PujaFirst legal
Privacy Policy
This policy explains how PujaFirst handles information in the iPhone app, on this website, through tester registration, and when you contact support. It also distinguishes information that stays only on your device.
Effective date: 14 July 2026
1. Who we are
PujaFirst (“PujaFirst”, “we”, “us”, or “our”) is the controller responsible for the personal information described in this policy. PujaFirst is operated by a sole trader established in England, United Kingdom.
For privacy questions, requests, or complaints, email support@pujafirst.app. Please do not send passwords, Screen Time codes, payment card details, or sensitive information that is not needed for your request.
2. Scope of this policy
This policy applies to the PujaFirst iOS application, pujafirst.app, the tester registration form, account and subscription services, feedback tools, and support correspondence (together, the “Service”). It does not govern services that Apple, Google, Supabase, RevenueCat, Vercel, or other providers offer under their own terms and privacy notices.
3. Information we collect
Account and identity information
If you create or access an account, we process the account identifier used by our authentication provider, your email address, authentication-provider details needed to complete sign-in, and any optional display name you provide. If you use Sign in with Apple or Google sign-in, those providers may give us an identifier and the profile details you choose to share. We do not receive your Apple or Google password.
Prayer preferences and activity
Depending on the features you use, we may process devotional preferences, prayer focus or tradition preferences, language and content preferences, favourites, hidden prayers, prayer completion records, dates, durations, streak and progress records, daily reset preferences, and reminder settings. We may also store the identifiers of library passages or prayer content you save or complete.
Religious beliefs and information that reveals or strongly suggests a person’s religious practice can be special category data under UK data protection law. We treat prayer preferences and history accordingly. Where required, we ask for explicit consent before syncing this information to your account. You may withdraw that consent and request deletion, although this does not make earlier lawful processing unlawful.
Subscriptions and transactions
If you start a trial, buy a subscription, restore purchases, or manage an entitlement, Apple processes the payment. We and RevenueCat receive transaction and entitlement records such as product identifier, purchase status, renewal status, expiry information, store environment, and a pseudonymous app-user identifier. We do not receive your full payment card number or Apple Account password.
Feedback, support, and diagnostics
If you send feedback or contact support, we process the information you choose to provide, your contact details, the content of the message, and related correspondence. Diagnostic information may include app version, iOS version, device model class, timestamps, and technical error details when supplied by you or required to investigate a problem. Please avoid including devotional or other sensitive details unless they are relevant and you want us to consider them.
Tester registration
When you register to test PujaFirst, we collect your name, the email linked to your Apple Account, and any optional information you add. We use this to administer the TestFlight tester list, contact you about testing, understand relevant testing context, and respond to your notes. The form includes invisible anti-abuse fields and submission timing, but no CAPTCHA, advertising identifier, cookie, or browser-storage fingerprint.
Website requests
Our hosting provider necessarily receives limited request information such as IP address, browser type, requested path, timestamps, and security or delivery logs when your browser connects to this website. We do not add analytics, advertising pixels, marketing cookies, or browser persistence to this website.
4. Information that stays on your device
PujaFirst uses Apple’s Family Controls, Managed Settings, and Device Activity frameworks to let you choose apps, app categories, or web domains to pause. The following information is designed to remain on your iPhone and is not uploaded to PujaFirst’s account systems:
- opaque Screen Time selection tokens and the apps, categories, or domains represented by them;
- the Screen Time authorisation state and managed restriction configuration;
- local challenge state, restriction schedules, shield state, and device-activity monitoring state;
- local unlock receipts and the state of emergency access; and
- information Apple keeps private inside its Screen Time frameworks.
Apple may process information needed to provide Screen Time features under Apple’s own privacy terms. We cannot see the human-readable identity of a selected app merely from Apple’s opaque token.
5. Information we do not collect
PujaFirst does not use IDFA, advertising SDKs, cross-app tracking, or behavioural advertising. The current Service does not request or collect contacts, precise or approximate location, microphone recordings, photos or photo-library content, health or fitness data, or cloud AI prompts. Core prayer content is not sent to a cloud AI service.
6. Why we use information and our lawful bases
- Provide the Service and perform our contract: to create and secure an account, sync eligible preferences and history, provide saved content, deliver subscription entitlements, administer tester access you request, and respond to service requests.
- Legitimate interests: to keep the Service secure, prevent abuse, troubleshoot faults, improve reliability, understand direct feedback, and establish or defend legal claims. We consider and balance these interests against your rights.
- Legal obligations: to meet tax, accounting, consumer-protection, data-protection, law-enforcement, and other duties that apply to us.
- Consent: where we ask permission for optional communications or device features and, where required, explicit consent to process special category information about religious preferences or practice. You may withdraw consent at any time.
We do not use prayer preferences, history, or tester data for advertising, data brokerage, or unrelated profiling. We do not make decisions with legal or similarly significant effects solely by automated means.
7. Who receives information
We disclose only what is reasonably necessary to providers that help operate the Service:
- Apple: iOS distribution, Sign in with Apple where selected, TestFlight, Screen Time frameworks, App Store subscriptions, receipts, and platform services.
- Google: authentication where you choose Google sign-in.
- Supabase: hosted authentication, database, and account-sync infrastructure for eligible account information, prayer preferences, history, favourites, and feedback.
- RevenueCat: subscription entitlement and purchase-state management.
- Vercel: website hosting, delivery, and essential operational or security logs.
- Self-hosted n8n workflow: routing and storing tester registration submissions for tester administration.
These providers may act as processors, independent controllers, or both depending on the activity. We may also disclose information to professional advisers; to a successor in a properly structured business transfer; to comply with law or a valid legal process; or to protect rights, safety, and security. We do not sell personal information.
8. International transfers
Some providers or their support teams may process information outside the United Kingdom. Where UK transfer rules apply, we use an available lawful mechanism such as UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to approved standard contractual clauses, or another permitted safeguard. Where a safeguard requires it, we consider whether the protection after transfer is not materially lower than in the UK and take proportionate supplementary measures.
You can contact us for more information about the relevant safeguards. Provider infrastructure and transfer arrangements can change, so we review them periodically.
9. Retention
- Account and synced prayer information: retained while your account is active and then deleted or anonymised after a valid deletion request, except where a limited record must be kept for legal, security, or dispute purposes.
- Subscription records: retained as needed to administer entitlements and meet tax, accounting, fraud-prevention, and legal obligations.
- Feedback and support: retained while needed to answer the request, improve or secure the Service, and maintain an appropriate record of the resolution.
- Tester submissions: retained until you ask us to delete them, subject to any limited legal need to keep a record of the request or related correspondence.
- Operational and security logs: kept for the shortest period reasonably needed for delivery, security, abuse prevention, and troubleshooting, subject to provider settings and legal duties.
Deletion from live systems may not immediately remove encrypted backup copies. Backups are protected, access-restricted, and removed through the normal backup lifecycle unless we must preserve information for law or a dispute.
10. Security
We use proportionate technical and organisational controls including access controls, encrypted network transport, provider security features, separation of device-only Screen Time data from cloud account data, limited production access, dependency and configuration review, and response procedures. No service can promise absolute security. Keep your device, Apple Account, and authentication methods secure, and contact us if you suspect unauthorised access.
11. Your choices and rights
Depending on the circumstances, UK data protection law may give you rights to be informed; access your information; correct inaccurate information; erase information; restrict processing; receive certain information in a portable form; object to processing based on legitimate interests; withdraw consent; and complain about our handling of your information.
You can change many local preferences in the app. To request account deletion or exercise another right, email support@pujafirst.app from the email associated with the account where possible. We may ask for proportionate information to verify your identity. Rights are not absolute, and we will explain if an exemption applies. We normally respond within one calendar month, subject to lawful extensions.
12. Children and legal capacity
PujaFirst is not directed at anyone who lacks legal capacity to agree to the Terms or to use the relevant Apple Account, App Store, TestFlight, or authentication service. We do not impose a separate numeric age threshold in this policy. A parent or guardian should supervise use where required by applicable law or platform rules. If you believe a person without the required capacity supplied information, contact us.
13. Complaints
Please contact us first so we can try to resolve your concern. You also have the right to complain to the UK Information Commissioner’s Office (ICO), including through ico.org.uk, or to seek a remedy through the courts. If you live elsewhere, you may also have the right to contact your local data-protection authority.
14. Changes to this policy
We may update this policy when the Service, providers, or law changes. We will publish the updated text here, change the effective date, and provide an additional notice in the app where a change is material or consent is required. Earlier versions may be requested by email.
15. Contact
PujaFirst
England, United Kingdom
support@pujafirst.app