🌱 Flourish
Privacy Policy
Last updated: June 18, 2026
1. Information We Collect
- Account data: Name, email, church affiliation, password (hashed via Supabase Auth)
- Progress data: Devotional completion, prayer requests, journal entries, community posts
- Giving data: Donation amounts, campaign preferences (payment processed by Stripe)
- Store orders: Shipping name, address, email, order items (payment via Stripe)
- Health data: Optional — fitness goals, prayer/wellness tracking
2. How We Use Your Data
- To provide devotionals, plans, and community features
- To process donations and store orders via Stripe
- To connect you with your church community and leaders
- To send prayer reminders, community updates, and order confirmations
3. Data Sharing
- Supabase: Database hosting (RLS-protected, per-user + per-church isolation)
- Stripe: Payment processing for donations and store orders
We do NOT sell your data. We do NOT share data with advertisers. Prayer requests marked "pastoral_only" are visible only to your church pastors (server-verified).
4. Data Security
- Row-Level Security on all tables — per-user + per-church isolation
- JWT authentication required on all backend endpoints
- Server-side price resolution (no price manipulation)
- Rate limiting on all checkout and donation endpoints
- Stripe webhook signature verification (always enforced)
- CSP headers enabled
5. Church Data Isolation
Your data is isolated by church membership. Church leaders can see church-wide prayer requests and giving records for their church only. Store orders are visible to you and verified church admins.
6. Your Rights
- Access: Request a copy of your data
- Deletion: Request account and data deletion
- Export: Export your progress and giving history
Contact: support@fitfriendchris.github.io
7. Children's Privacy
Flourish is for users 13+. Users under 18 require parental consent.
8. Changes
We will notify users of material changes via email or in-app notification.