Privacy Policy

Covenant is a faith-based app for christian relationships — whether you are dating, courting, engaged, or married. It is designed to help partners grow closer to each other and to God. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Covenant mobile application.

When you use Covenant, we may collect the following types of information:

Account Information

• Email address — used for authentication and account recovery
• Display name — shown to your partner within the app
• Profile photo — optional, used for personalization

Relationship Data

• Check-in scores — relationship health ratings you and your partner submit
• Goals — shared and individual relationship goals you create
• Prayer entries — prayers you write and share within the app. Prayer data is encrypted at rest.
• Journal entries — personal reflections and personal notes. Journal data is encrypted at rest.

Calendar Connections

• Google Calendar — if you choose to connect your calendar, we access event data in read-only mode to help you schedule quality time together. We do not create, modify, or delete your calendar events without your explicit action.

Device Information

• Device type and operating system version (for crash reporting)
• Push notification tokens (if notifications are enabled), managed via Expo Push Notification service

Covenant offers three sign-in methods, all managed securely through Supabase Auth:

• Google Sign-In — authenticates using your Google account. We receive your email and display name from Google. We do not receive or store your Google password.
• Apple Sign-In — authenticates using your Apple ID. Apple may provide us with your name and email, or a private relay email if you choose to hide your address.
• Email & Password — you create an account with your email and a password. Your password is securely hashed using industry-standard algorithms and is never stored in plain text.

Authentication tokens are stored securely on your device using the platform's secure storage mechanisms (Keychain on iOS, EncryptedSharedPreferences on Android).

We use the information we collect to:

• Provide, maintain, and improve the Covenant app experience
• Facilitate relationship check-ins and track progress over time
• Enable shared goals, prayers, and journal features between partners
• Send optional push notifications for check-in reminders and faith-based prompts
• Display calendar availability to help you schedule quality time together
• Understand app usage patterns to improve features (via anonymous analytics)
• Diagnose and fix technical issues (via anonymous crash reporting)

Your data is stored securely in a Supabase cloud database (PostgreSQL), hosted on infrastructure with enterprise-grade security measures including:

• Encryption at rest and in transit (TLS/SSL) for all data communications
• Row-level security (RLS) policies ensuring you can only access your own data and data shared with your partner
• Prayer and journal data encryption — your most personal content is encrypted at rest in the database
• Authentication tokens stored in device secure storage (not in plain text or local storage)
• Regular security updates and monitoring

While we take reasonable measures to protect your information, no method of electronic storage is 100% secure. We encourage you to use a strong, unique password for your account.

Covenant integrates with the following third-party services:

• Supabase — database, authentication, and backend services (Supabase Privacy Policy)
• Google Sign-In — authentication (Google Privacy Policy)
• Apple Sign-In — authentication (Apple Privacy Policy)
• Google Calendar API — read-only calendar integration, only when explicitly connected by you
• Expo Push Notifications — push notification delivery service (Expo Privacy Policy)
• PostHog — anonymous usage analytics (PostHog Privacy Policy)
• Sentry — anonymous crash reporting (Sentry Privacy Policy)

Each third-party service has its own privacy policy governing how they process data. We encourage you to review their policies.

PostHog (Analytics)

We use PostHog to collect anonymous usage analytics to understand how people use Covenant and improve the app. This data includes general usage patterns such as which screens are visited and which features are used. It does not include your personal content (journal entries, prayers, check-in responses, etc.).

Sentry (Crash Reporting)

We use Sentry to collect anonymous crash data when the app encounters errors. This helps us identify and fix bugs. Crash reports include device type, OS version, and stack traces, but do not include personal content or identifying information.

Push notifications are entirely optional. If you enable them, Covenant may send you reminders for:

• Daily or weekly relationship check-ins
• Goal milestones and reminders
• Devotional and prayer prompts

Push notifications are delivered via Expo Push Notification service. Your device token is stored securely in our database and used solely for delivering notifications. You can disable push notifications at any time through your device settings or within the Covenant app.

When you choose to connect your Google Calendar, Covenant requests read-only access to your calendar events. This means:

• We can view your calendar events to identify shared free time with your partner
• We cannot create, edit, or delete any events on your calendar
• Calendar data is processed in real-time and is not permanently stored in our database
• You can disconnect your Google Calendar at any time from the app settings

Your relationship data (check-ins, prayers, journal entries, goals) is shared only with your connected partner within the app, as intended by the app's core functionality. We may disclose information only if required by law or to protect the safety of our users.

You have full control over your data. You can delete your account and all associated data at any time from the Settings screen within the Covenant app.

When you delete your account:

• All your personal information is permanently removed from our servers
• Your check-in scores, goals, prayers, and journal entries are deleted
• Your partner connection is dissolved
• Your Google Calendar connection is revoked and all cached calendar data is removed
• Your push notification token is deleted
• This action is irreversible

If you are unable to access the app and need to request data deletion, please contact us at privacy@getcovenant-app.com.

Covenant is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@getcovenant-app.com.

We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date at the top of this page. We encourage you to review this policy periodically. Continued use of Covenant after changes are posted constitutes your acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: