FaithFlow Data Handling & Security

Effective Date: January 1, 2025
Last Updated: January 1, 2025

🔒 Encrypted ✅ GDPR Compliant 🛡️ SOC 2 Certified

1. Our Security Commitment

At FaithFlow, we understand that your spiritual journey is deeply personal. We are committed to protecting your data with industry-leading security measures while respecting the sacred nature of your faith journey.

2. Data Encryption

In Transit: All data transmitted between your device and our servers uses TLS 1.3 encryption
At Rest: All data stored in our databases is encrypted using AES-256 encryption
Backups: All backups are encrypted and geographically distributed

3. Access Controls

Authentication: Multi-factor authentication for all administrative access
Authorization: Role-based access control with principle of least privilege
Monitoring: Continuous monitoring for unauthorized access attempts
Auditing: Comprehensive audit logs of all data access

4. Third-Party Security

We only work with trusted, security-certified service providers:

Supabase (Database & Authentication)

SOC 2 Type II certified
GDPR compliant
ISO 27001 certified

RevenueCat (Subscription Management)

PCI DSS compliant
SOC 2 Type II certified

Sentry (Error Monitoring)

SOC 2 Type II certified
GDPR compliant

PostHog (Analytics)

SOC 2 Type II certified
GDPR compliant
Data anonymization built-in

5. Data Retention

Active Accounts: Data retained while your account is active
Deleted Accounts: All data permanently deleted within 30 days
Analytics Data: Anonymized and retained for up to 2 years
Security Logs: Retained for up to 1 year

6. Your Data Rights

Access: View all data we have about you
Portability: Export your data in JSON/CSV format
Correction: Update or correct your information
Deletion: Permanently delete your account and data

7. Spiritual Data Protection

We give special consideration to the sensitive nature of spiritual data:

Private Journey: Your spiritual goals and reflections remain private
Prayer Requests: Personal prayer requests are kept confidential
Opt-Out Options: Control over community features and data sharing

8. Incident Response

In the unlikely event of a security incident:

Affected users notified within 72 hours
Regulatory authorities notified as required by law
Transparent communication about the incident
Immediate remediation and prevention measures

9. Regular Security Audits

Annual third-party security audits
Regular penetration testing
Continuous vulnerability scanning
Compliance reviews and certifications

10. Contact Our Security Team

Security Concerns: faithflowapp@proton.me
Privacy Questions: faithflowapp@proton.me
Data Requests: faithflowapp@proton.me

This Data Handling & Security Policy reflects our commitment to protecting your personal and spiritual information with the highest security standards.