PleasePray

Privacy Policy

Effective date: 2026-05-07  ·  Last updated: 2026-07-08

PleasePray (also operated as RezaPorMi for Spanish-speaking users) is a Catholic prayer-first crowdfunding platform owned and operated by Deo Duce Ventures Inc., a Delaware corporation ("PleasePray," "we," "us," or "our"). This Privacy Policy explains what personal information we collect when you use our websites, mobile apps, and services (collectively, the "Service"), how we use and share that information, and the choices you have.

We've tried to write this in plain English. Each section starts with a one-line summary, followed by the details.

If you have questions, email us at cespinoza@pleasepray.app.


1. Scope

In short: This policy covers the PleasePray and RezaPorMi websites, our iOS mobile app (Android to follow), and the Beth SMS/WhatsApp assistant.

This policy applies to:

It does not apply to third-party services we link to or that you choose to use independently (for example, Stripe's payment forms or your mobile carrier).

The Service is intended for users 18 years of age or older. See Section 8.


2. Information We Collect

In short: We collect information you provide (like your name, email, phone, prayer intentions, photos), information generated by your activity on the Service (prayers, comments, donations), contacts and location you choose to share through the mobile app, and a small amount of technical information your browser or device sends automatically.

2.1 Account information

When you create an account or sign in, we collect:

2.2 Prayer Circle and prayer-list content

When you create or interact with a Prayer Circle, or manage your personal prayer list, we collect:

If you log prayers as a guest (without an account), we generate a random session identifier so we can associate your prayers with your browser. This identifier is not tied to your real-world identity unless you later create an account.

2.3 Photos and media

Photos you upload (profile pictures and circle cover images) are stored in our hosting provider's object storage. Media you send to Beth over WhatsApp may be downloaded and attached to a Prayer Circle you are creating.

2.4 SMS and WhatsApp messaging

When you opt in to messages from Beth (our prayer assistant), we collect:

2.5 Payment information

When you make a donation or set up a creator fundraising account, payment data flows through Stripe. We do not store your full card number, CVC, or bank account number. We do store:

Stripe collects identity and payment information directly through its own forms, governed by Stripe's Privacy Policy.

2.6 Communications and notification preferences

2.7 Technical, device, and analytics information

When you visit the Service, we automatically receive:

Analytics consent. For visitors in the European Economic Area and the United Kingdom, non-essential analytics do not run until you agree via a consent banner. If you decline (or before you choose), we do not collect these analytics. Your choice is remembered in a cookie for about six months, and you can change it at any time. Visitors outside the EEA/UK are not shown the banner; if we cannot determine your region, we treat analytics as requiring consent by default.

2.8 AI processing inputs

When you use AI-assisted features, the following content is sent to our AI provider, Anthropic, for processing:

Anthropic processes this content under its API terms and does not use it to train its models.

2.9 Serendipity Network identity, permissions, and people suggestions

If the Serendipity Network integration is enabled, we send first-party identity and provenance events to the PivotNorth event hub. These events may include a stable app account identifier, verified email or phone anchors used for identity resolution, the returned Serendipity global user identifier, event type, timestamp, and minimal structured metadata about Prayer Circle and prayer activity. Prayer text, Prayer Circle story text, comments, Beth messages, and prayer-request text are not sent in these Serendipity provenance events.

If you choose to connect Gmail or Outlook for people suggestions, you are redirected to the Serendipity Network / ConnectionFinder permission flow. PleasePray does not store your provider OAuth tokens. The Serendipity Network may process the mailbox or contact data you authorize through the provider permission screen to create user-scoped people suggestions and graph signals for the sharing action you requested.

Separately, our mobile app can add contacts you personally select from your device's address book to your prayer list — this is a different feature, described in Section 2.11.

2.10 Lend a Hand (community support)

If you or someone in your community turns a prayer intention into a "Lend a Hand" campaign (community support alongside prayer), we may additionally collect:

Sensitive details such as the drop-off address and contact name/phone are stored in access-restricted tables and are shown only to the campaign creator and to helpers who have signed up for that specific need — never publicly and never to the wider parish feed. Monetary meal donations are processed through Stripe as described in Section 2.5.

2.11 Mobile app device permissions (Contacts and Location)

Our mobile app asks for two optional device permissions. Both are used only when you tap the relevant button, and you can decline either one and still use the app.


3. How We Use Your Information

In short: To run the Service, send the messages and notifications you ask for, process donations, help you and your community pray and support one another, prevent abuse, and improve PleasePray.

We use the information described above to:

3.1 Legal bases for EEA, UK, and similar privacy-law users

Where GDPR, UK GDPR, or similar laws apply, we rely on the following legal bases:


4. How We Share Your Information

In short: We share data with the service providers that power PleasePray, with people you choose to share your Prayer Circle with, and when the law requires it. We do not sell your data, and we do not share your mobile information for marketing.

4.1 Service providers (processors)

We share information with vendors that help us operate the Service. Each one is bound by contract to use your data only to provide its service to us.

Provider What they do What they receive
Supabase Database, authentication, file storage, realtime, serverless functions All persistent account, circle, messaging, and notification data
Vercel Web hosting, serverless functions, privacy-friendly analytics Page request metadata, IP-derived country code
Stripe Payment processing and Stripe Connect Express payouts Donation amounts, payment IDs, and identity/bank data you provide directly to Stripe
Twilio SMS delivery and SMS one-time-passcode verification Phone numbers and message content
Meta (WhatsApp Cloud API) WhatsApp message delivery for the Beth assistant Phone numbers, message content, and media
Anthropic AI processing for story enhancement, the Beth assistant, and journal milestone copy The specific inputs described in Section 2.8
Resend Transactional and lifecycle email delivery Email addresses and the contents of the emails we send you
Apple / Google Mobile app distribution and, when you enable it, push notification delivery on mobile App download and crash/diagnostic data they collect as platform operators; push tokens if enabled
PivotNorth / Serendipity Network Optional identity resolution, ConnectionFinder permissions, provenance event hub, and user-scoped people suggestions Stable app account identifiers, verified contact anchors, Serendipity global user IDs, provider-permission data you authorize, graph signals, event metadata, and minimal Prayer Circle/prayer activity metadata

4.2 Public Prayer Circles

If you mark a Prayer Circle as public, the circle title, story, photos, intercessor, prayer count, comments, offerings, and the creator's display name and avatar are visible to anyone who has the link or finds the circle through Explore. Comments and offerings posted publicly are visible to other supporters; you can post anonymously where the option is offered.

For pilgrimage circles, prayer requests submitted by family and friends are filtered through our prayer_requests_public view, which respects the requester's is_anonymous and is_private flags before showing anything publicly.

4.3 People you invite and community helpers

When you add someone to your prayer list with a phone number or email and choose to invite them, we send that one person an invitation on your behalf. For "Lend a Hand" meal sign-ups, the drop-off address and beneficiary contact details are shared only with the campaign creator and with helpers who sign up for that need, so a meal can be delivered — never with the public or the parish feed.

4.4 Legal compliance

We may disclose information if we believe in good faith that disclosure is required by law, legal process, or a valid government request, or to protect the rights, property, or safety of PleasePray, our users, or the public.

4.5 Business transfers

If PleasePray is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you (for example, by email and a notice on the Service) before your information becomes subject to a different privacy policy.

4.6 SMS data — no sharing for marketing

No mobile information (including your phone number, SMS opt-in status, and the content of text messages) will be shared with third parties or affiliates for marketing or promotional purposes at any time.

4.7 We do not sell your personal information

We do not sell your personal information, and we do not share it with third parties for cross-context behavioral advertising. This is true regardless of where you live, including for users covered by the California Consumer Privacy Act (CCPA/CPRA).


5. Your Rights and Choices

In short: You can access, download, correct, or delete your data, and you can opt out of messages and analytics at any time.

5.1 Account controls

You can review and update most of your information at any time from your profile and settings pages. You can delete your account directly from within the app (Settings → Delete Account) or by emailing cespinoza@pleasepray.app. When you delete your account, we delete your profile, prayer content, prayer-list entries, comments, and the photos, images, and videos you uploaded, and we de-identify or remove associated personal data within a reasonable timeframe consistent with applicable law — except where we are required to retain certain records (see Section 6). If the Serendipity Network integration is enabled, account deletion also clears local Serendipity identity fields and queues a minimal deletion request so the downstream network can process erasure for records tied to your Serendipity global user identifier.

5.2 Download your data (self-service export)

You can download a copy of the personal data we hold about you at any time from Settings → Download Your Data. This produces a machine-readable JSON file that includes your profile, campaigns, prayer intentions and prayers, comments, donation metadata, notification and consent records, and related data. Payment card details are held by Stripe and are not included. This satisfies your right of access and data portability.

5.3 Email preferences

Lifecycle and notification emails include an unsubscribe link. Transactional messages required to operate your account (such as security and authentication emails, and donation receipts) cannot be turned off while your account is active.

5.4 SMS and WhatsApp opt-out

Reply STOP to any message from Beth at any time to opt out of all further messages on that channel. Reply HELP for help. Once you opt out, your number is added to our suppression list and will not receive further messages unless you opt in again. You can also turn messaging off in your settings.

The exact consent disclosure shown to users when opting in is:

"By providing your number, you agree to receive messages from Beth by PleasePray. Up to 4 msgs/month. Msg & data rates may apply. Reply HELP for help, STOP to cancel."

Message frequency is up to 4 messages per month. Message and data rates may apply.

5.5 Push notifications

You can revoke web push permission in your browser at any time, disable notifications for the mobile app in your device settings, or turn push off in your in-app settings. We mark inactive push subscriptions as inactive automatically after extended non-use.

5.6 Device permissions (mobile app)

You can grant or revoke the mobile app's access to your Contacts and Location at any time from your device's system settings. Revoking access does not remove prayer-list entries you have already added; you can delete those individually in the app.

5.7 Analytics consent

If you are in the EEA or UK, you can accept or decline non-essential analytics through the consent banner, and change your choice later. See Section 2.7.

5.8 EEA, UK, and similar privacy rights

If you are in the European Economic Area, the United Kingdom, Spain, or another location with similar privacy rights, you may request to:

To exercise these rights, email cespinoza@pleasepray.app from the email address associated with your account, or include enough information for us to verify your identity.

5.9 California privacy rights (CCPA/CPRA)

If you are a California resident, you have the right to:

To exercise these rights, email cespinoza@pleasepray.app from the email address associated with your account, or include enough information for us to verify your identity.

5.10 Other state privacy laws

Residents of other US states with comprehensive privacy laws (for example, Virginia, Colorado, Connecticut, Utah, Texas) have similar rights to access, correct, delete, and port their personal information, and to opt out of targeted advertising and sales. We do not engage in either. To exercise your rights, contact us at the email above.

5.11 Authorized agents

You may use an authorized agent to submit a request on your behalf. We may require the agent to provide proof of authorization and may require you to verify your identity directly.


6. Data Retention

In short: We keep most data for as long as your account is active, and we keep a few specific records (like SMS consent and opt-out lists) longer because the law requires it.
Data Retention
Account profile, Prayer Circles, prayers, comments, offerings, donations, prayer-list entries, prayer journal entries While your account is active, and as needed for legal, tax, and audit purposes after account deletion
Uploaded photos, images, and videos Deleted from storage when you delete your account
Contacts you added to your prayer list Stored as prayer-list entries and deleted when you remove them or delete your account
Lend a Hand meal/volunteer details (drop-off address, contact name/phone, sign-ups) While the campaign is active; deleted with the campaign or the account
Beth conversation message logs (whatsapp_message_log) 90 days, then automatically deleted
SMS/WhatsApp opt-in consent records (opt_in_records) At least 5 years for TCPA compliance
SMS suppression list (numbers that replied STOP) Indefinitely, so we don't message you again after you opt out
Web/mobile push subscriptions Marked inactive after ~90 days of non-use
Analytics consent choice (cookie) ~6 months
Stale Beth conversation drafts Marked closed after 24 hours of inactivity
Serendipity event outbox and network identity state, if enabled Pending rows are kept until delivered or deleted during account erasure; sent rows are purged after the configured retention period, 30 days by default; deletion request records are kept only as needed to propagate erasure
AI usage and cost tracking Retained for billing, abuse prevention, and analytics
Aggregate analytics Retained in aggregated form indefinitely

When you delete your account, we delete or de-identify your personal data on the schedule above, including your uploaded media in storage. Backups are rotated on a regular cycle and any residual copies are removed in the normal course.


7. Security

In short: We use industry-standard safeguards. No system is perfect.

We use technical and organizational measures to protect your information, including encryption in transit (HTTPS), authenticated access to our database, row-level security and role-based access controls, deny-by-default isolation of sensitive fields (such as home addresses and beneficiary contacts), masking views for shared prayer requests, signed webhooks, rate limiting, and least-privilege keys for our service providers. Stripe handles cardholder data in a PCI-compliant environment that we never touch.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we work to mitigate risk and respond promptly to any security incident we identify.


8. Children's Privacy

In short: PleasePray is intended for adults 18 and older.

The Service is intended for users 18 years of age or older. We do not direct the Service to, and do not knowingly collect personal information from, anyone under 18. If you believe a child under 18 has provided us with personal information, please contact us at cespinoza@pleasepray.app and we will delete it.


9. International Users and Data Transfers

In short: PleasePray is a US-based service. If you use it from outside the US, your data is transferred to and processed in the US.

PleasePray is operated by Deo Duce Ventures Inc., a Delaware corporation in the United States. We process and store data in the United States and in the regions our service providers operate. If you use the Service from outside the United States, you understand and agree that your information will be transferred to, stored in, and processed in the United States.

When GDPR, UK GDPR, or similar laws apply, we handle service-provider processing and international transfers under applicable data-processing and transfer requirements.

We currently support sign-in and Beth messaging in countries our SMS provider permits (currently the United States, Canada, and Honduras). Creator fundraising and "Lend a Hand" community support are currently available only to creators in the United States; this list may expand over time. Donors may contribute regardless of country.

The Service is offered in English at pleasepray.app and in Spanish at rezapormi.com.


10. Changes to This Policy

In short: If we make material changes, we will tell you.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top and, where appropriate, notify you by email or a prominent notice on the Service before the change takes effect. Your continued use of the Service after the effective date of an updated policy constitutes acceptance of that policy.


11. Contact Us

In short: Email us.

If you have questions about this Privacy Policy or want to exercise any of your rights, contact:

Deo Duce Ventures Inc. (d/b/a PleasePray)

Email: cespinoza@pleasepray.app

For SMS-program-specific questions, you can also reach us at support@pleasepray.app.