Ora

Privacy Policy

Last updated: January 2026

This Privacy Policy describes how Ora ("we," "our," or "the App") collects, uses, stores, and protects your personal information when you use our mobile application and website. This policy complies with the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), Brazil's General Data Protection Law (LGPD), and other applicable data protection laws in Latin America.

By using Ora, you agree to the practices described in this policy. If you do not agree with this policy, please do not use our services.

1. Data Controller

The controller of your personal data is:

  • Company: Ora App
  • Website: https://oraapp.io
  • Privacy contact: Visit our contact page

2. Information We Collect

2.1 Information you provide directly

  • Account information: Name, email address, and password when you create an account.
  • Profile information: Profile picture (optional), language preferences, and app settings.
  • User-generated content: Prayer notes, prayer intentions, and any content you create within the app.
  • Communications: Information you provide when you communicate with us, including support messages and feedback.
  • Payment information: If you make in-app purchases, payment information is processed by third-party payment providers (Apple App Store, Google Play Store). We do not store credit card numbers.

2.2 Information collected automatically

  • Usage data: Information about how you interact with the app, including features used, time spent, and navigation patterns.
  • Device information: Device type, operating system, unique device identifiers, language settings, and time zone.
  • Network information: Connection type (WiFi, mobile data), internet service provider.
  • Log data: IP address, date and time of access, pages visited, and application errors.

2.3 Information from third-party sources

  • Social sign-in: If you choose to sign up using Apple, Google, or another social sign-in provider, we will receive basic profile information as permitted.
  • Analytics providers: We receive aggregated and anonymized information from analytics services.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service delivery

  • Create and administer your account
  • Provide the app's features (prayers, meditations, reflections)
  • Personalize your experience based on your preferences
  • Sync your progress across devices
  • Process payments and subscriptions

3.2 Communications

  • Send you service-related notifications
  • Respond to your inquiries and support requests
  • Send you prayer reminders (if you enable them)
  • Inform you about important service updates
  • Send marketing communications (only with your prior consent)

3.3 Service improvement

  • Analyze app usage to improve features
  • Identify and fix technical issues
  • Develop new features and content
  • Conduct research and statistical analysis

3.4 Security and legal compliance

  • Protect against fraudulent or illegal activity
  • Comply with applicable legal obligations
  • Enforce our terms of service
  • Protect the rights and safety of our users

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:

  • Performance of contract: Processing is necessary to provide you with our services according to our Terms of Use.
  • Consent: You have given explicit consent for processing (for example, for marketing communications or non-essential cookies).
  • Legitimate interests: Processing is necessary for our legitimate interests, such as improving our services, provided these do not override your fundamental rights.
  • Legal obligation: Processing is necessary to comply with a legal obligation to which we are subject.

5. How We Share Your Information

We do not sell your personal information. We may share your information under the following limited circumstances:

5.1 Service providers

We share information with third parties who help us operate our services:

  • Cloud hosting and data storage providers
  • Analytics and metrics services
  • Email service providers
  • Payment processors
  • Customer support services

These providers are contractually obligated to protect your information and may only use it for the services they provide to us.

5.2 Legal requirements

We may disclose your information if we believe in good faith that it is necessary to:

  • Comply with a legal obligation or judicial process
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the personal safety of users or the public

5.3 Business transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

5.4 With your consent

We may share your information for any other purpose with your explicit consent.

6. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States and other countries where our service providers operate.

For users in the EEA, United Kingdom, and Switzerland, we implement the following safeguards for international transfers:

  • Standard Contractual Clauses approved by the European Commission
  • European Commission adequacy decisions where available
  • Recognized privacy certifications and frameworks

For users in Brazil, we comply with LGPD international transfer requirements, including the use of contractual clauses and adequate protection guarantees.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected:

  • Account data: While you keep your account active, plus an additional 30-day period after deletion to allow for recovery.
  • Usage data: Up to 24 months for analytics and service improvement.
  • Support communications: Up to 3 years for reference and service improvement.
  • Transaction data: As required by applicable tax and accounting laws (typically 5–7 years).
  • Security logs: Up to 12 months for incident investigation.

After the retention periods, data is securely deleted or irreversibly anonymized.

8. Your Privacy Rights

8.1 Rights for all users

Regardless of your location, you have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Rectification: Correct inaccurate or incomplete information.
  • Deletion: Request the deletion of your account and personal data.
  • Withdrawal of consent: Withdraw any previously granted consent.
  • Marketing opt-out: Opt out of receiving marketing communications.

8.2 Additional rights for EEA, UK, and Switzerland residents (GDPR)

  • Portability: Receive your data in a structured, commonly used, machine-readable format.
  • Restriction: Request limitation of the processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Automated decisions: Not be subject to decisions based solely on automated processing that produce significant legal effects.
  • Complaint: Lodge a complaint with your local data protection authority.

8.3 Additional rights for California residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights:

  • Right to know: Request information about the categories and specific pieces of personal information collected, the sources, the purposes, and the third parties with whom it is shared.
  • Right to delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to correct: Request correction of inaccurate personal information.
  • Right to opt out: Opt out of the "sale" or "sharing" of personal information. Note: We do not sell or share your personal information as defined by the CCPA.
  • Right to limit: Limit the use and disclosure of sensitive personal information.
  • Non-discrimination: Not be discriminated against for exercising your privacy rights.

Categories of information collected in the last 12 months:

  • Identifiers (name, email, device identifiers)
  • Commercial information (subscription history)
  • Internet activity information (app usage data)
  • Inferences (preferences derived from usage)

8.4 Additional rights for Brazil residents (LGPD)

If you are a Brazil resident, you have the following rights under LGPD:

  • Confirmation: Confirm the existence of the processing of your data.
  • Access: Access your personal data.
  • Correction: Correct incomplete, inaccurate, or outdated data.
  • Anonymization, blocking, or deletion: Of unnecessary, excessive data or data processed in non-compliance with the law.
  • Portability: Transfer your data to another service provider.
  • Deletion: Delete data processed based on your consent.
  • Information: Be informed about entities with which your data has been shared.
  • Revocation: Revoke your consent at any time.
  • Objection: Object to processing that violates LGPD.
  • Review of automated decisions: Request review of decisions made solely based on automated processing.

8.5 Rights for residents of other Latin American countries

If you reside in Argentina, Colombia, Mexico, Chile, Peru, or other Latin American countries with data protection laws, we respect your rights under applicable local legislation, generally including rights of access, rectification, cancellation, and objection (ARCO rights).

8.6 How to exercise your rights

To exercise any of these rights, visit our contact page. We will respond to your request within the applicable legal timeframes (typically 30 days for GDPR, 45 days for CCPA, 15 days for LGPD).

We may request additional information to verify your identity before processing your request.

9. Children's Privacy

Ora is designed for users of all ages interested in the Catholic faith. However, we take children's privacy very seriously:

  • We do not knowingly collect personal information from children under 13 (or the applicable minimum age in your jurisdiction) without verifiable parental consent.
  • If we discover that we have collected information from a minor without appropriate consent, we will delete that information immediately.
  • Parents or guardians may contact us to review, delete, or stop the collection of their children's information.

If you are a parent or guardian and believe your child has provided us with personal information, contact us through our contact page.

10. Cookies and Tracking Technologies

We use cookies and similar technologies on our website and app:

10.1 Types of cookies we use

  • Essential cookies: Required for the basic functioning of the site and app. They cannot be disabled.
  • Performance cookies: Help us understand how visitors interact with our site, allowing us to improve the experience.
  • Functional cookies: Allow us to remember your preferences and personalize your experience.
  • Analytics cookies: Allow us to count visits and traffic sources to measure and improve performance.

10.2 Cookie control

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect site functionality.

10.3 "Do Not Track" signals

Currently, our website does not respond to browser "Do Not Track" signals due to the absence of a uniform industry standard. We will continue to monitor developments in this area.

11. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

  • Encryption: We use SSL/TLS encryption for all data transmissions and encryption at rest for stored data.
  • Access control: Limited access to personal data only to employees and contractors who need to know.
  • Authentication: Secure authentication systems and strong password policies.
  • Monitoring: Continuous security monitoring and threat detection.
  • Backups: Regular, encrypted data backups.
  • Assessments: Periodic security assessments and penetration testing.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

12. Third-Party Links

Our app and website may contain links to third-party websites or services that are not operated by us. We have no control over the content, privacy policies, or practices of third-party sites or services.

We recommend reviewing the privacy policy of every site you visit. This Privacy Policy applies only to our services.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make material changes:

  • We will update the "Last updated" date at the top of this policy.
  • We will notify you through the app, email, or a prominent notice on our website.
  • For changes requiring your consent under applicable law, we will request your renewed consent.

We recommend reviewing this policy periodically to stay informed about how we protect your information.

14. Contact

If you have questions, concerns, or requests related to this Privacy Policy or the processing of your personal data, you can contact us through our contact page.

We are committed to responding to all privacy inquiries within a reasonable timeframe and in accordance with applicable legal requirements.

15. Jurisdiction-Specific Information

15.1 European Union and United Kingdom

If you are not satisfied with our response to your privacy request, you have the right to file a complaint with your local data protection authority. You can find contact details for EEA data protection authorities at: https://edpb.europa.eu

15.2 California, United States

California residents may request additional information about the categories of personal information disclosed to third parties for direct marketing purposes during the previous calendar year ("Shine the Light"). Contact us to obtain this information.

15.3 Brazil

Brazil residents may file complaints with the National Data Protection Authority (ANPD): https://www.gov.br/anpd

This Privacy Policy was drafted to comply with major international data protection laws, including GDPR (EU), CCPA/CPRA (California), LGPD (Brazil), and other applicable laws in Latin America. If you have specific questions about your rights in your jurisdiction, please do not hesitate to contact us.