Privacy Policy

1. Introduction

This Privacy Policy explains how GGWP Group Ltd. ("Company", "we", "us", or "our") collects, uses, stores, and protects your personal data when you use the Gethsemane mobile application ("App").

We are committed to protecting your privacy and processing your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable data protection laws.

By using the App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the App.

2. Data Controller

The data controller responsible for your personal data is:

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your data protection rights, please contact us using the details above.

3. Data We Collect

We collect and process the following categories of personal data:

3.1 Account Data

When you use the App, an anonymous account is automatically created. If you choose to link your account with Google or Apple Sign-In, we collect:

• Name (as provided by your Google or Apple account)
• Email address
• Account identifier from the authentication provider
• Authentication tokens (stored securely and used only for session management)

3.2 Journal Entries

Your journal entries (text you write in the App) are stored locally on your device in an encrypted SQLite database (SQLCipher with AES-256 encryption). Journal entries are never stored on our servers.

However, when you create an entry, your journal text is temporarily transmitted to our servers for AI processing. The text is used to generate mood analysis, Bible verse recommendations, prayers, tags, and song/reading recommendations. Your journal text is not retained on our servers after processing is complete.

3.3 Device Identifiers

We collect a device identifier to manage free trial eligibility and subscription verification:

• iOS: Vendor Identifier (identifierForVendor), which is unique to the App on your device and resets if you reinstall the App
• Android: Android ID, a device-specific identifier

This identifier is used to enforce the one-trial-per-device policy, to associate your device with your subscription, and as a fallback user identifier for subscription services when you have not linked a social account.

3.4 Session and Connection Data

When you interact with our servers, we may automatically collect:

• IP address
• User agent (device type, operating system, app version)
• Timezone
• Approximate geolocation derived from your IP address (city, country, region, latitude, longitude), as provided by our infrastructure provider (Cloudflare)

This data is collected as part of standard server operations, used for session management and security purposes, and stored in our session records.

3.5 Analytics Data

We use PostHog, a product analytics platform, to collect usage data that helps us improve the App. Analytics data is routed through our own proxy server (n.gethsemane.app) and is not shared with third-party advertising networks. We collect:

• App lifecycle events: App opens, background/foreground transitions
• Screen views: Which screens you visit within the App
• Touch interactions: General touch activity on UI elements (used for UX analysis, no keystrokes or text content is captured)
• Feature usage events: Entry creation (entry length and language, not content), onboarding completion, paywall views, subscription events, theme/language changes, data export/import actions, account linking/deletion
• Error events: Application exceptions for debugging purposes

Analytics data is associated with your user ID (if linked) or with an anonymous identifier. We do not track the content of your journal entries through analytics.

3.6 AI Processing Data

When you create a journal entry, the following data is sent to our servers for AI processing:

• Your journal entry text
• Your language preference (locale)

For operational monitoring, we log metadata about AI requests, including input/output token counts, processing latency, and cost. We do not persistently store the content of your journal entries on our servers.

3.7 Subscription and Payment Data

Subscription purchases are processed entirely through the Apple App Store or Google Play Store. We do not directly collect or store your payment information (credit card numbers, bank details, etc.).

We use RevenueCat to manage subscriptions and verify entitlements. RevenueCat receives your app user identifier (your linked account ID or device identifier) and subscription status information from Apple or Google.

4. Data We Do Not Collect

For clarity, the App does not collect:

• Precise GPS location data
• Photos, camera data, or media files
• Contacts or address book data
• Biometric data (Face ID / fingerprint data is processed entirely on-device by the operating system and never transmitted to us)
• Health or fitness data from Apple Health or Google Fit
• Advertising identifiers (IDFA/GAID)
• Data from other apps on your device
• Microphone or call data

5. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data on the following legal bases:

Where we rely on legitimate interest, we have conducted a balancing test to ensure that your rights and freedoms are not overridden. You have the right to object to processing based on legitimate interest at any time (see Section 9).

6. How We Use Your Data

We use the data we collect for the following purposes:

• Providing the service: Processing journal entries through AI to generate mood analysis, Bible verses, prayers, and recommendations
• Account management: Creating and managing your account, authenticating your identity, and managing sessions
• Subscription management: Verifying your subscription status, managing trial periods, and preventing trial abuse
• Product improvement: Analysing anonymised usage patterns to improve the App's features, performance, and user experience
• Security: Detecting and preventing fraud, abuse, prompt injection attacks, and other harmful activities
• Technical operations: Debugging errors, monitoring server performance, and ensuring service reliability

7. Third-Party Services and Data Sharing

We share personal data with the following categories of third-party service providers, strictly for the purposes described below. We do not sell your personal data to any third party.

7.1 Cloudflare (Infrastructure)

Our backend services run on Cloudflare Workers. Cloudflare processes your requests and may have access to IP addresses, connection metadata, and data stored in our Cloudflare D1 database (account data, session data, trial records) and KV storage (subscription status cache).

Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/

7.2 Replicate (AI Processing)

Your journal entry text is sent to Replicate's servers for AI processing. Replicate processes the text to generate mood analysis, Bible verses, prayers, tags, and recommendations. The text is transmitted via our Cloudflare Workers backend and is not retained by Replicate beyond the processing request (subject to Replicate's data processing terms).

Replicate's privacy policy: https://replicate.com/privacy

7.3 PostHog (Analytics)

We use PostHog for product analytics. Analytics events are routed through our own proxy server and include usage patterns, feature interactions, and error reports. PostHog does not receive the content of your journal entries.

PostHog's privacy policy: https://posthog.com/privacy

7.4 RevenueCat (Subscriptions)

RevenueCat manages our subscription infrastructure. It receives your app user identifier (linked account ID or device identifier) and subscription information from Apple or Google to verify your entitlements.

RevenueCat's privacy policy: https://www.revenuecat.com/privacy

7.5 Apple and Google (Authentication and Payments)

If you link your account with Google or Apple Sign-In, authentication data is exchanged with the respective provider. All subscription payments are processed by Apple (App Store) or Google (Play Store). We do not have access to your payment details.

• Apple's privacy policy: https://www.apple.com/legal/privacy/
• Google's privacy policy: https://policies.google.com/privacy

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy:

• Account data: Retained until you delete your account
• Session data: Retained for the duration of your active session; expired sessions are periodically purged
• Trial records: The device identifier associated with your trial is retained to prevent trial abuse, even after account deletion. No other personal data is linked to this record
• Journal entries: Stored locally on your device; deleted when you delete your account or uninstall the App
• AI processing data: Journal text is processed in real-time and is not retained on our servers
• Analytics data: Retained in accordance with our PostHog configuration and data retention policies
• Subscription data: Retained by RevenueCat, Apple, and Google in accordance with their respective retention policies

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

• Right of access (Art. 15): You have the right to request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You have the right to request correction of inaccurate personal data.
• Right to erasure (Art. 17): You have the right to request deletion of your personal data. You can exercise this right directly through the App's account deletion feature, which deletes your account data from our servers and all local data from your device.
• Right to restriction of processing (Art. 18): You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format. The App provides a data export feature that allows you to export your journal entries as an encrypted database file.
• Right to object (Art. 21): You have the right to object to processing based on legitimate interest, including analytics and device fingerprinting for trial management.
• Right to withdraw consent: Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: You have the right to lodge a complaint with your local supervisory authority if you believe that the processing of your personal data infringes the GDPR.

To exercise any of these rights, please contact us at support@gethsemane.app. We will respond to your request within 30 days, as required by the GDPR.

10. Rights for California Residents (CCPA/CPRA)

If you are a resident of California, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you additional rights:

• Right to know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes for collecting, and the categories of third parties with whom we share your data.
• Right to delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to opt-out of sale: We do not sell your personal information. We do not share your personal information for cross-context behavioural advertising.
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
• Right to correct: You have the right to request correction of inaccurate personal information.
• Right to limit use of sensitive personal information: Your journal entries may constitute sensitive personal information under the CCPA. This data is stored locally on your device and only transmitted temporarily for AI processing as described in this policy.

To exercise these rights, please contact us at support@gethsemane.app.

11. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where some of our third-party service providers are based. When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:

• European Commission adequacy decisions (for transfers to countries deemed to provide adequate protection)
• Standard Contractual Clauses (SCCs) approved by the European Commission
• The EU-U.S. Data Privacy Framework, where applicable

For more information about the safeguards in place for international data transfers, please contact us.

12. Children's Privacy

The App is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and you believe that your child under the age of 13 has provided us with personal data, please contact us immediately at support@gethsemane.app.

If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we will take steps to delete that information as quickly as possible.

13. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Local encryption: Journal entries are stored in a SQLCipher-encrypted database (AES-256) on your device
• Secure credential storage: Authentication tokens and database encryption keys are stored in your device's secure enclave (iOS Keychain / Android Keystore)
• Transport encryption: All data transmitted between the App and our servers is encrypted using HTTPS/TLS
• Access controls: Server-side data access is restricted and protected by authentication and authorisation mechanisms
• Rate limiting: API endpoints are rate-limited to prevent abuse (10 requests per minute per user for AI endpoints)
• Input validation: Automated prompt injection detection protects against malicious input to AI systems
• Optional biometric lock: Users can enable Face ID, fingerprint, or device PIN to protect access to the App. Biometric processing occurs entirely on-device; no biometric data is ever transmitted to our servers

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to implementing and maintaining industry-standard protections.

14. Cookies and Tracking Technologies

The App is a native mobile application and does not use browser cookies. However, we use the following tracking technologies:

• PostHog SDK: Collects analytics data including app lifecycle events, screen views, touch interactions, and custom events as described in Section 3.5
• Device identifiers: We use platform-provided device identifiers (iOS Vendor ID / Android ID) for trial management and subscription verification as described in Section 3.3
• Secure local storage: We use on-device secure storage (iOS Keychain / Android Keystore) and key-value storage to persist your preferences (theme, language, onboarding state)

We do not use advertising identifiers, third-party tracking pixels, or cross-app tracking technologies. Analytics data is routed through our own proxy server and is not shared with advertising networks.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Where appropriate, notify you through the App

We encourage you to review this Privacy Policy periodically. Your continued use of the App after any changes constitutes your acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions or concerns about this Privacy Policy, our data practices, or your personal data, please contact us at:

Data Protection Officer (if applicable): support@gethsemane.app

If you are not satisfied with our response to your privacy concern, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en.