Privacy Policy
Last updated β Version 1.0 β Effective: April 17, 2026
1. Introduction
This Privacy Policy explains how Final Global Movement, Inc. collects, uses, stores, and protects your personal information when you use The Emancipator daily devotional application (the "App") and the website at emancipatorgld.org (the "Website"), together referred to as the "Service."
By creating an account or otherwise using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
2. Who we are
The Emancipator is operated by Final Global Movement, Inc., a US-registered 501(c)(3) nonprofit corporation with an explicitly religious purpose.
For the purposes of the EU General Data Protection Regulation (GDPR), the UK GDPR, and similar data protection laws, Final Global Movement, Inc. is the data controller of the personal data described in this policy.
Our contact information: Final Global Movement, Inc., 4030 Wake Forest Rd, Suite 349, Raleigh, NC 27609. Email: info@emancipatorgld.org
3. Information we collect
We collect only what we need to deliver the Service. The categories below are exhaustive β we do not collect data that isn't described here.
3.1 Account information
When you create an account, we collect your email address for authentication. If you sign in through Apple or Google, we receive the name and email address those services share with us. We also collect your first name (required) and last name (optional) during onboarding.
3.2 User preferences
To personalize your experience, we store your preferred language, timezone, font size, display theme, and notification time for daily devotional reminders.
3.3 User-generated content
You may create personal content associated with your account, including bookmarks (saved devotionals), personal notes on devotional entries, reactions ("This Blessed Me" indicators), and feedback messages submitted through the app. Bug reports may include device diagnostic information (operating system, app version, device model, network status).
3.4 Usage data
We track your reading progress to allow you to resume where you left off and to show which devotional entries you have completed. This data is associated with your account and synced across your devices.
3.5 Device information
If you enable push notifications, we collect your push notification token (a unique identifier assigned to your device by Apple or Google) and your device platform (iOS or Android). These tokens are used solely to deliver daily devotional reminders and service announcements.
3.6 Crash and diagnostic data
We automatically collect crash reports and diagnostic data when the app encounters errors. This includes stack traces, device model, operating system version, app version, and the sequence of actions leading to the crash. Crash reports are configured to exclude personally identifying information β no email addresses, names, note content, or bookmark content are included.
3.7 Product analytics (with your consent)
With your explicit consent, we may collect pseudonymous usage analytics to understand how the Service is used and to improve it. Analytics data is tied to a random identifier, not to your email or name, and does not include the content of your notes, bookmarks, feedback, or devotional reading. You may opt in or out of analytics at any time in Settings.
Note: "pseudonymous" means the data is not directly linked to your identity but can theoretically be re-associated with you using the random identifier. It is not fully anonymous in the legal sense.
3.8 Consent records
When you grant or withdraw consent for specific processing activities, we record your IP address, device user agent, the consent category, whether consent was granted or withdrawn, and the timestamp. This consent log is append-only and serves as a legal compliance record.
4. How we use your information
We use the information we collect for the following purposes:
- Deliver the Service. Provide daily devotional content, sync your progress and personal content across devices, maintain your account.
- Send notifications. Deliver daily devotional reminders at your preferred time and service announcements (such as updates to these terms).
- Respond to you. Process feedback, questions, and support requests you submit through the Service.
- Ensure stability and security. Use crash and diagnostic data to identify, diagnose, and fix technical issues. Monitor for unauthorized access, abuse, and security threats. Enforce rate limits.
- Improve the Service. Analyze pseudonymous usage patterns (with your consent) to identify areas for improvement and inform new features.
- Comply with legal obligations. Respond to lawful data access requests and fulfill our obligations under applicable laws.
We do not use your data for advertising, ad targeting, or profiling of any kind. We do not make automated decisions with legal or similarly significant effects about you. We do not engage in behavioral profiling.
5. Legal basis for processing (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following:
5.1 Performance of a contract (Article 6(1)(b))
Processing your account information, preferences, and user-generated content is necessary to provide the Service you signed up for.
5.2 Legitimate interest (Article 6(1)(f))
We process crash reports, diagnostic data, consent log records, and rate-limiting records based on our legitimate interest in maintaining the security, stability, and reliable operation of the Service. We have conducted a Legitimate Interest Assessment weighing this against your rights and freedoms, and concluded the processing is proportionate and minimally invasive. You may object to this processing at any time by contacting info@emancipatorgld.org, and we will honor valid objections.
5.3 Explicit consent (Article 6(1)(a))
We process product analytics data and send push notifications based on your explicit, freely given consent. You may withdraw consent at any time in Settings with no effect on the rest of the Service.
5.4 Processing of religious belief data (Article 9(2)(d))
The Emancipator is a Christian devotional application, and your engagement with the Service (reading progress, bookmarks, "This Blessed Me" reactions, personal notes on devotional entries) reveals data about your religious beliefs. Under Article 9 of the GDPR, this is special category data requiring an additional legal basis.
We process this data under Article 9(2)(d): processing carried out in the course of the legitimate activities of a not-for-profit body with a religious aim, in respect of persons who have regular contact with the body in connection with its religious purposes. Final Global Movement, Inc. is a US-registered 501(c)(3) Christian nonprofit, and The Emancipator serves persons engaging regularly with our religious content.
Personal data revealing your religious beliefs is not disclosed outside Final Global Movement, Inc. without your explicit consent, except to processors acting strictly on our behalf under written data processing agreements.
6. Information sharing and processors
We do not sell, rent, or trade your personal information to third parties. We do not use your data for advertising. We share information only with service providers strictly necessary to operate the Service, each bound by a written data processing agreement.
6.1 Categories of processors we use
- Cloud database, authentication, and file storage provider (United States). Receives your account data, preferences, user-generated content, and consent records.
- Website and application hosting provider (United States). Receives website request logs (IP addresses, user agents) for essential operation.
- Crash and diagnostic data processor (United States). Receives stack traces, device metadata, and error events. Configured to scrub personally identifying information before data leaves your device.
- Push notification delivery services, including Apple Push Notification service and Firebase Cloud Messaging for final delivery to your device. These services receive only the push token and notification content.
- Product analytics service (when product analytics is enabled). Receives pseudonymous usage events only. No analytics data is processed until you have given explicit consent.
- Transactional email delivery provider (United States). Receives your email address and message content for delivery of password resets, verification emails, and service announcements.
- Editorial AI content processing tool (United States). Used for editorial workflows on ministry-authored devotional content (drafting, structuring, translation review). This processor does not receive any user personal data and is contractually prohibited from using processed content for model training.
6.2 Social sign-in providers (if you use them)
If you choose to sign in with Apple or Google:
- Apple Inc. β Sign in with Apple. Receives your authentication request; shares the name and email you authorize with us.
- Google LLC β Sign in with Google. Receives your authentication request; shares the name and email you authorize with us.
7. International data transfers
The Service is operated by a US-based controller. Our processors are primarily US-based. If you access the Service from outside the United States, your personal data will be transferred to, stored, and processed in the United States.
The European Commission has adopted an adequacy decision for the EU-US Data Privacy Framework (DPF). We rely on DPF certification where our US processors are certified under the framework. For processors not DPF-certified or for transfers to other countries, we rely on the European Commission's Standard Contractual Clauses (SCCs) together with supplementary technical and organizational measures (including encryption, access controls, and data minimization) as required by the Schrems II judgment.
We acknowledge that US service providers may in principle be subject to US government access requests, including under the Foreign Intelligence Surveillance Act Section 702. We have assessed this risk for the categories of data we process and implemented supplementary measures appropriate to that risk. We will update this policy if the legal landscape for international data transfers changes materially.
8. Data storage and security
We implement appropriate technical and organizational measures to protect your personal data:
- All data is encrypted in transit using TLS and encrypted at rest on our infrastructure provider's servers.
- Authentication tokens on your device are stored in platform-native secure storage (iOS Keychain on Apple devices, Android Keystore on Android devices).
- Our database enforces row-level security, ensuring that each user can only access their own personal data.
- API endpoints are protected by rate limiting to prevent abuse and input validation to guard against injection attacks.
- Administrative access to user data is restricted to authorized personnel and logged in an immutable audit trail.
No method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to promptly investigating and addressing any security incidents.
9. Data retention
We retain personal data only as long as necessary for the purposes described in this policy:
- Account data, preferences, user-generated content β retained for the life of your account. Deleted within 30 days of account deletion.
- Crash and diagnostic data β 90 days from collection, then deleted.
- Product analytics data (if enabled) β 24 months from collection, then deleted.
- Consent records β retained for 6 years after the last event, as a legal compliance record. Associated user identifier is anonymized upon account deletion.
- Email delivery logs β 30 days from sending.
- Server request logs β 30 days from the request.
- Backup copies β up to 30 days after the primary data is deleted, for disaster recovery.
When you delete your account, your personal data is removed from our active systems within 30 days. Backup copies are purged within a further 30 days.
10. Data breach notification
Notification to supervisory authorities. Where required by applicable law, we will notify the relevant data protection supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.
Notification to affected users. Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with GDPR Article 34. Our notification will describe the nature of the breach, the likely consequences, the measures taken or proposed to address it, and a contact point for further information.
11. Your rights
Depending on your location, you may have the following rights regarding your personal information:
11.1 Rights available to all users
- Access. View your personal data within the app at any time. You may request a complete copy of your data by using the Download my data feature in Settings, or by emailing info@emancipatorgld.org.
- Correction. Update your profile information, preferences, and settings directly within the app.
- Deletion. Permanently delete your account and all associated data through Settings. Account deletion is irreversible.
- Withdraw consent. Disable analytics or push notifications at any time in Settings.
11.2 Additional rights for EEA and UK residents (GDPR)
In addition to the rights above, you have the right to:
- Restrict the processing of your personal data in certain circumstances.
- Object to processing based on legitimate interests, including our crash and diagnostic data processing. Contact info@emancipatorgld.org to object.
- Data portability. Receive your personal data in a structured, commonly used, machine-readable format (provided as JSON through the Download my data feature).
- Lodge a complaint with your local data protection supervisory authority. A list is maintained by the European Data Protection Board at edpb.europa.eu. UK residents may contact the Information Commissioner's Office at ico.org.uk.
11.3 Additional rights for California residents (CCPA/CPRA)
California residents have the following additional rights:
- Right to know the categories and specific pieces of personal information we have collected about you.
- Right to delete your personal information (exercised through the in-app account deletion feature).
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing. We do not sell or share (as defined by the CPRA) your personal information.
- Right to limit use of sensitive personal information. Under the CPRA, data revealing religious beliefs is sensitive personal information. We process this data only for the purposes described in this policy and do not use it for purposes that would trigger the right to limit.
- Right to non-discrimination for exercising any CCPA/CPRA rights.
12. Children's privacy
The Service is not directed to children under the age of 13. We require all users to confirm they are 13 years of age or older when creating an account. We do not knowingly collect personal information from children under 13.
If we become aware that we have collected personal information from a child under 13, we will delete it promptly. If you believe that a child under 13 has provided us with personal information, please contact us at info@emancipatorgld.org.
Users in certain EU/EEA jurisdictions may be subject to a higher age of consent (typically 16). If you are in such a jurisdiction and are under the applicable age, your parent or guardian must consent to your use of the Service.
14. Changes to this policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Each version of this policy is assigned a version number and an effective date, both shown at the top of the document.
Material changes β new categories of data collected, new categories of processors, changes to legal basis, or changes to international transfers β will be communicated to you by email to your registered address and through a non-blocking in-app banner. Continued use of the Service after a material change constitutes acceptance of the updated policy. If you do not agree with the changes, you should stop using the Service and delete your account.
Non-material changes β typo fixes, clarifications, formatting β will be reflected in the version number and effective date but will not trigger a notification.
Previous versions of this policy are available on request.
15. Contact us
For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: info@emancipatorgld.org
Final Global Movement, Inc.4030 Wake Forest Rd, Suite 349
Raleigh, NC 27609
info@emancipatorgld.org