Legal · Privacy

Privacy Policy

Effective: April 30, 2026

Psalm 77 (“the App,” “we,” “us,” or “our”) is operated by BluNote (“the Operator”). This Privacy Policy describes what data we collect, how we use it, who we share it with, and the choices you have. By using the App you agree to this policy.

1. Who We Are

Psalm 77 is a personal testimony journal for iOS. The Operator is BluNote, a sole-trader entity based in Australia. You can reach us at privacy@psalm77.xyz.

2. Data We Collect

The App collects only what is needed for it to function:

• Account information. Email address and an optional display name when you sign up. If you sign in with Apple, we receive the Apple-issued identity token (and an email if you choose to share it).
• Testimony content. The titles, stories, dates, tags, and photos you choose to record in the App. This content stays private to your account by default.
• Push notification token. If you enable reminders, we receive a device-specific token so iOS can deliver the notification.
• Notification preferences. Your selected reminder times, anniversary toggle, and evening reflection toggle.

We do not collect: location, contacts, browsing history, health data, financial data, or precise device identifiers beyond the push token described above.

3. How We Use Your Data

• To create and maintain your account.
• To store and display your testimonies and photos.
• To deliver scheduled reminder notifications you opted into.
• To respond when you contact us at any psalm77.xyz address.

We do not use your data for advertising. We do not sell your data. We do not share your data with third parties except the service providers described in §5.

4. Lawful Basis (GDPR)

• Performance of a contract — providing the App you signed up for.
• Consent — push notifications, photo library access, and any other permission the App requests.
• Legitimate interest — security, fraud prevention, and minimal operational logging.

5. Service Providers

We rely on a small number of third-party services. Each receives only the data needed to deliver its function.

• Supabase (database, authentication, file storage) — stores your account, testimonies, and photos. Hosted in the Asia-Pacific region. supabase.com/privacy.
• Apple, Inc. — Sign in with Apple authentication and push notification delivery (APNs). apple.com/legal/privacy.
• Expo — push token registration and over-the-air JS updates for the App. expo.dev/privacy.
• Vercel — hosting for this website and the testimony preview pages used when you share a testimony. vercel.com/legal/privacy-policy.
• ImprovMX — email forwarding for psalm77.xyz inboxes (privacy@, support@, hello@, etc.). improvmx.com/privacy.

6. How Sharing Works

Testimonies are private by default. When you tap “Share Testimony” or “Export as Image,” the App generates a public preview link or an image that you can send to anyone. Only testimonies you explicitly share become accessible via these links. You can stop sharing a testimony at any time by deleting it.

7. Data Retention

Your data stays in our database for as long as your account is active. When you delete your account from inside the App (Profile → Settings → Delete Account), we permanently delete:

• All your testimonies, tags, and photos.
• Your profile row and notification preferences.
• Your authentication record.

If you signed in with Apple, we revoke your Apple identity token via Apple’s revocation API as part of the deletion. Backups containing deleted data are purged within 30 days.

8. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your data — directly via the in-App Delete Account flow, or by emailing privacy@psalm77.xyz.
• Export your testimonies — Profile → Export gives you a JSON file of every entry.
• Withdraw consent for notifications at any time via Settings, or for permissions via iOS Settings.

Under GDPR and CCPA you also have the right to lodge a complaint with your local data protection authority. We will respond to written requests within 30 days.

9. Children’s Privacy

Psalm 77 is rated 4+ but is intended for use by individuals 13 years and older. We do not knowingly collect personal data from children under 13. If you believe a child has used the App without parental consent, contact us at privacy@psalm77.xyz and we will remove the account.

10. Security

Data in transit is protected with HTTPS/TLS. Authentication tokens are stored on-device using Apple’s Secure Enclave via expo-secure-store. Database access is gated by Row-Level Security policies that limit every query to the authenticated user’s own rows.

11. International Transfers

Our database is hosted in the Asia-Pacific (Sydney) region. If you are in another jurisdiction, your data is transferred there subject to appropriate safeguards under GDPR.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be announced in the App and reflected in the Effective date above. Continued use of the App after a change constitutes acceptance of the revised policy.

13. Contact

Questions, requests, or complaints: privacy@psalm77.xyz.