This is a draft. It has been written to be technically accurate and to reflect how Ripple's systems actually work, but it has not been reviewed by a lawyer and must not be published, relied upon, or treated as legally binding until it has.
Privacy Policy
Entity: Kivfer Holdings Inc., Winnipeg, Manitoba, Canada ("Ripple," "we," "us," or "our")
This Privacy Policy explains what information Ripple collects, why, how it's used, who we share it with, and the choices you have.
1. Information We Collect
Account information. When you create an account, we collect your email address, your first and last name (used for our own communications with you — never shown to anyone you pray for or who prays for you), a self-declared confirmation that you're 16 or older, and, if you sign in with Apple or Google, the identifier those services provide us.
A separate, public display name. You can choose a display name that's shown to the person you're praying for or being prayed for by. This is deliberately kept separate from your real name and is never linked to it for anyone but you and Ripple.
Prayer requests. The text of any prayer request you submit, along with an optional category and urgency flag.
Recorded prayers. The audio recording you make when praying for someone, along with an automatically generated transcript used for content screening (Section 3).
Device and usage data. Basic technical information (device type, app version, crash and performance data) collected automatically to keep the Service working and to fix problems.
Anonymous submissions. If you submit a prayer request through our public website without creating an account, we collect the display name, email address, and request text you provide — the same core information listed above, without an associated Ripple account.
2. How We Use Your Information
- To operate the Core Prayer Loop: matching prayer requests to Praying Members, and delivering recorded prayers to recipients.
- To screen submitted content for safety before it's queued or delivered (Section 3).
- To communicate with you about your account, your prayer activity, and (if you've opted in) reminders and updates.
- To maintain streaks, membership status, and other account features.
- To investigate reports of inappropriate content (Section 6 of our Terms of Service).
- To keep the Service secure and prevent abuse.
We do not sell your personal information, and we do not use your prayer requests or recorded prayers for advertising.
3. How Audio and Text Content Is Handled
Recorded prayers are stored in private cloud storage — never a public location. The only way a recorded prayer is ever accessible is through a short-lived, signed link generated specifically for the intended recipient at the time of delivery. There is no public bucket or open folder of prayer audio.
Before a prayer request enters the queue that matches it to a Praying Member, and before a recorded prayer is delivered, both are automatically screened by an AI-assisted validation step, and recorded audio is automatically transcribed to support that screening. This is an automated process, not manual staff review of every submission — see our Terms of Service, Section 5, for what this screening does and doesn't catch.
Ripple's public prayer-listening page is a deliberately different, intentionally shareable space: it's the page a Prayer Recipient uses to listen to the prayer recorded for them, and it's designed to be shareable (for example, so a recipient can send the link to a friend or family member). This is a separate mechanism from the private, signed-URL-only storage described above — the listening page is meant to be shared by the recipient; the underlying raw audio storage is not.
4. Who We Share Information With
We use a small number of service providers to run Ripple. We don't sell your data to them — they process it on our behalf, under agreements that limit what they can do with it:
- Supabase — our database, authentication, and file storage provider.
- Vercel — hosting for our website and admin tools.
- Resend — sending transactional email (for example, a link to a delivered prayer).
- Anthropic (Claude) — AI-assisted screening of submitted prayer requests, and optional AI-generated writing suggestions ("Inspire Me") when composing a request.
- AssemblyAI — automated transcription of recorded prayer audio, used to support content screening.
- Apple and Google — if you choose to sign in with Apple or Google, they act as your identity provider for that sign-in.
(Once Ripple's paid membership system is live, this section will be updated to name the payment processors involved — Apple's and Google's own in-app payment systems. No new category of data is anticipated; this is a small addition to this list, not a rewrite of this policy.)
We may also disclose information if required by law, to protect the safety of our users, or in connection with a merger, sale, or transfer of Ripple (see our Terms of Service, Section 15).
5. Data Retention
We keep your information for as long as your account is active, and for a period afterward as described below.
When you delete your account:
- Your profile information (name, email, preferences) is removed.
- Prayer requests you submitted that were never prayed for, and prayers you recorded that were never delivered, are removed along with your account.
- Prayer requests that were already prayed for, and prayers already delivered to a recipient, are not removed. Once a request has been answered, or a prayer delivered, that content becomes part of the other person's own record — this is a deliberate design decision (see our Terms of Service, Section 7), not an oversight. Deleting your account does not reach back and remove content that's already been given to someone else.
- We may retain limited records beyond deletion where necessary for legitimate business, safety, legal, or audit purposes — for example, records tied to an active moderation investigation or a legal obligation.
6. Your Rights and Choices
Depending on where you live, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain uses of it.
- Access and correction: most of your account information can be viewed and edited directly in the app's Settings.
- Deletion: you can delete your account from Settings at any time (see Section 5 for what deletion does and doesn't remove).
- Notification preferences: you can control what notifications you receive from Settings.
- To make a request we don't yet support directly in the app (such as a data export), contact us at [contact email — to be added].
If you're located in the European Union or United Kingdom, you may also have rights under the GDPR, including the right to lodge a complaint with your local data protection authority. If you're located in a US state with its own privacy law (such as California), you may have additional rights under that law. (Because Ripple may serve users outside Canada, this section needs specific legal review to confirm what applies where — flagged here and in the Terms of Service as a known open question for attorney review, not silently assumed out of scope.)
7. Children's Privacy
Ripple's minimum account age is 16. We do not knowingly collect personal information from anyone under 16, and we do not knowingly allow anyone under 16 to create an account. If we learn that someone under 16 has created an account, we will take steps to close it.
8. Security
We use industry-standard safeguards to protect your information, including encrypted storage, access controls, and the private-storage/signed-URL approach described in Section 3. No system is perfectly secure, and we can't guarantee absolute security, but protecting your information — especially your prayer content — is treated as a first-order responsibility, not an afterthought.
9. Changes to This Policy
If we make a material change to this policy, we'll let you know through the app or by email before it takes effect.
10. Contact Us
Questions about this Privacy Policy, or requests regarding your personal information, can be sent to [contact email — to be added].