Privacy Policy
Christians Palace Effective Date: May 28, 2026 Last Updated: June 8, 2026
1. Introduction
Christians Palace ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information is collected when you use the Christians Palace mobile application ("App"), how that information is used, and your rights in relation to it.
By using the App, you agree to the practices described in this Privacy Policy.
2. Summary (Plain Language)
- Core features (Bible study, stories, puzzles, quiz, reflections) work fully offline — no internet connection required.
- Account data is stored primarily on your device. A background sync optionally mirrors your account and progress to our secure server to enable data recovery after reinstallation.
- Your password is never stored in plain text — it is cryptographically hashed (bcrypt) before being saved locally or transmitted.
- The App displays in-app advertisements served by Google AdMob. AdMob may use your device's advertising identifier and IP address to show relevant ads. You may opt out of personalised ads through your device settings.
- The App uses Firebase Analytics to collect anonymised usage events (e.g., features opened, quizzes completed) to help us understand how the App is used and improve it over time.
- We do not sell your personal data to third parties. Data shared with Google AdMob and Firebase Analytics is subject to their respective privacy policies, linked in this document.
- You can delete all your local data at any time by uninstalling the App.
3. Information We Collect
3.1 Information You Provide
When you create an account, we collect:
| Data | Purpose | Where stored |
|---|---|---|
| Display name | Personalise your in-app experience | On your device; optionally synced to our server |
| Email address | Identify your account; password reset | On your device; optionally synced to our server |
| Password | Authenticate you | Stored as a bcrypt hash — never in plain text |
| Google account ID | Google Sign-In authentication | On your device; optionally synced to our server |
We do not collect your phone number, date of birth, payment information, or any government-issued identifier.
3.2 Information Generated by Your Use of the App
As you use the App, the following activity data is created and stored locally on your device and optionally synced to our server:
| Data | Purpose |
|---|---|
| Quiz session history (category, score, points, timestamp) | Display your total points and daily streak |
| Bible story reading progress (story ID, paragraph position, completion status) | Resume stories where you left off |
| Daily reflection progress (day number, status, last opened timestamp) | Track your devotional journey |
| Word Search game progress (level data as JSON) | Save your game state between sessions |
3.3 Device Tokens
If you grant notification permission, the App retrieves a Firebase Cloud Messaging (FCM) push token from your device and sends it to our server. This token is used solely to deliver devotional push notifications to your device. It is not used for advertising or tracking, and is replaced whenever a new token is issued by your device.
3.4 Analytics Data (Firebase Analytics)
The App integrates Firebase Analytics (provided by Google) to collect anonymised usage analytics. When you use the App, Firebase Analytics records:
- Screen views — which screens you navigate to within the App.
- Event name — the feature or action used (e.g., "quiz_started", "story_completed", "reflection_viewed").
- Event properties — contextual data about the action (e.g., quiz category, story title, reflection day number).
- App and device metadata — app version, operating system version, device model, and screen resolution.
- Anonymised user identifier — a randomly generated ID (Firebase Instance ID) that is not linked to your name or email address.
- IP address — used by Google to infer approximate country and region for aggregate reporting; full IP addresses are not retained.
Firebase Analytics data is used solely to improve the App — for example, to understand which features are most used, identify friction points, and prioritise future updates. It is not used for advertising targeting or sold to third parties.
Google's Firebase privacy policy is available at: https://firebase.google.com/support/privacy
3.5 Advertising Data (Google AdMob)
The App displays advertisements served by Google AdMob. When an advertisement is shown, Google may collect:
- Advertising identifier — the Google Advertising ID (GAID) on Android, which can be reset or opted out of in your device settings.
- IP address — used to determine your approximate location for ad relevance and fraud prevention.
- Device information — device type, OS version, and app version.
- Ad interaction data — whether you viewed or tapped on an advertisement.
Google may use this data to show personalised ads based on your inferred interests across apps and websites. You can opt out of personalised advertising at any time:
- Android: Settings → Google → Ads → Opt out of Ads Personalisation (or "Delete advertising ID" on Android 12+)
Google's privacy policy is available at: https://policies.google.com/privacy
3.6 Information We Do NOT Collect
We do not collect or have access to:
- Your precise GPS location (AdMob may infer approximate country/region from IP address for ad targeting, as described in §3.5)
- Your contacts, camera, microphone, or photo library
- Device identifiers beyond the Advertising ID used by AdMob (described in §3.5)
- Crash reports or diagnostic logs beyond what Firebase Analytics records as event metadata
4. How We Use Your Information
All data collected by the App is used solely to provide and improve the App's features for you:
- Account authentication — verifying your identity when you sign in and maintaining your session.
- Progress tracking — saving your quiz scores, story reading position, reflection completion, and game state so the App personalises your experience.
- Devotional statistics — computing your quiz streak, total points, and stories completed, displayed on your Profile screen.
- Account recovery — if you request a password reset, a 6-digit code is sent to your registered email address. This code is valid for 15 minutes and is never displayed in the App.
- Data recovery after reinstall — if you reinstall the App and sign in with the same credentials, your progress and account data can be restored from our server.
- Push notifications — your FCM token is used to send daily devotional reminders to your device.
- Analytics — anonymised usage events are sent to Firebase Analytics to help us understand feature usage and improve the App. This data is not used for advertising.
- Advertising — Google AdMob serves in-app advertisements. AdMob uses the advertising identifier and IP address to show relevant ads. Ad revenue supports the development and maintenance of the free App.
We do not use your data for profiling, automated decision-making, or any purpose beyond operating and improving the App.
5. Local Storage and Data Transmission
Primary storage is on your device using an encrypted SQLite database. A secure session token is stored in your device's secure storage to keep you signed in.
Optional server sync — when you create an account or sign in, a background sync mirrors your account details and progress to our secure server. This sync is used exclusively to enable data recovery after reinstallation and is not used for advertising or analytics.
All data transmitted between the App and our server is sent over HTTPS.
6. Push Notifications
If you grant notification permission, the App may receive server-sent push notifications via Firebase Cloud Messaging (FCM):
- Daily Reflection — a Scripture passage from the App's built-in content.
- Daily Challenge — a Bible quiz or puzzle prompt.
Your FCM push token is stored on our server and used only to route notifications to your device. It is not shared with third parties.
You can disable notifications at any time in your device's Settings → Notifications → Christians Palace.
7. Age Requirement
Christians Palace is intended for users aged 18 and over. By using the App, you confirm that you are at least 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that a user is under 18, we will take steps to remove their data from our systems. If you believe a minor has created an account, please contact us at info@christianspalace.org.
8. Data Security
We take reasonable technical measures to protect your information:
- Bcrypt hashing — your password is transformed into a one-way cryptographic hash before storage or transmission. Your password cannot be recovered from the stored hash.
- HTTPS — all data transmitted between the App and our server is encrypted in transit.
- Secure local storage — your session token is stored in your device's secure storage (flutter_secure_storage).
- Access tokens — server communication uses short-lived JWT access tokens (15 minutes) and rotating refresh tokens (30 days).
No method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
9. Data Retention and Deletion
Your data is retained on your device and our server for as long as you use the App.
To delete your local data:
- Uninstall the App. This removes the SQLite database, secure session storage, and all locally stored account and progress data.
To delete your server-side data:
- Contact us at info@christianspalace.org with your registered email address and we will delete your account and all associated data from our server within 30 days.
Analytics data held by Firebase Analytics and advertising data held by Google AdMob are subject to Google's data retention policies. To request deletion of your analytics data associated with your Firebase Instance ID, contact us at info@christianspalace.org. To manage Google advertising data, use your Google account settings or your device's advertising ID settings (see §3.5).
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access — you can view your name and email in the App's Profile screen.
- Correction — contact us to request a correction to your account information.
- Deletion — uninstall the App to delete local data; contact us to delete server-side data.
- Portability — because your primary data is stored locally, you have direct access to it on your device at all times.
- Opt-out of personalised ads — use your device's advertising settings (Android: Settings → Google → Ads → Opt out of Ads Personalisation).
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to the App or applicable law. When we do, we will revise the Last Updated date at the top of this document. If changes are material, we will make reasonable efforts to notify you (for example, through an in-app notice).
Continued use of the App after a revised Privacy Policy is posted constitutes your acceptance of the changes.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Email: info@christianspalace.org
We aim to respond to all enquiries within 30 days.
This Privacy Policy applies to all versions of the Christians Palace application distributed through the Google Play Store and any other official distribution channels.