we," "us," "our," or "the app") helps Catholics walk through each day with prayer, the liturgical calendar, scripture, the saints, and personal reflection. This Privacy Policy explains what information we collect, how we use it, and the choices you have. We've tried to write it in plain language.
If you have questions, contact us at [privacy@blissfulcatholic.com — replace with your real email].
The short version
- We collect only what the app actually needs to work.
- Most of your data — your journal entries, intentions, rosary history, prayer sessions — lives only on your device.
- When you sign in, we store your email and authentication state with our auth provider so you can use AI features.
- When you use an AI feature, we send the relevant content to our backend, which forwards it to Anthropic for processing. Anthropic does not train on data sent through their API.
- We don't run analytics SDKs, advertising SDKs, or third-party trackers in the app.
- We don't sell your data.
- You can sign out, delete the app, or contact us to delete your account data at any time.
1. What we collect
Information you provide directly
Account information — collected when you sign in:
- Your email address
- Authentication identifiers from Apple Sign-In or Google Sign-In if you choose those methods
- A unique user ID generated by our authentication provider (Supabase)
- Authentication session tokens
Profile information — provided during onboarding or in the You tab:
- Your name (as you wish to be addressed)
- How you came to the Catholic faith (e.g., raised Catholic, convert, returning)
- Your state in life (e.g., lay, religious)
- Where you see yourself on your faith journey
Information that stays on your device
The following stays in local storage on your iPhone, using Apple's SwiftData framework, and is not uploaded to our servers unless you explicitly use a feature that requires it:
- Journal entries (text, tags, dates)
- Prayer intentions (text, "prayed today" timestamps, counts)
- Rosary completions (mystery set, dates)
- Prayer session logs (date, feature, optional notes)
- The day's AI-generated reflection, cached for offline display
If you sign out or delete the app, this data is removed from your device. We do not back it up to our servers.
Sensitive content notice
Your journal entries and any confession preparation drafts are private spiritual writing. We treat them as sacred. They live only on your device unless you explicitly take an action that involves sending them to our backend (described below in §2).
Confession preparation is not the Sacrament. The app does not absolve, simulate absolution, or replace sacramental confession. The "Prepare for Confession" feature offers an AI-assisted examination of conscience to help you bring concerns to a priest. Anything you type stays on your device and is sent only when you request an AI response, for that single response.
Information we collect when you use AI features
When you use an AI feature — the home-screen daily reflection card, "Reflect with your companion," Lectio Divina on a Mass reading, saint reflection, Rosary mystery reflection, Catechism question, journal insight, or confession preparation — we send the following to our backend, which forwards it to Anthropic's Claude API for processing:
- The user message or prompt you generate
- A short "personalization fragment" derived from your profile (state in life, faith maturity, Catholic background, current liturgical season)
- For Gospel-grounded features, the relevant scripture passage from our bundled public-domain translation
- For saint reflections, the saint's bundled biographical text
- For journal insights, the contents of the journal entry you choose to reflect on
- For confession preparation, the prompt you submit
We log the count of tokens consumed by each AI request to our database, along with which feature you used and a timestamp. We use this for rate-limiting and cost control. We do not log the contents of your prompts or the AI's responses in our database.
Anthropic processes your request and returns a response. Anthropic's data handling is governed by their published privacy and usage policies. We have chosen Anthropic specifically because, by default, they do not train their models on data submitted through their API.
Information collected automatically
When your device contacts our backend (blissfulcatholic.com), our hosting provider (Vercel) automatically receives standard web request metadata: IP address, timestamp, requested URL, user agent string. This is normal web server logging, used for security, debugging, and operational analytics. Retention is governed by Vercel's default policies.
What we do not collect
We do not include in the app:
- Analytics SDKs (no Firebase Analytics, Mixpanel, Amplitude, Segment, PostHog, or similar)
- Advertising SDKs or any advertising identifiers
- Crash reporting tools that include personal data
- Third-party social-sharing or tracking pixels
- Location services
- Microphone or camera access
We do not collect, infer, or store payment information. (If we add a paid subscription in a future version, this Policy will be updated and you'll be informed.)
2. How we use your information
We use what we collect only for the following purposes:
| Purpose | Information used |
|---|---|
| Letting you sign in and stay signed in | Email, auth tokens, user ID |
| Personalizing AI responses to your spiritual context | Profile fields, prompt content |
| Rate-limiting AI usage to prevent abuse and control costs | User ID, AI request counts, timestamps, token counts |
| Diagnosing technical issues and debugging | Standard server logs |
| Responding to your support requests | Whatever you share with us when you contact us |
We do not use any of this for advertising or for profiling beyond what is required to deliver the app's features.
3. Who we share information with
We share information only with service providers necessary to operate the app, each acting as a processor on our behalf. None of them are permitted to use your data for their own purposes (beyond providing their service to us and complying with their own legal obligations).
| Provider | Role | Information they receive |
|---|---|---|
| Supabase (United States) | Authentication, database hosting | Account email, auth tokens, user ID, AI usage counts and timestamps |
| Vercel (United States) | Backend hosting (Next.js API routes) | Standard web request metadata |
| Anthropic (United States) | AI model processing | The contents of your AI prompts and the AI's responses, as described in §1 |
| Apple | iOS platform services and optional Apple Sign-In | Whatever you provide through the platform; governed by Apple's privacy policy |
| Optional Google Sign-In | Whatever you provide through the platform; governed by Google's privacy policy |
We do not sell your data. We do not share it with advertisers, data brokers, or marketers. We will share information with law enforcement only when required by valid legal process, and we will challenge requests that we believe to be improper.
4. Children's privacy
Blissful Catholic is intended for users 13 years of age or older. We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe your child under 13 has provided us with personal information, contact us at the email above. We will delete the information as soon as we verify the request.
5. Your rights and choices
Regardless of where you live, you can:
- View your profile information by signing in to the app and opening the You tab
- Edit your profile via the Edit Profile screen
- Delete your local data by signing out of the app or deleting the app from your device
- Delete your account by contacting us at the email above; we will remove your account data from our backend within 30 days
- Stop using AI features at any time — they are entirely optional. Most of the app (verse hero, readings, saint card, intentions, journal, rosary, streak) works without ever using AI
Additional rights for residents of the European Economic Area, the United Kingdom, or California
If you are located in the EEA, UK, or California, you have additional rights under applicable laws (GDPR, UK GDPR, CCPA / CPRA), including rights to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Delete your personal data
- Restrict or object to certain processing
- Port your data to another provider
- (California) Know what categories of personal information we collect, sell, or share — we do not sell or share personal information in the sense defined by CCPA / CPRA
To exercise any of these rights, contact us at the email above. We will respond within the timeframes required by applicable law (generally one month under GDPR, 45 days under CCPA).
6. Security
We use industry-standard practices to protect your information:
- All network communication between the app and our backend uses HTTPS / TLS
- Authentication is managed by Supabase (industry-standard JWT, refresh tokens, password hashing)
- Server-side authorization checks run on every API call before any data is read or written
- Data on your device is protected by iOS's built-in encryption when your device is locked
No system is perfectly secure. If we ever become aware of a security incident affecting your personal information, we will notify you and applicable authorities as required by law.
7. International data transfers
Our service providers (Supabase, Vercel, Anthropic) are based in the United States. If you use the app from outside the United States, your data will be transferred to and processed in the US.
For users in the EEA and UK, we rely on the EU Standard Contractual Clauses, UK Addendum, and other safeguards published by these providers for international transfers.
8. Data retention
| Category | Retention |
|---|---|
| Local data on your device (journal, intentions, rosary logs, prayer sessions) | Until you delete the app or clear app data |
| Account data (email, user ID, profile) on our backend | While your account exists; deleted within 30 days of an account deletion request |
| AI usage records (token counts, timestamps, feature key, user ID) | Up to 60 days, then deleted |
| Server access logs at our hosting provider | Per Vercel's default retention |
9. Changes to this Policy
We may update this Policy from time to time — for example, when we add new features, change service providers, or respond to new legal requirements. When we do, we will update the "Effective" date at the top of this page.
For changes that materially affect how we collect or use your personal information, we will notify you within the app and require your consent where the law requires it.
10. How to contact us
If you have questions about this Privacy Policy, want to exercise any of your rights, or wish to make a complaint, please contact us:
Email: [privacy@blissfulcatholic.com — replace with your real email]
For users in the EEA: if you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.
This Privacy Policy is provided in good faith to describe our actual practices. We will review and update it as the app evolves.