Privacy Policy

Effective 2026-05-18. Gather is operated by an independent builder. Contact: support@gathersocial.social.

The short version

Gather is a Christian social app for prayer requests, posts, testimonies, and the people who pray for one another. We collect the minimum we need to make that work. We do not sell your data. We do not use your prayer content for advertising. We do not run trackers or third-party analytics on the site. You can export or delete your account at any time.

What we collect

When you sign up:

• Your email address and a password (handled by Supabase Auth — the password is hashed; we never see the plain text).
• Your chosen username, display name, and denomination tag (Catholic, Protestant, Orthodox, etc.) — this last one is religious-affiliation data, which under GDPR is a special category and is processed only with your explicit consent collected at signup.
• Confirmation that you are 16 or older. Gather is not for children under 16.

When you use Gather:

• The posts, prayer requests, and testimonies you choose to publish. These are visible to other signed-in users by design — that's the point of a prayer community.
• Which prayers you intercede for and which posts you react to. This powers the intercession counter and lets you see your own activity on your profile.
• If you enable push notifications: a browser-specific or device-specific push token so we can notify you when people pray for you. Tokens are tied to your account and used only by Gather push.
• Standard session cookies from Supabase Auth so you stay logged in. We do not use advertising or tracking cookies.

What we do NOT collect:

• Your real name, unless you put it in your display name.
• Your location.
• Contacts, photos, microphone, or any device permission beyond push notifications if you opt in.
• Analytics through Google Analytics, Meta Pixel, Mixpanel, or similar third parties — none of these are integrated.

How we use it

• To run the app — show you the feed, count intercessions, send pushes you opted into.
• To enforce the community guidelines (we keep a moderation audit log when content is hidden or users are banned).
• To respond if you email us with a question, support request, or deletion request.

We do not use your content to train AI models. We do not sell, rent, or share your data with advertisers, data brokers, or any third party other than the infrastructure providers listed below who store the data so the app can work.

Where your data lives

• Supabase (US-based) hosts the database and handles authentication. They are SOC 2 Type II certified and operate under their own privacy policy.
• Vercel (US-based) hosts the web app and serves pages.
• Apple Push Notification service and standard Web Push deliver notifications when you opt in.

If you access Gather from outside the United States, your data is transferred to and stored in the United States.

How long we keep it

• Account, posts, prayers, intercessions, and reactions: as long as your account exists.
• Moderation audit log: 24 months after the action, then deleted.
• Push notification tokens: until the token expires or you disable notifications, whichever comes first.
• When you deactivate from Settings: your account is signed out and hidden from the app. To permanently erase your data, email us — we delete or anonymize your posts and prayer-related rows within 30 days of receiving your request.

Your rights

• Access: email support@gathersocial.social and we will send you a copy of the data we hold on you within 30 days.
• Correction: you can edit your username, display name, and denomination from Settings. For other corrections, email us.
• Deletion: deactivate from Settings, then email us to permanently erase. We complete deletion within 30 days of your written request.
• Export: request an export from Settings or by email; we provide your data in JSON.
• Withdraw consent: you can revoke consent at any time by deleting your account. Religious-affiliation data is processed under explicit consent; withdrawing it means closing your account.
• Complain: if you believe we are mishandling your data, you can lodge a complaint with your local data protection authority (in the EU, your national DPA; in the UK, the ICO).

Children

Gather is not for users under 16. We do not knowingly collect data from children under 16. If you believe a child has created an account, email us and we will remove it.

Sensitive content and crisis support

Gather processes prayer content that may include discussion of mental health, illness, addiction, grief, or other sensitive topics. We treat all such content as confidential to the Gather community of signed-in users. If we detect content suggesting immediate crisis, we may display a banner pointing to professional resources (988 Suicide and Crisis Lifeline in the US). We do not monitor your content for any purpose other than this safety check and community-guidelines enforcement.

Gather is not a substitute for professional mental health, medical, or pastoral care. If you or someone you know is in immediate danger, contact emergency services.

Security

Connections are encrypted end-to-end with HTTPS. Passwords are hashed by Supabase Auth using industry-standard algorithms. Database access is restricted by row-level security policies so users can only modify their own data. We will notify affected users without undue delay if we ever discover a breach affecting their personal data.

Changes to this policy

If we change this policy materially, we will notify signed-in users via an in-app banner before the change takes effect. The effective date at the top of this page is updated whenever the policy is revised.

Contact

Questions, data requests, complaints, or anything else:
support@gathersocial.social

This policy is written in plain language by the operator. It is not legal advice. Before scaling beyond a small interview cohort, Gather should have this reviewed by counsel.