Privacy Policy

Shielded by Grace — operated by One Purpose Production LLC ("we," "us," "our")

Effective Date: 2026-04-28 Last Updated: 2026-04-30 (renamed from "WeGotYou" — operator and contact info unchanged)

1. Who We Are

Shielded by Grace is a mobile application designed to support people in recovery from pornography use. It is operated by One Purpose Production LLC, a Kansas limited liability company. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data.

If you have questions, contact us at privacy@shieldedbygrace.com.

2. Who Can Use Shielded by Grace

Shielded by Grace is intended for adults 18 years of age or older. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us at privacy@shieldedbygrace.com and we will delete the account and any associated data.

3. What We Collect

We collect only what is needed to operate the app and to fulfill its accountability function.

Account Information

• Email address (for sign-in and account recovery)
• Display name or first name (shown to your accountability partner)
• Hashed password (we never see your plaintext password — handled by Supabase Auth)

Accountability Partner Information

• Your partner's first name, mobile phone number, and (optionally) email address — provided by you when you invite a partner
• Whether the partner has accepted the invite and consented to receive messages
• The relationship label you set (spouse, friend, mentor, sponsor, etc.)

Recovery Activity Data

• Daily check-in entries (mood scale, optional notes)
• Panic event timestamps (when you hit the panic button)
• Streak data derived from check-ins and panic events
• In-app video recordings you create (the S-4 feature) — used as encouragement clips played back to you

Push Notification Tokens

• An anonymous device token issued by Apple Push Notification service or Firebase Cloud Messaging, used solely to deliver notifications to your device

Device & Technical Information

• Device model, OS version, app version, language, timezone — used for compatibility and crash diagnostics
• IP address at the time of API requests, used by Supabase for rate-limiting and abuse protection (not used for advertising or tracking)

What We Do NOT Collect

• We do not collect browsing history, websites you visit, or content you view outside the app
• We do not run a content filter or VPN on your device
• We do not collect contacts, calendar, location, or microphone/camera input outside of explicit in-app recording sessions you initiate
• We do not collect biometric templates — Face ID and fingerprint authentication, where used, happens entirely on your device and we never see the biometric data

4. How Your Data Is Stored

Backend. Account data, check-ins, panic events, and partner records are stored in Supabase (PostgreSQL database hosted on AWS infrastructure in the United States).

Video storage. In-app video recordings are stored in Supabase Storage (object storage backed by AWS S3, US region). Each video is associated with the account that uploaded it. Videos are accessible only to the uploading user and the partners they have explicitly granted access to within the app.

Encryption. Data is encrypted in transit (TLS) and at rest (AES-256 at the storage layer, managed by Supabase / AWS).

Retention. We retain your data while your account is active. If you delete your account, we delete your account record, check-ins, panic events, video recordings, and partner links within 30 days. Backups containing residual data are rotated out within 90 days. Some minimal records (for example, a record that an account existed at a given email, for fraud prevention) may be kept up to 12 months after deletion.

5. Who We Share Data With

Your accountability partner. This is the entire purpose of the app. By inviting a partner and after they accept, your partner can see:

• Your daily check-ins (mood and notes)
• Your streak and history
• Notifications when you hit the panic button (timestamp; no content)
• Notifications of detected tampering events (e.g., disabled keyboard, browser switch)

You can change partner-visibility settings inside the app to summary-only mode at any time. Removing a partner stops all sharing immediately going forward.

Twilio (SMS and voice). We use Twilio to send SMS messages to your accountability partner and to bridge phone calls between you and your partner during panic events. Twilio receives your partner's phone number, your phone number (only when a call is bridged), and the message content. Twilio's privacy policy: https://www.twilio.com/legal/privacy.

Push notification providers. We use Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) to deliver notifications. These services receive an anonymous device token and the notification payload. Notification content is kept minimal (e.g., "Your partner needs you").

Supabase. Our backend infrastructure provider. Supabase processes data on our behalf under a data processing agreement. https://supabase.com/privacy.

Crash reporting and diagnostics — Sentry. We use Sentry (sentry.io) to capture crash reports and diagnostic information when the app encounters errors. Sentry receives the error stack trace, the app version, the device model and OS version, and a randomly generated device ID. Sentry does not receive your check-in content, video recordings, partner contact information, or other personal data. Sentry's privacy policy: https://sentry.io/privacy/.

What we will never do:

• Sell your data to third parties — ever.
• Share your data with advertisers.
• Share your check-in content, video recordings, or recovery data with anyone other than the partner(s) you have explicitly chosen.
• Use your data to train AI models without your explicit, separate, opt-in consent.

We may disclose information if required by valid legal process (subpoena, court order). If we receive such a request, we will notify you unless legally prohibited from doing so.

6. SMS Program Disclosures

Shielded by Grace uses SMS to deliver accountability-partner invitations and panic-event alerts. The following disclosures apply to all SMS sent under our Twilio toll-free number:

How users opt in. SMS is sent only after a user inside the Shielded by Grace app invites a specific person to be their accountability partner and provides that person's mobile number. The first SMS the partner receives includes a clear description of the program and asks the partner to reply YES to accept. No further messages are sent unless the partner replies YES.

Message frequency. Average frequency is fewer than one message per week, but frequency increases during panic events or detected tampering events. We do not send marketing or promotional messages.

Opt-out. Partners can reply STOP at any time to opt out of all Shielded by Grace SMS. Replying STOP halts all messages immediately. Partners can reply HELP for support and a link to this Privacy Policy.

Costs. Message and data rates may apply. Shielded by Grace does not charge for messages, but your wireless carrier may.

Carriers. Shielded by Grace is not liable for delayed or undelivered messages caused by carrier issues.

7. Your Rights

You have the right to:

• Access your data — view all your check-ins, panic events, and partner records inside the app
• Correct inaccurate data — edit your account info inside the app
• Delete your account and all associated data — Settings → Delete Account, or by emailing privacy@shieldedbygrace.com
• Export a copy of your data — email privacy@shieldedbygrace.com and we will provide a JSON export within 30 days
• Withdraw consent for SMS at any time by replying STOP

If you are a resident of California, the EU, the UK, or another jurisdiction with specific data-protection laws, you have additional rights under those laws (including the right to lodge a complaint with a supervisory authority). Contact privacy@shieldedbygrace.com to exercise any of these rights.

8. Children

Shielded by Grace is not intended for, marketed to, or available to anyone under 18. We do not knowingly collect personal information from children. If we discover we have collected data from anyone under 18, we will delete it immediately.

9. Security

We use industry-standard practices to protect your data: TLS in transit, encryption at rest, hashed passwords, role-based access controls on the backend, and the principle of least privilege for staff access. No system is perfectly secure. If we discover a breach affecting your data, we will notify you within 72 hours of confirming the breach, as required by applicable law.

10. International Users

Shielded by Grace is operated from the United States and stores data on US infrastructure. If you access the app from outside the US, you consent to the transfer of your data to the US.

11. Changes to This Policy

We may update this Privacy Policy as the app evolves. When we do, we will update the "Last Updated" date at the top, and for material changes, we will notify you in-app and by email at least 30 days before the change takes effect.

12. Contact

One Purpose Production LLC Privacy questions: privacy@shieldedbygrace.com General contact: onepurposeproductionllc@gmail.com Mailing address: One Purpose Production LLC, 3050 W River Park Dr, Wichita, KS 67203

This Privacy Policy is written in plain English on purpose. If anything here is unclear, email us and we will explain.