Privacy Policy

Last Updated: January 2, 2026

1. Introduction

Welcome to FLUMC Daily Devotionals ("we," "our," or "us"). The Florida Conference of The United Methodist Church operates the mobile app FLUMC Daily Devotionals and the current series Awakened to Grace. We are committed to protecting your privacy and the privacy of children who use our app. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, display name, optional profile photo, birthdate (for age verification)
• Church Affiliation: Optional church selection for connecting with your local congregation
• Prayer Requests: Prayer content you choose to share
• Group Participation: Group memberships, messages, and discussions
• Content Interaction: Devotional content you read, likes, comments
• Parental Controls: Parental consent data and Kids Mode preferences

2.2 Automatically Collected Information

• Usage Data: App features used, screen views, session duration
• Device Information: Device type, operating system, app version
• Analytics: Aggregated usage patterns (via Google Analytics/Firebase Analytics)
• Product Analytics: User behavior and session recordings (via PostHog - privacy-protected)
• Crash Reports: Error logs for app stability (via Firebase Crashlytics)

2.3 Session Replay and Recording

We use PostHog Session Replay to help us improve the app experience:

• What We Record: Screen transitions, UI interactions, navigation flow
• What We DO NOT Record: All text inputs are masked, all images are masked, no personal data visible
• Purpose: Debug issues, improve user experience, understand user behavior
• Privacy Protection: Maximum masking settings - your typing and photos are never recorded
• Opt-Out: You can disable analytics in Settings → Privacy → Analytics
• Kids Mode: Session replay is completely disabled in Kids Mode

2.4 Information We Do NOT Collect

• We do NOT collect precise geolocation data
• We do NOT collect browsing history outside the app
• We do NOT sell your personal information to third parties
• We do NOT use your data for targeted advertising
• We do NOT expose personal information in session recordings (all masked)

2.5 Google Sign-In (Third-Party Authentication)

When you sign in with Google, we receive:

• Email address - Used for account authentication and recovery
• Display name - Used for your profile
• Profile photo - Used for your avatar

We do NOT receive from Google:

• Your birthdate or age
• Your phone number
• Your physical address
• Your contacts or calendar
• Access to your Google Drive or other Google services

Age Verification After Google Sign-In:

Google does not provide age information, so after signing in with Google, we ask you to provide your birthdate separately. This is required for COPPA compliance and age-appropriate feature access. Your birthdate is stored securely and used only for age verification purposes. It is never shared with Google or any third parties.

Your Control:

• Disconnect: You can disconnect your Google account at any time in Settings → Account → Connected Accounts
• Revoke Access: You can revoke our app's access through your Google Account settings at myaccount.google.com
• Delete Account: You can delete your account at any time, which removes all data including your Google sign-in connection

Google's Privacy Policy: When you use Google Sign-In, you're also subject to Google's Privacy Policy. We recommend reviewing it to understand how Google handles your data during authentication.

Data Security: Your Google credentials are never stored on our servers. Authentication is handled by Google using industry-standard OAuth 2.0 protocol. We only receive a secure token that allows us to verify your identity.

3. Kids Mode & COPPA Compliance

3.2 Data Collection in Kids Mode

When Kids Mode is active, we collect ONLY:

• Content completion status (which devotionals were read)
• Prayer interactions (prayers submitted in Kids Mode)
• Basic usage analytics (time spent in app)

We do NOT collect from children:

• Email addresses or contact information
• Photos or videos
• Precise location data
• Persistent identifiers for advertising

3.3 Content Filtering

Kids Mode automatically filters content to show only age-appropriate material:

• No user-generated content (prayers, comments) visible
• Only curated, age-appropriate devotionals accessible
• No social features (groups, discussions) available
• No external links or websites accessible

3.4 Parental Rights

Parents have the right to:

• Review: Request to see data collected from their child
• Delete: Request deletion of their child's data
• Refuse: Refuse further collection of their child's data
• Control: Enable/disable Kids Mode at any time

Contact us at: privacy@awakenedtograce.app

4. How We Use Your Information

• Provide Services: Enable prayer sharing, group participation, content delivery
• Church Connections: Help you connect with members of your local church congregation (optional feature)
• Age-Appropriate Experience: Use birthdate to provide age-appropriate content and features
• Improve App: Analyze usage to enhance features and user experience
• Communication: Send prayer notifications, group updates, app announcements
• Security: Detect and prevent fraud, abuse, or security threats
• Compliance: Comply with legal obligations (COPPA, state laws) and enforce our Terms

4.1 Church Affiliation Data

When you select a church during onboarding or in your settings:

• We store your church selection to show you church-specific groups and content
• Other members of your church may see your profile in church-specific features
• This is completely optional - you can use the app without selecting a church
• You can change or remove your church affiliation at any time in Settings
• Church information is not shared with third parties or used for advertising

5. How We Share Your Information

5.1 Public Information

Information you choose to make public:

• Public prayer requests (visible to all app users)
• Public group discussions (visible to group members)
• Display name and optional profile photo

5.2 Service Providers

We share data with trusted service providers:

• Firebase (Google): Authentication, database, analytics, crash reporting
• Google Analytics: Usage analytics and insights
• PostHog: Product analytics and session replay (privacy-protected)
• Cloud Storage: Secure storage of user-uploaded content
• OpenAI: Content moderation for text submissions
• Google Cloud Vision: Content moderation for image submissions

5.3 AI Content Moderation & Third-Party Sharing

What Content Is Screened

ALL user-submitted text and images are automatically screened for community safety:

• Text Content: Prayer requests, comments, group messages, posts, stories, and any written submissions
• Image Content: Profile photos, uploaded images, and any visual content you share

AI Services We Use

• OpenAI Moderation API: Screens text content for inappropriate language, hate speech, harassment, violence, sexual content, and other harmful material
• Google Cloud Vision API: Screens images for inappropriate visual content, explicit material, violence, and safety concerns

What Data Is Shared

Only your submitted content is shared with these AI services—NOT your personal information:

• ✓ The text or image you're submitting (for screening purposes only)
• ✗ Your name, email, or account information
• ✗ Your location, device information, or browsing history
• ✗ Any other personal data

Purpose of AI Screening

Content moderation helps us:

• Detect and prevent inappropriate, harmful, or offensive content
• Protect children using Kids Mode from exposure to unsuitable material
• Identify hate speech, harassment, bullying, and threatening behavior
• Flag violent, sexual, or graphic content
• Detect spam, scams, and malicious activity
• Maintain COPPA compliance for users under 13

Moderation Process

1. Submission: You submit content (prayer, comment, image, etc.)
2. AI Screening: Content is automatically sent to OpenAI or Google Cloud Vision for analysis
3. Instant Review: AI provides safety assessment within seconds
4. Approval or Flagging:
   • Safe content: Approved and posted immediately
   • Flagged content: Held for human moderator review
5. Human Review: Our moderation team reviews flagged content and makes final decisions

Data Retention by Third Parties

Content shared with AI services is subject to their data retention policies:

• OpenAI: Content sent to OpenAI Moderation API is retained for 30 days for abuse monitoring, then deleted. See OpenAI Privacy Policy
• Google Cloud Vision: Content is processed in real-time and not stored permanently. See Cloud Vision Data Usage

Your Consent

By using FLUMC Daily Devotionals and submitting content, you consent to:

• Automated AI screening of your submitted content
• Sharing your content with OpenAI and Google for safety screening
• Human moderator review if your content is flagged
• Potential rejection or removal of content that violates our Community Guidelines

You explicitly agree to these terms during onboarding when you accept the Community Covenant.

5.4 Enhanced Age Restrictions & Leadership Management

Age-Appropriate Group Restrictions

Groups can be restricted by age to ensure appropriate interactions:

• Youth Groups (13-18): Enhanced protection with adult leadership oversight
• Adult Groups (18+): Standard adult group management
• Mixed Groups (13+): Enhanced moderation and adult supervision
• All Ages: No restrictions but with enhanced safety measures

Content Safety & Moderation

• Age-Appropriate Content Filtering: AI-powered screening with age-appropriate content filtering
• Youth Content Approval: Youth content can require adult leader approval before posting
• Enhanced Moderation: Leadership oversight of all content in youth and mixed-age groups
• Safety Controls: Enhanced protection for vulnerable users

Direct Message Protection

• Youth Protection: Youth can be protected from adult contact through age-based restrictions
• Group DM Controls: Direct messages can be disabled for youth groups
• Leadership Oversight: Adult leadership oversight of youth communications
• Enhanced Safety: Enhanced safety controls for vulnerable users

Leadership Hierarchy & Oversight

• Super Admin: Platform-wide oversight and church leader assignment
• Church Leader: Church-level oversight and group leader assignment
• Group Leader: Group-level oversight and content moderation
• Adult Members: Standard adult group participation

Enhanced Parental Controls

• Group Participation Oversight: Parents can monitor and control their child's group participation
• Content Access Control: Parents can control their child's content access
• Enhanced Privacy: Enhanced privacy settings for minors with age-appropriate feature restrictions
• Parental Notification: Parents can be notified of concerning interactions or content

5.5 Legal Requirements

We may disclose information if required by law or to:

• Comply with legal process or government requests
• Protect rights, property, or safety of our users
• Prevent fraud or security threats

6. Data Security

We implement industry-standard security measures:

• Encryption: Data encrypted in transit (HTTPS/TLS) and at rest
• Authentication: Secure sign-in with Firebase Authentication
• Access Controls: Role-based permissions and security rules
• Monitoring: Continuous security monitoring and threat detection

7. Data Retention

• Account Data: Retained while your account is active
• Prayer Requests: Retained until you delete them
• Analytics: Aggregated data retained for up to 26 months
• Deleted Accounts: Data permanently deleted within 30 days

8. Your Rights & Choices

8.1 Access & Control

• View: Access your data in Settings → Profile
• Edit: Update your profile, preferences, or prayer requests
• Delete: Remove prayer requests, comments, or account
• Export: Request a copy of your data

8.2 Communication Preferences

• Manage push notifications in Settings → Notifications
• Opt out of marketing emails (spiritual content is not marketing)

8.3 Kids Mode Controls

• Enable/disable in Settings → Parental Controls
• Set content filters and time limits
• Review child's activity

9. Third-Party Services & Analytics

Our app uses these third-party services:

• Firebase (Google): Authentication, database, storage - Privacy Policy
• Google Analytics: Usage analytics and insights - Privacy Policy
• PostHog: Product analytics and session replay - Privacy Policy
• Sign in with Apple: Authentication - Privacy Policy
• Google Sign-In: Authentication - Privacy Policy
• OpenAI: AI content moderation - Privacy Policy
• Google Cloud Vision: Image moderation - Data Usage

9.1 Analytics & Session Replay Transparency

We use two analytics services:

• Google Analytics: Standard usage analytics, events, user behavior insights
• PostHog: Product analytics and session replay with maximum privacy protection
  • Session recordings captured (screen transitions, UI interactions)
  • All text inputs MASKED in recordings
  • All images MASKED in recordings
  • No personal information visible in recordings
  • Can be disabled in Settings → Privacy → Analytics

9.2 Your Analytics Controls

You can control analytics in Settings → Privacy:

• Enable/Disable Analytics: Turn off all analytics data collection
• Kids Mode: Analytics automatically disabled (including session replay)
• Opt-Out: Fully opt out while still using the app

10. International Users & Data Transfers

Our app is available globally. Data may be transferred to and processed in:

• United States: Firebase servers, Google Analytics, PostHog US cloud
• European Union: GDPR-compliant data processing
• Other Countries: Where our service providers operate

GDPR Compliance: For EU users, we use Standard Contractual Clauses (SCCs) and ensure GDPR-compliant data processing with all third-party services including Firebase, Google Analytics, and PostHog.

11. California Privacy Rights

California residents have additional rights under CCPA:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale of personal information (we do not sell data)

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via:

• In-app notification
• Email to registered users
• Updated "Last Modified" date at the top

13. Contact Us

Questions about this Privacy Policy or your data?

• Email: privacy@awakenedtograce.app
• Support: support@awakenedtograce.app
• In-App: Settings → Help & Support → Contact Us

Legal & Privacy Center | Terms of Service | Kids Mode Privacy | Back to App