Privacy Policy

Last updated: 7 May 2026

This Privacy Policy describes how Gospelar ("we", "us", "our") — the official GOFAMINT Sunday School companion app published by The Gospel Faith Mission International — collects, uses, and protects your information when you use our mobile application and website at gospelar.com.

1. Information we collect

Information you give us

• Account info: your name, email address, and password (stored as a one-way bcrypt hash — we never see your real password).
• Role: whether you signed up as a student, teacher, or church admin.
• Church link: for teachers, the invite code your church admin gave you (used to associate your data with your church).
• Subscription details: if you subscribe, your selected plan and category preferences.

Information generated by your use of the app

• Quiz scores and lesson completion records.
• Attendance and marks (for teachers marking their students).
• Language and category preferences.
• Device push-notification token, if you opt in to notifications.

Payment information

Payments are processed by Paystack. We never see or store your card number, CVV, or PIN. Paystack returns a transaction reference and an amount, which we store alongside your subscription record.

2. How we use your information

• To provide the core service: deliver lessons, save your progress, sync your teacher data, and process subscriptions.
• To allow your church admin to see anonymous engagement metrics for their congregation (e.g. "8 of 12 students completed this week's lesson"). Individual scores and attendance are visible only to your direct teacher and church admin.
• To send transactional emails such as account verification, payment receipts, and church-approval notifications. Emails are sent via Resend.
• To diagnose and fix problems with the app.

We do not use your information for advertising, sell it to third parties, or share it outside the GOFAMINT ecosystem.

3. Where your data is stored

Your data is stored on Supabase (PostgreSQL hosted in Europe) and accessed by our backend hosted on Railway. All connections use TLS encryption.

4. Children's privacy

Gospelar serves Sunday-School learners of all ages, including children. For users under 13, we collect only the minimum information needed for the app to function (display name, age-group category, lesson progress). We do not enable in-app messaging, do not display advertising, and do not share children's data with any third party.

Parents or guardians can request deletion of a child's account at any time by emailing privacy@gospelar.com.

5. Your rights

You can:

• View and update your profile from the Settings screen in the app.
• Cancel your subscription at any time — your account remains active for the period you've paid for.
• Request a copy of all data we hold about you.
• Request deletion of your account and all associated data.

To exercise any of these rights, email privacy@gospelar.com. We respond within 30 days.

6. Data retention

We keep your account data for as long as your account is active. If you delete your account, we delete personally identifying information within 30 days. Anonymous, aggregated metrics (e.g. "150 lessons completed church-wide this month") may be retained.

7. Security

Passwords are stored as bcrypt hashes. All API traffic is HTTPS-only. We restrict admin access to a small number of authorised personnel. No system is perfectly secure — if you discover a vulnerability, please report it to security@gospelar.com.

8. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Significant changes will be announced in the app.

9. Contact us

If you have questions about this policy, email privacy@gospelar.com.