Privacy Policy

Introduction

Welcome to Tower of Babble ("we," "our," or "us"). We are committed to protecting your privacy and handling your personal information with care and respect. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

By using Tower of Babble, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

Information We Collect

Personal Information You Provide

When you create an account, we collect:

• Email Address: Used for account creation, verification, and communication
• Name: Used for personalization and account identification
• Password: Encrypted and stored securely (we never store plain text passwords)
• Religious Denomination: Optional information to personalize AI-generated prayers

Content You Create

• Prayer Content: Prayers you create, edit, or save
• "Pray On It" Items: People, situations, or intentions you track for prayer
• AI Generation Requests: Context and preferences you provide for AI prayer generation
• Audio Files: MP3 files generated from your prayers for playback, stored using system-generated identifiers (prayer UUID and voice ID) that do not directly identify a user

Usage Information

• Prayer Statistics: Play count, last played date, prayer categories
• Voice Preferences: Selected voice and playback settings
• Subscription Tier: Free, Pro, or Prayer Warrior status
• AI Usage: Number of AI prayers generated

Device Information

• Device Type: iPhone or iPad model information
• Operating System: iOS version
• App Version: Version of Tower of Babble you're using

Payment Information

We do not directly collect or store your payment information. All payments are processed through Apple's In-App Purchase system. Apple handles all payment processing, and we only receive confirmation of successful purchases.

How We Use Your Information

We use the information we collect to:

• Provide Our Service: Create and manage your account, sync your prayers across devices
• Personalize Your Experience: Generate context-appropriate AI prayers based on your denomination and preferences
• Generate Audio: Convert your prayers to speech using text-to-speech services and cache the audio files in cloud storage for faster playback
• Manage Subscriptions: Track your subscription tier and enforce feature limits
• Communicate With You: Send account verification emails, password reset links, and important service updates
• Improve Our Service: Analyze usage patterns to enhance features and user experience
• Ensure Security: Detect and prevent fraud, abuse, and technical issues
• Comply With Legal Obligations: Respond to legal requests and prevent illegal activities

Third-Party Services

We use the following third-party services to provide our functionality:

Amazon Web Services (AWS)

We use AWS for cloud hosting, file storage (S3), and serverless computing (Lambda). Your data is stored in AWS data centers in the United States. AWS maintains SOC 2 and ISO 27001 certifications for security.

Neon (PostgreSQL Database Hosting)

We use Neon to host our PostgreSQL database, a managed serverless PostgreSQL service that stores application data such as user accounts, prayer content, and usage metadata. Data is encrypted in transit and at rest according to Neon's security practices.

Neon operates cloud infrastructure in the United States and processes data solely for the purpose of providing database hosting services. Neon does not access or use your data for advertising or marketing purposes.

OpenAI

When you use our AI prayer generation feature, your prayer context and preferences are sent to OpenAI's GPT models to generate personalized prayers. OpenAI processes this data according to their privacy policy and applicable API usage agreements, and does not use customer API data to train models as stated in those agreements.

Text-to-Speech Providers

We use the following services to convert prayers to audio:

• Fish Audio: Premium natural voice synthesis
• Microsoft Azure TTS: Neural voice technology

Prayer text is sent to these services only when generating audio. Generated audio files are cached for your use.

Apple In-App Purchase

Payment processing is handled entirely by Apple. We receive only subscription status confirmations and do not have access to your credit card or payment information.

Data Storage and Security

Where Your Data Is Stored

• Account Data: PostgreSQL database hosted via Neon on U.S.-based cloud infrastructure (encrypted at rest)
• Prayer Content: PostgreSQL database hosted via Neon with automatic backups
• Audio Files: Amazon S3 storage with server-side encryption. Audio files are stored using anonymous identifiers (prayer UUID + voice ID) and contain no personally identifiable information within the files themselves. Files are cached to improve performance and reduce costs.

Security Measures

We implement industry-standard security practices:

• Encryption in Transit: All data transmitted using HTTPS/TLS encryption
• Encryption at Rest: Database and file storage encrypted using AWS encryption
• Password Protection: Passwords hashed using bcrypt (industry-standard)
• Access Controls: Strict authentication and authorization for all API requests
• Regular Updates: Security patches applied promptly to all systems

Data Retention

We retain your data for as long as your account is active. When you delete your account, your personal information, prayer content, and associated audio files are permanently deleted within 30 days. Some anonymized usage data may be retained for analytics purposes.

Your Privacy Rights

Access and Control

You have the right to:

• Access Your Data: View all your account information and prayer content in the app
• Update Your Data: Edit your name, email, denomination, and preferences at any time
• Delete Your Data: Permanently delete your account and all associated data
• Export Your Data: Download your prayers in a portable format (coming soon)
• Opt Out of AI Features: Choose not to use AI prayer generation

GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to certain types of data processing
• Right to Withdraw Consent: Withdraw consent at any time

CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of what personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (note: we do not sell your data)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

Children's Privacy

Tower of Babble is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete such information from our systems.

Data Sharing and Disclosure

We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

When We May Share Your Data

We may share your information only in the following circumstances:

• Service Providers: With third parties who help us operate our service (AWS, OpenAI, TTS providers) under strict data processing agreements
• Legal Requirements: If required by law, court order, or government request
• Protection of Rights: To protect our rights, privacy, safety, or property, or that of our users
• Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)
• With Your Consent: When you explicitly authorize us to share your information

International Data Transfers

Our servers are located in the United States. If you are accessing our service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using our service, you consent to the transfer of your information to the United States and other countries where we operate.

For users in the European Economic Area (EEA), we ensure appropriate safeguards are in place for such transfers in accordance with GDPR requirements.

Cookies and Tracking

We do not use third-party advertising or cross-app tracking technologies. We do not use analytics services like Google Analytics. Any usage data collected is limited to what is necessary to provide the service (e.g., prayer play counts for your statistics).

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we may provide additional notice such as an in-app notification or email.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Your Consent

By using Tower of Babble, you consent to this Privacy Policy and agree to its terms. If you do not agree with this policy, please do not use our service.