Privacy Policy

1. Introduction & Data Controller

Path of Light ("we", "us", or "our") operates a daily AI Christian companion accessible via WhatsApp and the website at pathoflight.app. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

The data controller responsible for your personal data is:
Path of Light
Email: [email protected]

2. Data We Collect

We collect and process the following categories of personal data:

• Account data: your name and phone number, provided when you start using Path of Light on WhatsApp.
• Chat messages: the messages you exchange with our AI companion via WhatsApp, used to provide and improve the service.
• Usage data: IP address, browser type, device information, pages visited, and interaction data collected automatically via Google Analytics 4 (GA4) on our website.
• Cookies: small data files placed on your device by our website and third-party analytics services.

3. How We Use Your Data

We use your personal data for the following purposes:

• To provide and operate the Path of Light service, including delivering daily devotionals and responding to your messages.
• To personalize your experience and improve the quality of AI-generated responses.
• To communicate with you about service updates, changes, or issues.
• To analyze website usage and improve our website's performance and content.
• To comply with legal obligations.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under the GDPR:

• Consent (Art. 6(1)(a)): when you voluntarily start a conversation with us on WhatsApp and provide your name and phone number.
• Contract performance (Art. 6(1)(b)): processing necessary to deliver the service you requested.
• Legitimate interest (Art. 6(1)(f)): for website analytics, service improvement, and ensuring the security of our platform.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by law. Chat messages are retained for the duration of your active use of the service. If you request deletion of your data, we will erase it within 30 days, unless we are legally required to retain it.

6. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion of your personal data ("right to be forgotten").
• Right to data portability: receive your data in a structured, machine-readable format.
• Right to restriction: request that we limit the processing of your data.
• Right to object: object to the processing of your data based on legitimate interests.
• Right to withdraw consent: withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

7. Cookies & Analytics

Our website uses Google Analytics 4 (GA4) to collect anonymized usage data. GA4 uses cookies and similar technologies to help us understand how visitors interact with our site. The data collected includes pages visited, time spent on pages, and general geographic location (country/city level).

You can control cookies through your browser settings. Disabling cookies may affect your experience on our website but will not impact the WhatsApp service.

8. Third-Party Services

We use the following third-party services that may process your data:

• WhatsApp (Meta Platforms): messaging platform through which our service is delivered. Subject to WhatsApp's Privacy Policy.
• Google Analytics: website analytics. Subject to Google's Privacy Policy.
• Cloudflare: website hosting and CDN. Subject to Cloudflare's Privacy Policy.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data in accordance with the GDPR.

10. Children's Privacy

Our service is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:
[email protected]