StewardApps
Steward Apps

Privacy Policy

Last updated: May 23, 2025

Steward Apps (“we,” “us,” or “our”) operates the Talents, MamaBear, and Chief of Staff mobile applications (collectively, the “Apps”) and the stewardapps.ai website (the “Site”). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you use Sign in with Apple, we receive your Apple User ID and the email address you choose to share.

Profile & Preferences

To personalize your experience, we collect information you provide during setup: your Christian tradition, spiritual maturity level, practice style, age range, gender, family members (names, relationships, birthdates), and AI interaction preferences (tone, response length, topic handling). All of this is optional and user-initiated.

User-Generated Content

The Apps store content you create: prayer requests, journal entries, notes, task lists, meal plans, AI chat conversations, and other data you enter. This content is stored in your account and is not accessible to other users unless you explicitly share it via encrypted messaging.

Device Permissions (Only When You Grant Access)

  • HealthKit (Talents): We write mindful session data (prayer/meditation duration) to Apple Health. We do not read any health data from your device.
  • Contacts: When you use the “Find Friends” feature, we access your contact names and phone numbers. Phone numbers are hashed (SHA-256) before transmission to our server. Raw phone numbers are never stored on our servers.
  • Camera & Photos: Used only when you choose to take or select a photo for your profile, notes, or other content.
  • Location: Coarse location (city/region level) is used to personalize local church recommendations. Your precise location is not tracked or stored.
  • Microphone & Speech Recognition: Used for voice-to-text input in prayer notes and AI chat. Audio is processed locally on your device using Apple's speech recognition API.
  • Face ID: Used for local device authentication only. Biometric data never leaves your device.

Waitlist & Website Data

If you join a waitlist on our Site, we collect your first name, email, and optional survey responses. This data is processed through Web3Forms and used solely to contact you about early access.

2. How We Use Your Information

  • To provide and personalize the Apps based on your tradition, family, and preferences
  • To process AI conversations (see “AI Data Processing” below)
  • To sync your data across your devices
  • To manage your subscription
  • To send you notifications you have opted into (reminders, morning/evening)
  • To contact you about product updates if you joined a waitlist

3. AI Data Processing

The Apps include AI-powered features. Your AI conversations are processed in one of two ways:

  • On-Device (iOS 26+): When available, AI processing uses Apple Foundation Models running entirely on your device. No data is sent to any server.
  • Cloud Processing: When on-device processing is unavailable, conversations are sent to our Supabase Edge Functions, which call OpenAI's API. The data sent includes your message, recent conversation history, and personalization context (tradition, family names, faith maturity). Your conversations are not used to train any AI models.

4. Encrypted Messaging

Secure messages in Talents are end-to-end encrypted using Curve25519 key agreement and AES-GCM (256-bit) encryption. Messages are encrypted on your device before transmission and can only be decrypted by the intended recipient. Our servers store only encrypted payloads and cannot read your messages.

5. Data Sharing

We do not sell, rent, or trade your personal information. We share data only with the following service providers who process it on our behalf:

  • Supabase: Database hosting, authentication, and real-time sync
  • OpenAI: Cloud AI processing for chat features (when on-device is unavailable)
  • RevenueCat: Subscription and in-app purchase management
  • Apple: Authentication (Sign in with Apple), HealthKit, App Store payments
  • Web3Forms: Website waitlist form processing

We may also disclose information if required by law or to protect our legal rights.

6. Data Security

All data transmitted between your device and our servers uses HTTPS encryption. Sensitive credentials are stored in iOS Keychain with hardware-backed encryption. Secure messages use client-side end-to-end encryption. Database access is protected by row-level security policies that restrict each user to their own data.

7. Analytics & Tracking

We do not use third-party analytics, advertising, or tracking SDKs. We do not collect device advertising identifiers (IDFA). We do not track your browsing behavior, session duration, or screen views. The Apps do not contain any advertising.

8. Data Retention & Deletion

Your data is retained for as long as your account is active. You can delete your entire account and all associated data at any time through the app's Settings. Account deletion permanently removes all your data from our servers, including profile information, conversations, prayer requests, notes, family data, and all other content. This action is irreversible.

9. Children's Privacy

The Apps are not directed to children under 13. We do not knowingly collect personal information from children under 13. The “Family Safe Mode” feature in Talents provides content filtering for family accounts but does not create separate child accounts. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Request data portability
  • Withdraw consent at any time

To exercise these rights, contact us at [email protected].

11. California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To make a request, contact us at [email protected].

12. European Residents (GDPR)

If you are in the European Economic Area, we process your data based on: (a) your consent, (b) the performance of our contract with you, or (c) our legitimate interests in operating and improving the Apps. You have the rights described in Section 10 above, and you may lodge a complaint with your local data protection authority.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Apps after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Steward Apps
Email: [email protected]
Website: stewardapps.ai