Trust
Security
Effective July 16, 2026 · Last updated July 16, 2026
Prayers, journals, and reflections deserve real protection. This page describes, in plain language, the measures we use to protect your account and your content — and it is honest about the limits. We make no exaggerated claims here, only ones we can support.
1. Encrypted connections
Data traveling between your device and our services is encrypted in transit using HTTPS with TLS. This protects your content from being read while it moves across the network.
2. Account security
Sign-in is handled by Supabase, which stores passwords using industry-standard password hashing. We never store or see your password in plain text. Choose a strong, unique password for your account — it remains your first line of defense.
3. Access controls
Our database uses row-level security policies, so each account can reach only its own content. Access follows the principle of least privilege: systems and people get the minimum access needed to do their job, and nothing more.
4. Local mode
The app works local-first. If you use it without enabling cloud sync, your journal entries, prayers, and reflections stay on your device and are never sent to our servers. Cloud sync is a choice, not a requirement.
5. Payment security
All purchases and subscriptions run through the Apple App Store and Google Play. Payment details are handled entirely by Apple and Google under their own security programs. We never receive or store your card number.
6. Sensitive spiritual content
We treat prayers, journals, reflections, and conversations with the Guide as the most sensitive information we hold. We do not read this content in the ordinary course of business, do not use it for advertising, and do not sell it. Our Privacy Policy describes this commitment in full.
7. Deletion on request
You can delete your account and its data at any time — in the app or through our account deletion page. Deletion requests are honored the same way whichever route you choose.
8. How we choose vendors
We keep our list of service providers deliberately small — Supabase, Vercel, Apple, Google, and Resend — and we choose established providers with mature, published security practices. Fewer vendors means fewer places your data can go.
9. Reporting a security concern
If you believe you have found a vulnerability or notice something suspicious about your account, please tell us. Email support@unstuck-faith.com with “Security” in the subject line. We read these reports carefully and appreciate responsible disclosure.
10. Honest limits
No system is perfectly secure, and we will not pretend otherwise. We use reasonable, industry-standard safeguards and keep improving them, but we cannot guarantee that unauthorized access will never occur. What we can promise is care: a small data footprint, restrained vendor choices, and honesty with you if something goes wrong.