Privacy Policy for OneVine

Last updated: October 29, 2025

Overview

OneVine ("we," "our," "us," or "the App") is a spiritual growth and community engagement application operated by Lysara LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Android mobile application distributed on Google Play.

Data We Collect

The following data categories are collected by OneVine and align with Google Play's Data Safety taxonomy:

Personal Information You Provide

• Account Information: Email address, password (encrypted), username, display name, birthdate (age verification)
• Profile Information: Preferred name, pronouns, profile picture, selected religion/belief system, selected region
• User-Generated Content: Journal entries, chat conversations, confessional content, challenge proofs, quiz responses, reflections
• Organization Information: Organization membership, role, team contributions (if applicable)

Device or Other IDs

• Advertising ID: Google Advertising ID (AAID) made available through Google Play Services for analytics and fraud prevention
• Firebase Installation ID: Unique identifier for your app installation, used for analytics attribution, messaging, and app functionality
• Device Identifiers: Device type, model, operating system, app instance identifiers
• Push Token: Device-specific notification token (Expo Notifications)

App Activity

• In-App Actions: Features accessed, pages viewed, buttons clicked, time spent in app
• User Engagement: Challenge completions, streak data, token usage, assessment scores, chat interactions
• Usage Events: Session start/end, navigation patterns, screen views

Crash Logs & Diagnostics

• Crash Reports: Stack traces, error logs, app state at time of crash
• Performance Data: App load times, response times, resource usage
• Debugging Information: Minimal user state and device information related to errors

App Info & Performance

• App Version: Current version number and build information
• Update Metadata: App manifest fetch data, update check timestamps (Expo Updates)
• Installation Info: Install date, update history

Purchase Info

• Payment Details: Payment method details (tokenized and processed by Stripe)
• Transaction History: Subscription status, purchase amounts, transaction timestamps
• Fraud Prevention Data: Device fingerprint and identifiers for security purposes
• Stripe Customer ID: Unique identifier linking your account to Stripe

Location Information

We do not collect precise location data. We do not access GPS or request location permissions. Your IP address may be used by our service providers to infer approximate location (country/region level) for analytics, fraud prevention, and compliance purposes only.

How We Use Data

We use the collected data for the following purposes:

App Functionality

• Create and manage your account
• Authenticate your identity (Firebase Authentication)
• Deliver push notifications for challenges and updates (Expo Notifications)
• Provide over-the-air app updates for bug fixes and features (Expo Updates)
• Enable app features (journal, chat, challenges, organizations)
• Maintain app compatibility and address instance-specific needs (Firebase Installations)

Analytics & Performance

• Understand how users interact with OneVine (Firebase Analytics)
• Track feature usage and engagement patterns
• Measure app performance and identify optimization opportunities
• Improve user experience based on aggregated usage data

Diagnostics & App Stability

• Detect and diagnose crashes and errors (Firebase Crashlytics)
• Debug technical issues and improve app stability
• Monitor app health and performance metrics

Fraud Prevention, Security & Compliance

• Prevent fraudulent transactions and abuse (Stripe fraud detection)
• Verify payment methods and protect against chargebacks
• Enforce our Terms of Service and detect policy violations
• Comply with legal obligations and regulatory requirements

Customer Support & Troubleshooting

• Respond to your inquiries and support requests
• Investigate reported issues and bugs
• Assist with account recovery and technical problems

Payments & Subscriptions

• Process payments for OneVine+ subscriptions, tokens, and donations (Stripe)
• Manage billing, renewals, and cancellations
• Maintain transaction records for accounting and tax compliance

Third-Party Service Providers (SDKs)

OneVine uses the following third-party services to provide functionality, analytics, and payments. Each service may collect and process data as described below:

Google Firebase Analytics

• Provider: Google LLC
• Data Collected: App activity, usage events, device identifiers, Firebase Installation ID, session data
• Purposes: Analytics, app performance measurement, product improvement
• Privacy Policy: https://firebase.google.com/support/privacy

Google Firebase Crashlytics

• Provider: Google LLC
• Data Collected: Crash logs, stack traces, diagnostics, device/instance identifiers, minimal app state around crashes
• Purposes: Diagnostics, app stability, debugging, crash analysis
• Privacy Policy: https://firebase.google.com/support/privacy

Google Firebase Installations / Instance ID

• Provider: Google LLC
• Data Collected: App instance identifiers (Firebase Installation ID)
• Purposes: App functionality (instance addressing), analytics attribution, messaging, remote configuration
• Privacy Policy: https://firebase.google.com/support/privacy

Expo Updates (OTA)

• Provider: 650 Industries, Inc. (Expo)
• Data Collected: App instance/device identifiers, app version, manifest fetch metadata, update check logs
• Purposes: App functionality (deliver over-the-air updates), security patches, compatibility fixes
• Privacy Policy: https://expo.dev/privacy

Expo Notifications

• Provider: 650 Industries, Inc. (Expo)
• Data Collected: Device push token, app instance identifiers, notification delivery status
• Purposes: App functionality (push notifications), account-related messaging, daily challenge reminders
• Privacy Policy: https://expo.dev/privacy

Stripe

• Provider: Stripe, Inc.
• Data Collected: Payment method details (tokenized), purchase info (amount, timestamp), device fingerprint/identifiers for fraud prevention, billing address, Stripe Customer ID
• Purposes: Payment processing, subscription management, fraud prevention, security, PCI compliance
• Note: We do not store your credit card information. Stripe handles all payment data securely.
• Privacy Policy: https://stripe.com/privacy

Google Play Services / Advertising ID

• Provider: Google LLC
• Data Collected: Google Advertising ID (AAID), device identifiers made available by Play Services
• Purposes: Analytics, fraud prevention, app functionality (we do not use this for advertising as we have no ads in the app)
• Privacy Policy: https://policies.google.com/privacy

Google Gemini API

• Provider: Google LLC
• Data Collected: User questions, chat history (if subscriber), selected religion context, prompts, AI-generated responses
• Purposes: AI-powered spiritual guidance, daily challenge generation, journal assistance, confessional conversations
• Privacy Policy: https://policies.google.com/privacy

Firebase Firestore & Cloud Storage

• Provider: Google LLC
• Data Collected: All user account data, user-generated content, profile information, organization data, media files
• Purposes: App functionality (data storage and retrieval), cloud synchronization, backup
• Privacy Policy: https://firebase.google.com/support/privacy

Data Sharing

We share data only as necessary to provide OneVine's services and comply with legal obligations:

Service Providers

We share data with the third-party service providers listed above. These providers process data on our behalf according to their privacy policies and applicable data processing agreements. They may not use your data for their own purposes.

Legal Compliance

We may disclose data if required by law, in response to valid legal requests (subpoenas, court orders), or to protect the rights, property, or safety of OneVine, our users, or the public.

Business Transfers

If OneVine is involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email and/or prominent notice in the app.

Public Information

Certain information may be visible to other users within the app:

• Display name and points on leaderboards
• Organization membership and contributions (visible to organization leaders/admins)
• Challenge completion status (visible within organizations)

Data Retention

We retain data for as long as necessary to provide OneVine's services and fulfill the purposes described in this policy:

• Active Accounts: Your account data and user-generated content are retained while your account is active.
• Chat History: Subscriber chat history is retained until you manually clear it. Free user chat history is temporary and cleared upon logout.
• Journal Entries: Retained until you manually delete them (subscriber feature).
• Crash Logs & Diagnostics: Retained by Firebase Crashlytics for up to 90 days; aggregated data may be retained longer for trend analysis.
• Analytics Data: Aggregate analytics data may be retained indefinitely for service improvement. Individual session data is retained for up to 2 years.
• Payment Records: Transaction history is retained for 7 years for tax, accounting, and compliance purposes.
• Deleted Accounts: Upon account deletion, your data will be permanently deleted within 30 days, except where retention is required by law or for legitimate business purposes (fraud prevention, dispute resolution).

Security

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit using HTTPS/TLS. Authentication tokens are stored securely on your device using Expo Secure Store (encrypted).
• Access Controls: User-scoped access controls in Firestore ensure you can only access your own data. Organization-based permissions govern team features.
• Authentication: JWT token-based session management with automatic token refresh. Biometric authentication (Face ID) for sensitive features like journal access.
• Monitoring: Regular security reviews of Firebase security rules and error monitoring.

Important: Despite our efforts, no security measures are perfect. We cannot guarantee absolute security of your information. You are responsible for protecting your account credentials.

Your Rights & Choices

Depending on your location, you may have the following rights:

Access and Portability

• Right to access the personal information we hold about you
• Right to receive a copy of your data in a portable format

Correction

• Right to correct inaccurate or incomplete personal information
• You can update most profile information directly in the app

Deletion

• Right to request deletion of your personal information (see "How to Request Data Deletion" below)

Objection and Restriction

• Right to object to certain processing of your data
• Right to request restriction of processing in certain circumstances

Opt-Out of Analytics

• You can reset your Advertising ID in your device settings (Android Settings → Privacy → Ads)
• Contact us to request opt-out from analytics tracking

Notification Controls

• Manage push notification preferences in your device settings or within the app
• You can disable notifications without affecting core app functionality

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (Note: We do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

European Residents (GDPR)

If you are located in the European Economic Area (EEA), you have rights under GDPR:

• Right to access, correct, delete, or restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent (does not affect prior processing)
• Right to lodge a complaint with your local data protection authority

Legal Basis for Processing (GDPR):

• Performance of contract (providing app services)
• Consent (for optional features like analytics)
• Legitimate interests (improving services, security, fraud prevention)

How to Request Data Deletion

You have the right to request deletion of your account and personal data. Here's how:

Option 1: In-App Deletion

• Go to Settings → Account → Delete Account
• Confirm your identity (you may be asked to re-authenticate)
• Follow the prompts to permanently delete your account

Option 2: Email Request

Send an email to info@lysaratech.com with the subject line "Data Deletion Request" and include:

• Your full name
• Email address associated with your OneVine account
• Username (if you remember it)
• A clear statement requesting account and data deletion

What Happens Next

• Identity Verification: We may ask you to verify your identity before processing the request to prevent unauthorized deletions.
• Processing Time: We will process your request within 30 days.
• What Will Be Removed:
  • Your account profile and settings
  • All user-generated content (journal entries, chat history, confessional content, challenge proofs)
  • Organization memberships and contributions
  • App activity and usage data associated with your account
• What We Must Retain: Some data may be retained as required by law or for legitimate business purposes:
  • Transaction records (retained for 7 years for tax/accounting compliance)
  • Records needed for fraud prevention, dispute resolution, or legal proceedings
  • Aggregated, anonymized analytics data that cannot identify you
• Service Provider Data: Data held by third-party providers (Firebase, Stripe, Expo) will also be deleted or anonymized according to their retention policies. Some providers may retain data for limited periods for backup or compliance purposes.

Children's Privacy

OneVine is a general audience app and is not directed to children under 13. We do not knowingly collect personal information from children under 13 without parental or guardian consent.

Parental Consent

If a minor (age 13-17, or the applicable age of digital consent in your jurisdiction) wishes to use OneVine, they must have the permission and supervision of a parent or legal guardian. Parents and guardians are responsible for monitoring their child's use of the app.

If Your Child Has Provided Information

If you are a parent or guardian and believe your child under 13 has provided us with personal information without your consent, please contact us immediately at info@lysaratech.com with the subject line "Child Privacy Request." We will take steps to delete such information from our systems.

Child Safety Commitment

We are committed to protecting children and vulnerable persons from exploitation, grooming, and harm. For detailed information about our child safety policies, reporting procedures, and zero-tolerance stance on child sexual abuse material (CSAM) and trafficking, please see our Child Safety & Anti-Trafficking page.

International Data Transfers

OneVine is operated in the United States. If you are located outside the United States, your data will be transferred to, stored, and processed in the United States and by our service providers' infrastructure (which may include servers in multiple countries).

The United States and other countries may have data protection laws that differ from those in your country. By using OneVine, you consent to the transfer of your information and processing in accordance with this Privacy Policy.

For users in the EEA, we rely on appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission, adequacy decisions, and your explicit consent.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Updating the "Last Updated" date at the top of this page
• Posting a notice in the app
• Sending an email notification (for significant changes)

Your continued use of OneVine after changes are posted constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: info@lysaratech.com
Subject Line for Data Requests: "Privacy Request" or "Data Deletion Request"
Website: https://lysara.com

We will respond to all requests within 30 days (or as required by applicable law).

Last updated: October 29, 2025

© 2025 Lysara LLC. All rights reserved.