Privacy Policy

Last Updated: February 2026

1. Introduction

Soul Surgery Sunday (the "App") is developed, owned, and operated by Bavity LLC, a limited liability company ("Bavity," "we," "us," or "our"). This Privacy Policy ("Policy") describes how we collect, use, store, disclose, and protect your personal information when you access or use the App. By downloading, installing, accessing, or using the App, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree, you must discontinue use of the App immediately.

2. Information We Collect

2.1 Information You Provide Directly

• Account Registration Data: Your name, email address, and password (stored in hashed form using bcrypt encryption) when you create an account.
• Session and Journal Data: All content you voluntarily enter during Soul Surgery Sunday sessions, including but not limited to emotional state assessments, weekly event descriptions, challenges, wins, reflections, closure statements, operational rules, and personal commitments ("User Content").
• Preferences and Settings: Your chosen storage mode (local or cloud), notification preferences, theme settings, reminder times, and data retention preferences.
• Support Communications: Any information you provide when contacting us for support or feedback.

2.2 Information Collected Automatically

• Device Information: Device type, operating system version, unique device identifiers, and app version for troubleshooting and compatibility purposes.
• Usage Data: Session frequency, feature interactions, subscription status, and app performance metrics.
• Log Data: Error logs, crash reports, and diagnostic data necessary to maintain and improve the App.

2.3 Information We Do Not Collect

We do not collect biometric data, precise geolocation data, contact lists, browsing history, or data from other apps on your device. We do not use cookies or tracking pixels. We do not engage in cross-app or cross-site tracking.

3. Artificial Intelligence Data Processing

The App uses artificial intelligence ("AI") services provided by OpenAI, L.L.C. ("OpenAI") to generate session analysis, identify behavioral patterns, provide personalized recommendations, and create mid-week reflection notifications. When you use features powered by AI:

• Selected portions of your session data are transmitted to OpenAI's API for processing.
• We transmit only the minimum data necessary to generate the relevant AI output.
• Data sent to OpenAI is processed pursuant to OpenAI's API data usage policy, which provides that API inputs and outputs are not used to train OpenAI's models.
• AI-generated outputs (analysis, patterns, recommendations, and reflection messages) are stored as part of your session data and subject to the same storage and retention policies described herein.
• We do not use your data to train, fine-tune, or improve any AI or machine learning models.
• You may avoid AI data processing by using the App in local storage mode; however, certain AI-powered features require data transmission to function.

4. How We Use Your Information

We use your personal information solely for the following purposes:

• To provide, operate, and maintain the App and its core functionality
• To authenticate your identity and secure your account
• To generate AI-powered session analysis, insights, and personalized reflection notifications
• To process and manage your subscription through Apple's App Store
• To send transactional communications, including account verification emails, password reset emails, and session-related notifications
• To respond to your support requests and inquiries
• To detect, prevent, and address fraud, security issues, and technical problems
• To comply with applicable legal obligations

We do not use your personal information for advertising, marketing to third parties, profiling for unrelated purposes, or automated decision-making that produces legal effects concerning you.

5. Data Storage and Security

5.1 Storage Options

The App offers two storage modes, which you select during onboarding and may change at any time in Settings:

• Local Storage: Your session data is stored exclusively on your device. We do not have access to locally stored data, and it is not backed up to our servers. You are solely responsible for local data backup and preservation.
• Cloud Storage (Pro Feature): Your session data is encrypted in transit using TLS 1.2 or higher and stored on secure servers hosted by Render, Inc. Data at rest is protected using AES-256 encryption.

5.2 Security Measures

We implement industry-standard technical and organizational security measures, including but not limited to encrypted data transmission (TLS/SSL), hashed password storage (bcrypt), secure session token management (JWT), access controls, and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security. You use the App at your own risk.

6. Data Retention and Deletion

• You may configure your preferred data retention period in the App's Settings.
• You may delete individual sessions at any time using the soft-delete functionality within the App.
• You may permanently delete your account and all associated data at any time from Settings. Upon account deletion, all personal data, session content, preferences, reflections, and AI-generated insights stored on our servers are permanently and irreversibly removed within thirty (30) days.
• We may retain anonymized, aggregated data that cannot be used to identify you for analytical purposes.
• We may retain certain information as required by law or to comply with legal obligations, resolve disputes, or enforce our agreements.

7. Third-Party Service Providers

We engage a limited number of third-party service providers to operate the App. These providers are contractually obligated to protect your data and may only use it to perform services on our behalf:

• OpenAI, L.L.C.: AI-powered session analysis and reflection message generation.
• Render, Inc.: Cloud infrastructure and server hosting.
• Mailgun (Sinch): Transactional email delivery (account verification, password reset).
• Apple Inc.: In-app purchase and subscription processing via the App Store.

We do not sell, rent, lease, trade, or otherwise disclose your personal data to third parties for their own marketing or commercial purposes. We have never sold personal information and will not do so.

8. Children's Privacy

The App is not directed to children under the age of thirteen (13), and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@soulsurgerysunday.com, and we will take steps to delete such information. If we become aware that we have collected personal information from a child under 13 without verified parental consent, we will delete that information promptly.

9. Your Privacy Rights

9.1 All Users

Regardless of your jurisdiction, you have the right to:

• Access and review the personal data we hold about you
• Export your session data in PDF format
• Correct or update inaccurate personal information
• Delete your account and all associated data
• Opt out of non-essential push notifications
• Choose local-only storage to prevent cloud data transmission

9.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• No Sale or Sharing: We do not sell or share your personal information as defined under the CCPA/CPRA.
• Sensitive Personal Information: Session content may constitute sensitive personal information. We process such information solely to provide the App's core services as directed by you.

To exercise your rights, contact us at support@soulsurgerysunday.com. We will verify your identity before processing any request and respond within forty-five (45) days.

9.3 European Economic Area, United Kingdom, and Switzerland Residents (GDPR/UK GDPR)

If you reside in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation ("GDPR") or UK GDPR:

• Legal Basis for Processing: We process your data based on (a) your consent, (b) the necessity of performing our contract with you (i.e., providing the App), and (c) our legitimate interests in operating and improving the App.
• Right to Portability: You may request your data in a structured, commonly used, machine-readable format.
• Right to Restrict Processing: You may request restriction of processing under certain circumstances.
• Right to Object: You may object to processing based on legitimate interests.
• Right to Lodge a Complaint: You may file a complaint with your local supervisory authority.
• International Transfers: Your data may be transferred to and processed in the United States. Such transfers are conducted pursuant to Standard Contractual Clauses or other approved mechanisms under applicable law.

To exercise your rights, contact us at support@soulsurgerysunday.com.

10. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay and in any event within seventy-two (72) hours of becoming aware of the breach, or as otherwise required by applicable law. Notification will be provided via email and/or in-app notice.

11. Changes to This Privacy Policy

We reserve the right to modify this Policy at any time. If we make material changes, we will notify you by posting the updated Policy within the App, updating the "Last Updated" date, and, where appropriate, sending you a notification via email or push notification. Your continued use of the App after the effective date of any revised Policy constitutes your acceptance of the updated terms. We encourage you to review this Policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Bavity LLC
Email: support@soulsurgerysunday.com

We will respond to all privacy-related inquiries within thirty (30) days.

---

© 2026 Bavity LLC. All rights reserved.