Privacy Policy
Effective date: 2026-05-07 · Last updated: 2026-07-08
PleasePray (also operated as RezaPorMi for Spanish-speaking users) is a Catholic prayer-first crowdfunding platform owned and operated by Deo Duce Ventures Inc., a Delaware corporation ("PleasePray," "we," "us," or "our"). This Privacy Policy explains what personal information we collect when you use our websites, mobile apps, and services (collectively, the "Service"), how we use and share that information, and the choices you have.
We've tried to write this in plain English. Each section starts with a one-line summary, followed by the details.
If you have questions, email us at cespinoza@pleasepray.app.
1. Scope
In short: This policy covers the PleasePray and RezaPorMi websites, our iOS mobile app (Android to follow), and the Beth SMS/WhatsApp assistant.
This policy applies to:
- The websites at
pleasepray.app(English) andrezapormi.com(Spanish), including subdomains. - The PleasePray and RezaPorMi mobile apps (currently iOS, with Android planned), which are native apps that present the PleasePray experience and add device features such as importing contacts to your prayer list and finding nearby parishes.
- The Beth assistant available over SMS and WhatsApp.
- Any related features such as Prayer Circle pages, prayer logging, donations, comments, prayer requests, community support ("Lend a Hand"), push notifications, and email communications.
It does not apply to third-party services we link to or that you choose to use independently (for example, Stripe's payment forms or your mobile carrier).
The Service is intended for users 18 years of age or older. See Section 8.
2. Information We Collect
In short: We collect information you provide (like your name, email, phone, prayer intentions, photos), information generated by your activity on the Service (prayers, comments, donations), contacts and location you choose to share through the mobile app, and a small amount of technical information your browser or device sends automatically.
2.1 Account information
When you create an account or sign in, we collect:
- Email address and/or phone number
- Password (stored hashed by our authentication provider — we never see your plaintext password)
- First name, last name, and an auto-generated username
- Optional profile photo
- Optional location (free text), country, timezone
- Optional parish, favorite saint, and how you heard about us
- Phone verification status and channel preference (WhatsApp, SMS, both)
- Opt-in flags for SMS and WhatsApp messaging
2.2 Prayer Circle and prayer-list content
When you create or interact with a Prayer Circle, or manage your personal prayer list, we collect:
- The circle title, intention or story you write, and any photos you upload
- The saint or Marian advocation you select as intercessor
- The circle type (intercessor, rosary, pilgrimage, personal, or my-holy-rosary), prayer goal, dates, and category
- The people and intentions you add to your prayer list — including a name, and (if you provide it) the phone number or email of the person you are praying for, so you can pray for them and optionally invite them
- For pilgrimage and rosary-request circles: prayer requests submitted to you by family and friends, including the requester's name, email, phone, and intention text — with their chosen anonymity and privacy flags
- Your prayer activity (prayers logged, comments, offerings, rosary progress, daily streaks)
If you log prayers as a guest (without an account), we generate a random session identifier so we can associate your prayers with your browser. This identifier is not tied to your real-world identity unless you later create an account.
2.3 Photos and media
Photos you upload (profile pictures and circle cover images) are stored in our hosting provider's object storage. Media you send to Beth over WhatsApp may be downloaded and attached to a Prayer Circle you are creating.
2.4 SMS and WhatsApp messaging
When you opt in to messages from Beth (our prayer assistant), we collect:
- Your phone number and the channel you chose (SMS, WhatsApp, or both)
- The exact consent text you agreed to, the time and method of your consent, and the page where you opted in (these records are kept for compliance)
- The content of messages you send to and receive from Beth, the conversation state (for example, which step of the circle-creation flow you're on), and a count of AI tokens used to process each message
- A suppression record if you reply STOP, so we know not to send you further messages
2.5 Payment information
When you make a donation or set up a creator fundraising account, payment data flows through Stripe. We do not store your full card number, CVC, or bank account number. We do store:
- The Stripe payment ID, donation amount, tip amount, fees, and the connected account (if applicable)
- For creators using Stripe Connect Express: the connected account ID and KYC/payout status flags returned to us by Stripe
Stripe collects identity and payment information directly through its own forms, governed by Stripe's Privacy Policy.
2.6 Communications and notification preferences
- Email address(es) you give us, and the per-circle notification settings you choose (frequency, quiet times, locale, channel)
- Web push subscription data (the push endpoint URL provided by your browser, plus the public keys needed to send you a notification)
- Logs of which transactional emails, push notifications, SMS, and WhatsApp messages we have sent you and whether they succeeded
2.7 Technical, device, and analytics information
When you visit the Service, we automatically receive:
- Your IP address (used to derive an approximate country code via the
x-vercel-ip-countryheader for UI defaults and to determine which privacy-consent options to show you — we do not store the IP itself) - Browser user-agent and device type (recorded with push subscriptions)
- Aggregate, privacy-friendly traffic analytics via Vercel Web Analytics (page views and referrers; no cross-site tracking)
Analytics consent. For visitors in the European Economic Area and the United Kingdom, non-essential analytics do not run until you agree via a consent banner. If you decline (or before you choose), we do not collect these analytics. Your choice is remembered in a cookie for about six months, and you can change it at any time. Visitors outside the EEA/UK are not shown the banner; if we cannot determine your region, we treat analytics as requiring consent by default.
2.8 AI processing inputs
When you use AI-assisted features, the following content is sent to our AI provider, Anthropic, for processing:
- Story enhancement: the raw story text you wrote and the cause category you selected
- Beth assistant (SMS/WhatsApp): the messages you send Beth, recent conversation history, and draft fields like the beneficiary's first name and intention text. Your phone number is included in system context but is not used by Anthropic to identify you
- Beth journal milestones: your first name, locale, and a short description of the milestone
Anthropic processes this content under its API terms and does not use it to train its models.
2.9 Serendipity Network identity, permissions, and people suggestions
If the Serendipity Network integration is enabled, we send first-party identity and provenance events to the PivotNorth event hub. These events may include a stable app account identifier, verified email or phone anchors used for identity resolution, the returned Serendipity global user identifier, event type, timestamp, and minimal structured metadata about Prayer Circle and prayer activity. Prayer text, Prayer Circle story text, comments, Beth messages, and prayer-request text are not sent in these Serendipity provenance events.
If you choose to connect Gmail or Outlook for people suggestions, you are redirected to the Serendipity Network / ConnectionFinder permission flow. PleasePray does not store your provider OAuth tokens. The Serendipity Network may process the mailbox or contact data you authorize through the provider permission screen to create user-scoped people suggestions and graph signals for the sharing action you requested.
Separately, our mobile app can add contacts you personally select from your device's address book to your prayer list — this is a different feature, described in Section 2.11.
2.10 Lend a Hand (community support)
If you or someone in your community turns a prayer intention into a "Lend a Hand" campaign (community support alongside prayer), we may additionally collect:
- The ways to help you enable (prayer, a monetary "Give" goal, meal sign-ups, and/or time-and-talent offers), and a short funding purpose or task description
- For meal sign-ups: the beneficiary's contact name and phone number, a drop-off address, dietary notes, and, from a helper, what they plan to bring and which day
- For volunteer/offer sign-ups: the day and time window a helper commits to and an optional note
Sensitive details such as the drop-off address and contact name/phone are stored in access-restricted tables and are shown only to the campaign creator and to helpers who have signed up for that specific need — never publicly and never to the wider parish feed. Monetary meal donations are processed through Stripe as described in Section 2.5.
2.11 Mobile app device permissions (Contacts and Location)
Our mobile app asks for two optional device permissions. Both are used only when you tap the relevant button, and you can decline either one and still use the app.
- Contacts. If you choose to add people from your phone's address book to your prayer list, the app opens your device contact picker. For each contact you personally select, we store their name and phone number as a prayer-list entry, so you can pray for them and, if you choose, send them an invite from your own phone. We only access the specific contacts you pick — we do not upload your entire address book, and we do not read your contacts in the background.
- Location. If you tap "Use my location" to find nearby parishes, the app requests your device's approximate location. We send those coordinates to look up parishes near you and then discard them — we do not store your location or track you. You can decline and search by ZIP code instead.
3. How We Use Your Information
In short: To run the Service, send the messages and notifications you ask for, process donations, help you and your community pray and support one another, prevent abuse, and improve PleasePray.
We use the information described above to:
- Create and maintain your account and authenticate you
- Operate Prayer Circles, prayer logging, prayer lists, comments, offerings, and prayer requests
- Add people you select from your device contacts to your prayer list, and help you invite them from your own phone
- Find Catholic parishes near you when you ask
- Coordinate "Lend a Hand" community support (prayer, giving, meals, and volunteer offers)
- Send you the messages, push notifications, and emails you've signed up for (milestones, daily digests, comments on your circle, prayer-request lifecycle updates, donation receipts, transactional auth emails)
- Process donations and, for eligible creators, payouts via Stripe
- Generate AI-assisted story enhancements and run the Beth assistant
- Detect and prevent fraud, abuse, spam, and violations of our Terms
- Comply with legal obligations (including TCPA recordkeeping for SMS opt-ins)
- Understand aggregate usage and improve the Service (subject to the analytics consent described in Section 2.7)
- Record first-party provenance events in the Serendipity Network when that integration is enabled
- Show people suggestions from the Serendipity Network after you grant optional provider permissions
3.1 Legal bases for EEA, UK, and similar privacy-law users
Where GDPR, UK GDPR, or similar laws apply, we rely on the following legal bases:
- Contract: to create and operate your account, authenticate you, run Prayer Circles, process donations, and provide requested features
- Consent: for optional SMS, WhatsApp, push notifications, optional communications, optional Gmail/Outlook permissions for people suggestions, mobile contacts and location access, and non-essential analytics
- Legitimate interests: to secure the Service, prevent abuse, understand aggregate usage, and maintain first-party provenance records, unless your rights override those interests
- Legal obligations: to keep required tax, payment, accounting, fraud-prevention, and messaging consent records
4. How We Share Your Information
In short: We share data with the service providers that power PleasePray, with people you choose to share your Prayer Circle with, and when the law requires it. We do not sell your data, and we do not share your mobile information for marketing.
4.1 Service providers (processors)
We share information with vendors that help us operate the Service. Each one is bound by contract to use your data only to provide its service to us.
| Provider | What they do | What they receive |
|---|---|---|
| Supabase | Database, authentication, file storage, realtime, serverless functions | All persistent account, circle, messaging, and notification data |
| Vercel | Web hosting, serverless functions, privacy-friendly analytics | Page request metadata, IP-derived country code |
| Stripe | Payment processing and Stripe Connect Express payouts | Donation amounts, payment IDs, and identity/bank data you provide directly to Stripe |
| Twilio | SMS delivery and SMS one-time-passcode verification | Phone numbers and message content |
| Meta (WhatsApp Cloud API) | WhatsApp message delivery for the Beth assistant | Phone numbers, message content, and media |
| Anthropic | AI processing for story enhancement, the Beth assistant, and journal milestone copy | The specific inputs described in Section 2.8 |
| Resend | Transactional and lifecycle email delivery | Email addresses and the contents of the emails we send you |
| Apple / Google | Mobile app distribution and, when you enable it, push notification delivery on mobile | App download and crash/diagnostic data they collect as platform operators; push tokens if enabled |
| PivotNorth / Serendipity Network | Optional identity resolution, ConnectionFinder permissions, provenance event hub, and user-scoped people suggestions | Stable app account identifiers, verified contact anchors, Serendipity global user IDs, provider-permission data you authorize, graph signals, event metadata, and minimal Prayer Circle/prayer activity metadata |
4.2 Public Prayer Circles
If you mark a Prayer Circle as public, the circle title, story, photos, intercessor, prayer count, comments, offerings, and the creator's display name and avatar are visible to anyone who has the link or finds the circle through Explore. Comments and offerings posted publicly are visible to other supporters; you can post anonymously where the option is offered.
For pilgrimage circles, prayer requests submitted by family and friends are filtered through our prayer_requests_public view, which respects the requester's is_anonymous and is_private flags before showing anything publicly.
4.3 People you invite and community helpers
When you add someone to your prayer list with a phone number or email and choose to invite them, we send that one person an invitation on your behalf. For "Lend a Hand" meal sign-ups, the drop-off address and beneficiary contact details are shared only with the campaign creator and with helpers who sign up for that need, so a meal can be delivered — never with the public or the parish feed.
4.4 Legal compliance
We may disclose information if we believe in good faith that disclosure is required by law, legal process, or a valid government request, or to protect the rights, property, or safety of PleasePray, our users, or the public.
4.5 Business transfers
If PleasePray is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you (for example, by email and a notice on the Service) before your information becomes subject to a different privacy policy.
4.6 SMS data — no sharing for marketing
No mobile information (including your phone number, SMS opt-in status, and the content of text messages) will be shared with third parties or affiliates for marketing or promotional purposes at any time.
4.7 We do not sell your personal information
We do not sell your personal information, and we do not share it with third parties for cross-context behavioral advertising. This is true regardless of where you live, including for users covered by the California Consumer Privacy Act (CCPA/CPRA).
5. Your Rights and Choices
In short: You can access, download, correct, or delete your data, and you can opt out of messages and analytics at any time.
5.1 Account controls
You can review and update most of your information at any time from your profile and settings pages. You can delete your account directly from within the app (Settings → Delete Account) or by emailing cespinoza@pleasepray.app. When you delete your account, we delete your profile, prayer content, prayer-list entries, comments, and the photos, images, and videos you uploaded, and we de-identify or remove associated personal data within a reasonable timeframe consistent with applicable law — except where we are required to retain certain records (see Section 6). If the Serendipity Network integration is enabled, account deletion also clears local Serendipity identity fields and queues a minimal deletion request so the downstream network can process erasure for records tied to your Serendipity global user identifier.
5.2 Download your data (self-service export)
You can download a copy of the personal data we hold about you at any time from Settings → Download Your Data. This produces a machine-readable JSON file that includes your profile, campaigns, prayer intentions and prayers, comments, donation metadata, notification and consent records, and related data. Payment card details are held by Stripe and are not included. This satisfies your right of access and data portability.
5.3 Email preferences
Lifecycle and notification emails include an unsubscribe link. Transactional messages required to operate your account (such as security and authentication emails, and donation receipts) cannot be turned off while your account is active.
5.4 SMS and WhatsApp opt-out
Reply STOP to any message from Beth at any time to opt out of all further messages on that channel. Reply HELP for help. Once you opt out, your number is added to our suppression list and will not receive further messages unless you opt in again. You can also turn messaging off in your settings.
The exact consent disclosure shown to users when opting in is:
"By providing your number, you agree to receive messages from Beth by PleasePray. Up to 4 msgs/month. Msg & data rates may apply. Reply HELP for help, STOP to cancel."
Message frequency is up to 4 messages per month. Message and data rates may apply.
5.5 Push notifications
You can revoke web push permission in your browser at any time, disable notifications for the mobile app in your device settings, or turn push off in your in-app settings. We mark inactive push subscriptions as inactive automatically after extended non-use.
5.6 Device permissions (mobile app)
You can grant or revoke the mobile app's access to your Contacts and Location at any time from your device's system settings. Revoking access does not remove prayer-list entries you have already added; you can delete those individually in the app.
5.7 Analytics consent
If you are in the EEA or UK, you can accept or decline non-essential analytics through the consent banner, and change your choice later. See Section 2.7.
5.8 EEA, UK, and similar privacy rights
If you are in the European Economic Area, the United Kingdom, Spain, or another location with similar privacy rights, you may request to:
- Access the personal data we hold about you (you can also self-serve this via Section 5.2)
- Correct inaccurate personal data
- Delete personal data, subject to legal retention exceptions
- Restrict or object to certain processing
- Receive a portable copy of personal data you provided to us (see Section 5.2)
- Withdraw consent where processing is based on consent
- Lodge a complaint with your local supervisory authority, including Spain's Agencia Espanola de Proteccion de Datos (AEPD)
To exercise these rights, email cespinoza@pleasepray.app from the email address associated with your account, or include enough information for us to verify your identity.
5.9 California privacy rights (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we have collected, used, and disclosed
- Correct inaccurate personal information
- Delete your personal information, subject to certain exceptions
- Limit use of sensitive personal information (we do not use sensitive personal information for purposes that trigger this right)
- Opt out of sale or sharing — as described in Section 4.7, we do not sell or share personal information for cross-context behavioral advertising
- Be free from discrimination for exercising any of these rights
To exercise these rights, email cespinoza@pleasepray.app from the email address associated with your account, or include enough information for us to verify your identity.
5.10 Other state privacy laws
Residents of other US states with comprehensive privacy laws (for example, Virginia, Colorado, Connecticut, Utah, Texas) have similar rights to access, correct, delete, and port their personal information, and to opt out of targeted advertising and sales. We do not engage in either. To exercise your rights, contact us at the email above.
5.11 Authorized agents
You may use an authorized agent to submit a request on your behalf. We may require the agent to provide proof of authorization and may require you to verify your identity directly.
6. Data Retention
In short: We keep most data for as long as your account is active, and we keep a few specific records (like SMS consent and opt-out lists) longer because the law requires it.
| Data | Retention |
|---|---|
| Account profile, Prayer Circles, prayers, comments, offerings, donations, prayer-list entries, prayer journal entries | While your account is active, and as needed for legal, tax, and audit purposes after account deletion |
| Uploaded photos, images, and videos | Deleted from storage when you delete your account |
| Contacts you added to your prayer list | Stored as prayer-list entries and deleted when you remove them or delete your account |
| Lend a Hand meal/volunteer details (drop-off address, contact name/phone, sign-ups) | While the campaign is active; deleted with the campaign or the account |
Beth conversation message logs (whatsapp_message_log) |
90 days, then automatically deleted |
SMS/WhatsApp opt-in consent records (opt_in_records) |
At least 5 years for TCPA compliance |
| SMS suppression list (numbers that replied STOP) | Indefinitely, so we don't message you again after you opt out |
| Web/mobile push subscriptions | Marked inactive after ~90 days of non-use |
| Analytics consent choice (cookie) | ~6 months |
| Stale Beth conversation drafts | Marked closed after 24 hours of inactivity |
| Serendipity event outbox and network identity state, if enabled | Pending rows are kept until delivered or deleted during account erasure; sent rows are purged after the configured retention period, 30 days by default; deletion request records are kept only as needed to propagate erasure |
| AI usage and cost tracking | Retained for billing, abuse prevention, and analytics |
| Aggregate analytics | Retained in aggregated form indefinitely |
When you delete your account, we delete or de-identify your personal data on the schedule above, including your uploaded media in storage. Backups are rotated on a regular cycle and any residual copies are removed in the normal course.
7. Security
In short: We use industry-standard safeguards. No system is perfect.
We use technical and organizational measures to protect your information, including encryption in transit (HTTPS), authenticated access to our database, row-level security and role-based access controls, deny-by-default isolation of sensitive fields (such as home addresses and beneficiary contacts), masking views for shared prayer requests, signed webhooks, rate limiting, and least-privilege keys for our service providers. Stripe handles cardholder data in a PCI-compliant environment that we never touch.
No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we work to mitigate risk and respond promptly to any security incident we identify.
8. Children's Privacy
In short: PleasePray is intended for adults 18 and older.
The Service is intended for users 18 years of age or older. We do not direct the Service to, and do not knowingly collect personal information from, anyone under 18. If you believe a child under 18 has provided us with personal information, please contact us at cespinoza@pleasepray.app and we will delete it.
9. International Users and Data Transfers
In short: PleasePray is a US-based service. If you use it from outside the US, your data is transferred to and processed in the US.
PleasePray is operated by Deo Duce Ventures Inc., a Delaware corporation in the United States. We process and store data in the United States and in the regions our service providers operate. If you use the Service from outside the United States, you understand and agree that your information will be transferred to, stored in, and processed in the United States.
When GDPR, UK GDPR, or similar laws apply, we handle service-provider processing and international transfers under applicable data-processing and transfer requirements.
We currently support sign-in and Beth messaging in countries our SMS provider permits (currently the United States, Canada, and Honduras). Creator fundraising and "Lend a Hand" community support are currently available only to creators in the United States; this list may expand over time. Donors may contribute regardless of country.
The Service is offered in English at pleasepray.app and in Spanish at rezapormi.com.
10. Changes to This Policy
In short: If we make material changes, we will tell you.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top and, where appropriate, notify you by email or a prominent notice on the Service before the change takes effect. Your continued use of the Service after the effective date of an updated policy constitutes acceptance of that policy.
11. Contact Us
In short: Email us.
If you have questions about this Privacy Policy or want to exercise any of your rights, contact:
Deo Duce Ventures Inc. (d/b/a PleasePray)
Email: cespinoza@pleasepray.app
For SMS-program-specific questions, you can also reach us at support@pleasepray.app.