SpiritLift

Introduction
Will Braun ("Company," "We," "Us," or "Our") respects your privacy and is committed to protecting it through our compliance with this policy. This Privacy Policy explains our practices regarding the collection, use, storage, and sharing of information when you use the SpiritLift mobile application (the "Service").

SpiritLift is a fitness and Bible study application designed with an "offline-first" architecture. Your workout logs, saved verses, Bible data, and personal settings are stored entirely on your Device. We collect absolutely minimal personal data. This policy outlines exactly what stays on your Device, what is transmitted to third parties, and how those integrations are handled.

1. Information We Collect

Because the Service operates primarily offline, we collect far less data than most applications. We categorize the information as follows:

a. Information Stored Locally on Your Device
The following data is stored exclusively on your Device and is never transmitted to our servers:

• Workout Data: Exercise logs, sets, reps, weight, duration, distance, cardio data, workout history, and personal records.
• Bible Data: Downloaded Bible translations (KJV, ASV, Reina-Valera 1909), reading history, and verses-read counts.
• Saved Verses: Starred/bookmarked Bible verses and their references.
• App Settings and Preferences: Language preference, Bible translation selection, appearance mode, weight/distance units, weekly workout goals, notification preferences, and reminder times.
• Exported Backup Files: JSON backup files you create using the data export feature are saved to a location you choose on your Device.
• Onboarding Status: Whether you have completed the initial onboarding flow.

b. Information Transmitted to Third Parties
The following data may leave your Device when you use specific features:

• Bible Verse Text (to Google Gemini): When you request an AI-generated "True Meaning" summary, reflection questions, or devotional scriptures, only the raw text of the specific verse or topic is sent to Google's Gemini API. No personal identifiers, workout data, health data, or device identifiers are included in these requests.
• Subscription Status (to/from Apple): When you purchase, restore, or verify a SpiritLift+ subscription, transaction data is exchanged with Apple's App Store servers via StoreKit. We do not collect or store your payment card details, billing address, or financial information. Apple handles all payment processing.
• Firebase Analytics Data (to Google Firebase): The Service uses Google Firebase for basic analytics and crash reporting. This may include anonymized usage patterns, device type, OS version, and crash logs. This data does not contain personally identifiable information.

c. Information We Do NOT Collect
For clarity, the Service does not collect:

• Your name, email address, or any account credentials (there are no user accounts).
• Your real-time GPS location or any location data.
• Your contacts, photos, camera, or microphone data.
• Any data for advertising, marketing, or user profiling purposes.

2. How We Use Information

The limited information that is transmitted from your Device is used solely for the following purposes:

• Providing AI Features: Bible verse text is sent to Google Gemini to generate "True Meaning" summaries, reflection questions, answers to reflection questions, and devotional scripture selections.
• Subscription Management: Transaction data is exchanged with Apple to verify your SpiritLift+ subscription status and enforce free-tier usage limits (e.g., daily limits on True Meaning summaries and Surprise Me devotionals).
• Service Improvement: Anonymized analytics and crash data from Firebase is used to diagnose bugs, improve stability, and understand feature usage patterns.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

3. Apple Health (HealthKit) Integration

The Service requests your explicit permission to read from and write to Apple's HealthKit framework (e.g., active calories burned, workout duration, and heart rate data). You acknowledge and agree that:

• Strict Usage: Data accessed from HealthKit is used solely to provide and enhance the fitness tracking features within the Service. HealthKit data is processed entirely on your Device.
• No Marketing or Selling: We absolutely do not sell, rent, share, or transfer your HealthKit data to advertising platforms, data brokers, information resellers, or any third party. We do not use HealthKit data for marketing, advertising, or data-mining purposes.
• No Server Transmission: Your HealthKit data is never transmitted to our servers, to Google Gemini, to Firebase, or to any external service.
• User Control: You retain full control over your health data. You can grant or revoke the Service's read/write access at any time through the Health app settings on your Device.

4. Data Sharing and Third Parties

We do not sell your personal information to third parties. We share data only in the following limited circumstances:

a. Service Providers

• Google Gemini API: Receives only Bible verse text and devotional topic strings to generate AI content. No personal data is transmitted.
• Google Firebase: Receives anonymized analytics and crash reporting data.
• Apple StoreKit: Processes subscription purchases and verifications. Apple handles all payment information directly; we do not collect or store payment card details.

b. Aggregated and Anonymized Data
We may use aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you for analytics, research, and service improvement purposes.

c. Legal Requirements
We may disclose information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government agency request).

d. Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, information associated with the Service may be transferred as part of that transaction. We will make reasonable efforts to notify users of any such change.

e. Protection of Rights
We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our Terms and Conditions, suspected fraud, situations involving potential threats to the safety of any person, or as evidence in litigation in which we are involved.

5. Subscription and Payment Data

SpiritLift+ subscriptions are processed entirely through the Apple App Store. We do not collect, process, or store your credit card number, billing address, or other financial payment information. Apple handles all payment processing in accordance with their own privacy policy and terms of service.

We receive and store only the following subscription-related information:

• Whether you have an active SpiritLift+ subscription (premium status);
• Transaction verification data from Apple's StoreKit framework.

This information is processed on your Device via Apple's StoreKit APIs and is not transmitted to our servers.

6. Data Security

Because your personal data, workout logs, and health data remain on your Device, the security of that data relies primarily on the security features of Apple's iOS ecosystem. We strongly recommend:

• Utilizing Face ID, Touch ID, or a strong passcode to secure your Device.
• Keeping your Device's operating system up to date.
• Regularly backing up your Device via iCloud or a localized computer backup to prevent data loss.

For data transmitted to third-party services (Google Gemini, Firebase), all requests are sent over encrypted connections (TLS/SSL). However, no method of electronic transmission is 100% secure. We cannot guarantee the absolute security of data in transit.

7. Data Retention

Because the Service stores data locally on your Device, data retention is under your direct control:

• Local Data: Retained on your Device until you delete it, delete the Application, or lose your Device. The Company has no access to and no ability to recover locally stored data.
• Exported Backup Files: Retained wherever you choose to save them. The Company is not responsible for the security or retention of exported files.
• Firebase Analytics Data: Retained by Google in anonymized/aggregated form in accordance with Google's data retention policies.
• AI Request Data: Bible verse text sent to Google Gemini is processed in real-time. We do not store AI request or response data on our servers. Google's retention of API request data is governed by Google's privacy policy.

8. Your Rights and Choices

Because the Service is offline-first and does not maintain user accounts or server-side data, your data rights are largely exercised directly on your Device:

• Access and Portability: You can export all your app data (saved verses, settings) at any time using the in-app data export feature, which produces a portable JSON file.
• Deletion: You can delete all app data by deleting the Application from your Device. Since we do not store your data on our servers, there is no server-side data to request deletion of.
• HealthKit Control: You can grant or revoke HealthKit permissions at any time through your Device's Health app settings.
• Analytics Opt-Out: You can opt out of Apple's native crash reporting and analytics at the system level via your Device's Settings > Privacy & Security > Analytics & Improvements.
• Notification Control: You can enable or disable workout reminder notifications within the Application's settings or through your Device's notification settings.

a. California Residents (CCPA/CPRA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information. Because the Service does not collect personally identifiable information on our servers, these rights are inherently satisfied by the offline-first design. To exercise any additional rights, contact us at the information provided below.

b. Florida Residents (Florida Digital Bill of Rights)
If you are a Florida resident, you may have rights under the Florida Digital Bill of Rights, including the right to access, correct, and delete your personal data. Because the Service stores data locally and does not maintain server-side user profiles, these rights are exercised directly on your Device. To exercise any additional rights, contact us at the information provided below.

c. European Union Residents (GDPR)
If you are a resident of the European Union, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. Our legal basis for any data processing is your consent (provided when accepting the Terms of Service) and our legitimate interest in operating the Service. Because the Service is offline-first, the vast majority of your data never leaves your Device. To exercise any additional rights, contact us at the information provided below.

9. Analytics and Crash Reporting

We utilize Google Firebase Analytics and Apple's native, opt-in crash reporting tools to understand how the Service performs and to identify technical issues. This data is aggregated, anonymized, and does not contain personally identifiable information.

You can opt out of Apple's native crash reporting and analytics at the system level via your Device's Settings > Privacy & Security > Analytics & Improvements.

10. Text-to-Speech

The Service includes a text-to-speech feature that reads Bible verses aloud. This feature uses Apple's on-device AVSpeechSynthesizer framework. All speech synthesis is performed locally on your Device. No verse text or audio data is transmitted to external servers for this feature.

11. Cookies and Tracking Technologies

The Application does not use browser cookies or web-based tracking technologies. Firebase may use device identifiers for anonymized analytics purposes. The Service does not engage in cross-app tracking or targeted advertising.

12. Third-Party Links and Services

The Service may contain links to third-party websites or services that are not operated by Us (e.g., Apple's EULA, our Terms of Service and Privacy Policy web pages). If you follow a third-party link, you will be directed to that third party's site. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the privacy policy of every site you visit.

13. Children's Privacy

The Service is not intended for use by children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so that we can take necessary actions to delete such information.

14. Do Not Track Signals

The Application does not currently respond to "Do Not Track" (DNT) signals. There is no uniform standard for how DNT signals should be interpreted by mobile applications.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy within the Application and updating the "Effective Date" at the top of this document. For material changes, we will make reasonable efforts to provide notice through an in-app notification. Your continued use of the Service after such changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically.

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, including requests to exercise your privacy rights, please contact us at:
Will Braun
P.O. Box 330333
Miami, FL 33233
Email: info@braunsoftware.io