Privacy Policy — Promises

This Privacy Policy describes how Kyox LLC ("we," "us," or "our"), the publisher of the Promisesmobile application ("Promises" or "the App"), collects, uses, and protects your information when you use the App on iOS or Android.

By using Promises, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the App.

1. Who we are

App name:Promises: Bible Verse & Prayer
Bundle ID (iOS): com.promises.promises
Package name (Android): com.promises.promises
Publisher: Kyox LLC
Registered address: 4 Blaauwberg Rd, Bloubergstrand, Cape Town, 7441, South Africa
Support email: support@kyox.io
Privacy contact: support@kyox.io
Website: https://promises.kyox.io

We are the data controller for personal information processed through the App.

2. Summary — what you should know in 30 seconds

Promises does not require an account. You can use the App without signing in or providing your email.
We assign your device an anonymous identifier so the App can save your preferences and personalize your experience. This identifier is not linked to your Apple ID, Google account, name, or email address.
Most of your data stays on your device: favorites, streak history, settings, and reading history.
We do not sell your personal information to anyone. Ever.
We do not use your data for advertising or to build advertising profiles.
The optional Focus / App Lock feature (where Promises shows a Bible verse before you open selected apps) processes everything on your device. Your selected apps and screen-time data are never sent to our servers.

3. Information we collect

We collect the minimum information needed for the App to work and improve.

3.1 Information you provide

When you complete onboarding, you may provide:

Field	Purpose	Required?
First name	Personalize greetings inside the App	Optional
Age range (e.g., "25–34")	Tailor content recommendations	Optional
Gender	Tailor content recommendations	Optional
Faith relationship (e.g., "Growing in faith")	Choose appropriate promises	Optional
Bible familiarity	Choose appropriate promises	Optional
Personal goal	Choose appropriate promises	Optional
Selected categories of promises	Personalize daily feed	Optional
Notification preferences (count, time window)	Schedule reminders	Optional
Selected language	Display the App in your language	Optional

You can skip any of these during onboarding. You can change or clear them at any time from Settings.

3.2 Information we collect automatically

Anonymous device identifier — a randomly generated 32-character UUID-like string stored on your device. Used to associate your preferences with your device for sync and analytics.
App usage events — for example, app_opened, promise_viewed, promise_saved. Used to understand which features are used so we can improve them.
Onboarding analytics — which onboarding pages you viewed and how long you spent on each. Used to improve the onboarding flow.
Platform and app version(e.g., "ios", "1.0.2+4") — used for debugging and to deliver the right content for your device.
Locale — used to deliver content in your language.
Crash diagnostics — if the App crashes, basic technical information is logged to help us fix the bug.

We do not collect:

Your real name, email address, or phone number
Your contacts, photos, calendar, or microphone
Your precise location (GPS)
Your full list of installed apps
The contents of any other app on your device

3.3 Information from purchases

If you subscribe to Promises Premium, the subscription is processed by Apple (App Store) or Google (Play Store), and managed for us by RevenueCat. We receive your subscription status (active, expired, etc.) and an anonymous RevenueCat user ID. We do not receive your payment-card details — those are handled entirely by Apple or Google.

3.4 Information you submit through feedback

If you use the in-app feedback form, we collect:

Your message
Feedback type (feature request, bug report, etc.)
App version and platform

We do not require an email address with feedback. If you choose to include one, we use it only to reply to you.

4. How we use your information

We use the information described above to:

Provide the App's core features (display promises, save favorites, schedule notifications).
Personalize content (show promises relevant to your selected categories, life stage, and goals).
Maintain your streak and reading history across devices that share the same device identifier.
Understand how the App is used so we can improve it (anonymous, aggregated analytics).
Process your subscription and grant Premium features.
Respond to your feedback or support requests.
Detect and fix bugs and crashes.
Comply with legal obligations.

We do not:

Use your data for advertising or to build an advertising profile of you.
Sell, rent, or trade your personal information to third parties.
Make automated decisions that produce legal or similarly significant effects on you.

5. Third-party services we use

We rely on a small number of trusted service providers. Each is bound by their own privacy practices.

Provider	Purpose	Data shared	Privacy policy
Supabase (Supabase Inc.)	Database hosting for content sync, anonymous analytics, and user preferences	Anonymous device ID, profile fields you provided in onboarding, app events, app version, platform	supabase.com/privacy
RevenueCat (RevenueCat, Inc.)	Subscription management	Anonymous RevenueCat user ID, subscription status, platform	revenuecat.com/privacy
Apple App Store (Apple Inc.)	iOS distribution and payments	Information you provide directly to Apple — see Apple's privacy policy	apple.com/legal/privacy
Google Play Store (Google LLC)	Android distribution and payments	Information you provide directly to Google — see Google's privacy policy	policies.google.com/privacy

Promises is not integrated with any of the following: Facebook / Meta SDKs, Google Analytics, AppsFlyer, Adjust, Mixpanel, Amplitude, third-party advertising networks, or social-login providers.

6. Data stored only on your device

The following data never leaves your device and is not visible to us or any third party:

Your saved / favorited promises (stored in a local Hive database).
Your daily reading streak and active-day history.
The list of promises you've already seen (used to avoid repetition).
Your in-app theme preference (light / dark mode).
Your local notification schedule.
(When the Focus feature is enabled — see §7) Your selected list of apps.

You can clear all on-device data at any time by uninstalling the App.

7. The Focus feature — App Lock and Screen Time

Promises offers an optional, default-off feature called Focus. When enabled, Focus reminds you to pause and read a short Bible verse and pray before opening apps you've personally selected (for example, social-media apps).

7.1 Android — Accessibility Service disclosure

On Android, Focus uses the Android Accessibility ServiceAPI to detect when you open one of the apps you've selected. We use this permission solely for the Focus feature.

Specifically, the Accessibility Service:

Only monitors app-launch events — it observes when an app is brought to the foreground.
Only reacts to apps you have explicitly added to your Focus list.
Triggers an in-app prompt that displays a Bible verse and a short prayer.
After you tap "Continue," the original app opens normally.

The Accessibility Service does NOT:

Read the screen content of any app.
Capture keystrokes, passwords, or text you enter.
Record screenshots, audio, or video.
Transmit any data off your device.
Run when Focus is disabled.

You are in full control:

Focus is off by default after install.
You must explicitly grant Accessibility permission to enable it.
You choose which apps to include in your Focus list.
You can revoke Accessibility permission, disable Focus, or change your Focus list at any time from Settings → Focusin the App, or from your device's system settings (Settings → Accessibility → Promises).

This use of the Accessibility Service complies with Google Play's Accessibility API policy and is documented in our Play Store listing.

7.2 iOS — Family Controls and Screen Time disclosure

On iOS, when Focus is available, it uses Apple's FamilyControls, ManagedSettings, and DeviceActivity frameworks to provide the same behavior.

What we access:

The list of apps you explicitly select for Focus, stored as opaque iOS tokens in the device keychain.
Launch events for those selected apps, processed entirely on your device.

What we do NOT access:

Your full list of installed apps.
Apps you have not selected for Focus.
The contents, notifications, or activity inside any app.
Any usage data once the prompt is dismissed.

What we do NOT do:

We do not transmit any Screen Time, app-usage, or app-selection data off your device.
We do not share this data with any third party, including analytics providers.
We do not use this data for advertising, profiling, or any purpose other than displaying your prayer prompts.

You are in full control:

Focus is off by default after install.
iOS will prompt you to grant Family Controls authorization the first time you enable Focus. You may decline.
You choose which appsto include via Apple's standard FamilyActivityPicker.
You can disable Focus, change your selected apps, or revoke Family Controls authorization at any time from Settings → Focus inside the App, or from iOS Settings → Screen Time → See All Activity → Family Controls.

8. Notifications

Promises uses your device's local notification system (flutter_local_notifications) to send you scheduled daily verse reminders. These notifications are scheduled and delivered locally on your device — they are not sent from our servers and we do not know whether or when they were delivered.

You can change the number of daily notifications, the time window, or disable notifications entirely from Settings → Notificationsin the App, or from your device's system notification settings.

9. Children's privacy

Promises is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and you believe your child under 13 has provided us with information, please contact us at support@kyox.io and we will delete it.

We do not direct the App to children under 13 and the App is not categorized as "Made for Kids" / "Designed for Families" on either the App Store or Google Play.

10. Your privacy rights

Depending on where you live, you may have additional rights regarding your personal information.

10.1 European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are in the EEA, the UK, or Switzerland, you have the right to:

Access the personal data we hold about you.
Rectify inaccurate personal data.
Eraseyour personal data ("right to be forgotten").
Restrict how we process your personal data.
Object to our processing of your personal data.
Data portability — receive your data in a machine-readable format.
Withdraw consent at any time, where processing is based on consent.
Lodge a complaint with your local data-protection authority.

Our legal bases for processing your data are: (a) your consent (e.g., for analytics and personalization), (b) the performance of a contract(delivering the App's features), and (c) our legitimate interests (improving the App, preventing abuse).

To exercise any of these rights, email support@kyox.io with the subject line "GDPR Request" and include your device identifier (find it in Settings → About).

10.2 California, USA (CCPA / CPRA)

If you are a California resident, you have the right to:

Know what categories of personal information we collect about you and the purposes.
Request a copy of the personal information we have collected about you.
Request deletion of your personal information.
Opt out of the "sale" or "sharing" of your personal information (we do not sell or share your personal information for cross-context behavioral advertising).
Not be discriminated against for exercising your rights.

To exercise any of these rights, email support@kyox.io with the subject line "CCPA Request."

10.3 South Africa (POPIA)

If you are a South African resident, you have the rights afforded by the Protection of Personal Information Act (POPIA). To exercise them, email support@kyox.io with the subject line "POPIA Request."

10.4 Other jurisdictions

If you are in another jurisdiction with similar privacy laws (e.g., Brazil's LGPD, Canada's PIPEDA, Australia's Privacy Act), please contact us at support@kyox.io and we will respond in accordance with applicable law.

11. Data retention

On-device data (favorites, streak, settings) is retained on your device until you delete the App or clear it manually.
Cloud-synced data (your anonymous device profile, app events) is retained for as long as your device identifier is active. If you have not used the App for 24 months, we will delete or anonymize the associated cloud records.
Subscription data is retained for as long as required by Apple, Google, and RevenueCat for billing-history purposes.
Crash and diagnostic data is retained for 90 days for debugging purposes, then deleted.
Feedback you submit is retained for 24 months so we can follow up if needed.

12. How to delete your data

You can delete your data in two ways.

Option A — Delete the App

Uninstalling Promises clears all on-device data immediately.

Option B — Request server-side deletion

To remove your data from our cloud database (Supabase), email support@kyox.io with the subject line "Data deletion request" and include your device identifier (find it in Settings → About inside the App).

We will acknowledge your request within 7 days and complete deletion within 30 days, unless we are legally required to retain certain information (for example, transaction records for tax purposes).

13. International data transfers

Our cloud database is hosted by Supabase. Our Supabase project is located in the European Union (Paris, France region). If you are accessing the App from outside the European Union, your data will be transferred to and processed in the EU.

For users in the European Economic Area, the United Kingdom, and Switzerland, this means your personal data is processed within the EU — no international transfer notification is required for routine processing. For users outside the EU (including the United States), data flows to the EU and is protected by the GDPR-aligned safeguards Supabase provides.

We rely on Supabase's standard contractual clauses and security commitments for international transfers. For details, see Supabase's privacy policy: https://supabase.com/privacy.

14. Security

We take reasonable technical and organizational measures to protect your information:

All data transmitted between the App and our servers is encrypted in transit using TLS 1.2 or higher.
Database access is protected by Supabase's row-level security policies and access controls.
Cloud secrets are managed separately from the application code.
We follow the principle of least privilege for internal access to user data.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will:

Update the "Last updated" date at the top.
For material changes, post a notice in the App or send an in-app notification at next launch.

Your continued use of the App after changes take effect means you accept the updated policy.

A history of substantive changes:

May 4, 2026 — replaced March 22, 2026 version. Added Focus / App Lock disclosures (Android Accessibility Service in §7.1 and Apple Family Controls in §7.2). Restructured into 16 sections. Confirmed publisher as Kyox LLC. Specified Supabase EU (Paris, France) hosting region. Added GDPR / CCPA / POPIA-specific rights sections.

16. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, contact us at:

Email: support@kyox.io

Subject lines we recognize:

Privacy question
GDPR Request / CCPA Request / POPIA Request
Data deletion request

We aim to respond to all privacy inquiries within 7 business days.

This policy was written in plain English to be readable by humans. If you have feedback on how to make it clearer, we'd genuinely like to hear it — email support@kyox.io.