Privacy Policy — HFI Connect

Effective date: 29 May 2026  ·  Last updated: 29 May 2026

This Privacy Policy explains how Holy Fire Ministries (“we”, “us”, “our”) collects, uses, shares, and protects your information when you use the HFI Connect mobile application (the “App”) on iOS and Android.

By creating an account or using the App, you agree to this Policy. If you do not agree, please do not use the App.

1. Summary

HFI Connect is a private community app for members of Holy Fire Ministries. It lets approved members read the Bible, view events, announcements and sermons, submit and pray for prayer requests, react and comment, and receive notifications. We collect only the information needed to operate this community and to keep your account secure. We do not sell your personal data, and we do not use it for third-party advertising or cross-app tracking.

2. Information We Collect

a) Information you provide

• Account & identity: full name, email address, mobile number, and password (passwords are stored only as a salted hash by our authentication provider — we never see your plain password).
• Profile details: date of birth, wedding anniversary, profile photo, member ID, and your assigned role in the church (e.g., Member, Leader, Admin).
• Content you create: prayer requests, comments, reactions, and any images you upload or create (including verse images you generate and choose to save or share).

b) Information collected automatically

• Device & push tokens: a push-notification token and basic device/OS information, used solely to deliver notifications you’ve opted into.
• Diagnostics & crash data: crash reports, error logs, and basic performance data to help us fix bugs and keep the App stable.

c) Information stored only on your device

• Bible bookmarks, highlights, notes, reading preferences, and “seen” markers are stored locally on your device and are not uploaded to our servers.

d) Information we do not collect

• We do not collect your precise or background location (the App only opens map links you tap).
• We do not use advertising identifiers or track you across other apps or websites.

3. Device Permissions

The App asks for the following permissions, only when needed, and explains why at the moment of use:

Permission	Why
Camera	Take a profile photo or capture an image for a post.
Photo Library (read)	Choose a profile picture, attach an image to a post, or pick a background for a verse image.
Photo Library (add/save)	Save verse images and posts to your device’s photos when you tap Download.
Notifications	Send you alerts about events, announcements, prayer activity, comments/reactions, and celebrations.
Microphone	Record audio only if you choose to capture a sermon clip.

You can change or revoke these permissions at any time in your device settings.

4. How We Use Your Information

We use your information to:

• create and manage your account and verify/approve membership;
• show you community content (events, announcements, sermons, prayers) relevant to your role;
• let you post, comment, react, and pray, and show others who reacted/commented;
• send push notifications and transactional emails (e.g., welcome and approval emails);
• celebrate birthdays and anniversaries within the community;
• keep the App secure, prevent abuse, and diagnose and fix problems.

Legal bases (where applicable): performance of our service to you, your consent (notifications, camera/photo access, optional profile fields), and our legitimate interests (security, debugging, and operating the community).

5. How We Share Information

We share information only as needed to run the App, with service providers (“processors / sub-processors”) who handle data on our behalf under their own privacy and security commitments:

Provider	Purpose
Supabase	Database, authentication, and file storage
Expo	Push-notification delivery and app build/update services
Apple Push Notification service (APNs)	Delivering notifications on iOS
Google Firebase Cloud Messaging (FCM)	Delivering notifications on Android
Sentry	Crash and error reporting
Resend	Sending transactional emails
Cloudflare R2	Media storage and faster content delivery
Apple / Google	Sign-in (Sign in with Apple) and app distribution

We may also disclose information if required by law, to protect the rights, safety, or property of our community, or in connection with a lawful request.

Community visibility: content you post (your name, prayer requests, comments, reactions, profile photo) is visible to other approved members of the community. Please share only what you are comfortable making visible to the congregation.

We do not sell personal data.

6. International Data Transfers

Our service providers may process and store data on servers located outside your country (including outside India). Where this happens, we rely on appropriate safeguards and the providers’ contractual and security commitments to protect your information.

7. Data Retention

We keep your personal data for as long as your account is active. If you delete your account (see Section 8), we delete or irreversibly anonymize your personal data and content within a reasonable period, except where we must retain certain records to comply with legal obligations, resolve disputes, or enforce our agreements. Backups are purged on a rolling schedule.

8. Your Rights & Account Deletion

You have the right to access, correct, update, or delete your personal information, and to withdraw consent (for example, by turning off notifications or revoking permissions).

Deleting your account:

• In the App: go to Settings → Delete account and confirm. This permanently removes your account, profile, and associated personal content.
• By request: email us at holyfireministries.india@gmail.com from your registered email and we will delete your account and personal data.

You can edit most profile information directly in the App at any time.

9. Children’s Privacy

HFI Connect is intended for the members of Holy Fire Ministries and is not directed to children under 13. Members under the age of 18 should use the App only with the involvement and consent of a parent or guardian. If you believe a child has provided us personal information without appropriate consent, contact us and we will delete it.

10. Data Security

We use industry-standard measures to protect your information, including encrypted connections (HTTPS/TLS), hashed passwords, and database access controls (row-level security) that restrict data to authorized users. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your data and to notify you of any breach as required by law.

11. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, notify you in the App. Your continued use of the App after changes take effect means you accept the updated Policy.

12. Contact Us / Grievances

If you have questions, requests, or complaints about this Policy or your data:

For users in India, you may contact us at the address above as our grievance contact under the Digital Personal Data Protection Act, 2023. We will respond to verified requests within the time required by applicable law.