Privacy Policy
UNOAH AI Bible Companion — South Asia & Middle East Edition
Effective Date: June 1, 2026 · Last Revised: June 2026
This Privacy Policy explains how UNOAH Inc. (“UNOAH”, “we”, “us”) collects, uses, shares, and protects your personal data when you use the UNOAH AI Bible Companion application and www.unoah.com (the “Service”). It forms part of, and should be read together with, our Terms & Conditions. It is designed to comply with India’s Digital Personal Data Protection Act, 2023 (DPDP Act) and DPDP Rules, 2025; the UAE PDPL (Federal Decree-Law No. 45 of 2021); the KSA PDPL (overseen by SDAIA); and applicable national laws in other GCC and South Asian jurisdictions.
1. Who is responsible for your data
UNOAH Inc. is the data controller (or equivalent under your local law). For any privacy question or to exercise your rights, contact privacy@unoah.com. Indian users may also contact our Grievance Officer at grievance-india@unoah.com. Our registered office and the named Grievance Officer will be published before public launch.
2. Data we collect
We collect the following categories of personal data:
- Account & identity: your name, email address, and (where you choose phone sign-up) phone number. If you sign in with Google, Meta (Facebook), or Microsoft, we receive your basic profile and an authentication token from that provider.
- Faith & spiritual profile (sensitive): information you provide during onboarding — your date of birth, gender, Christian denomination, spiritual goals, how you are currently feeling spiritually, the ways you prefer to connect, your prayer times and reminders, and your preferred Bible translation and language. Because this reveals religious belief, we treat it as sensitive and apply a higher standard of care.
- Voice & audio: if you use the voice onboarding feature with NOAH, your microphone audio is streamed to our servers and to our AI provider in real time to power the conversation. We request your explicit microphone permission before any recording.
- Content you create: messages you send to the NOAH AI chat, and any prayer requests or free text you submit. We treat spiritual and prayer content as confidential.
- Device & technical data: device model and operating system, app version, language/region, a device identifier, push notification token, approximate region (to route you to the correct regional servers), and diagnostic/crash data.
- Usage analytics: in-app events (for example, screens viewed and features used) to understand and improve the Service. Direct identifiers such as email and phone are hashed before they reach our analytics provider; we do not send raw contact details to analytics.
- Subscription & payment data (where applicable): if you purchase a paid plan, your subscription status and billing metadata. We do not store full payment card details — payments are handled by PCI-DSS compliant processors (e.g. Razorpay, PayU, Apple, Google).
3. How and why we use your data
- To create and secure your account and authenticate sign-in.
- To personalise your spiritual content, devotionals, prayer reminders, and NOAH conversations based on your profile.
- To provide the AI chat and voice features you choose to use.
- To send notifications and service communications you have enabled.
- To process subscriptions and payments (where applicable).
- To diagnose crashes, prevent abuse, and keep the Service secure.
- To understand usage and improve the Service.
- To comply with legal obligations and respond to lawful requests.
4. Legal basis & consent
We process personal data on lawful grounds recognised by applicable law, primarily your consent and, where permitted, legitimate uses necessary to provide the Service. Where consent is required, we request it through clear notices and affirmative action (for example, agreeing to these terms at sign-up and granting microphone permission). You may withdraw consent at any time; withdrawal does not affect processing already carried out.
5. Sharing & third-party processors
We do not sell your personal data. We share it only with service providers who process it on our behalf under appropriate safeguards, including:
- Cloud hosting (Amazon Web Services, India region) for our application and databases.
- Google for sign-in and for the AI models (Gemini) that power NOAH chat and voice.
- Meta and Microsoft where you choose those sign-in methods.
- Firebase (Google) for push notifications and crash diagnostics.
- Analytics and error-monitoring providers (e.g. RudderStack and Sentry) for product analytics and stability.
- Payment processors (e.g. Razorpay, PayU, Apple, Google) for subscriptions, where applicable.
We may also disclose data where required by law or a lawful government request, in accordance with applicable law.
6. International transfers
Your data is primarily stored and processed in our India (ap-south-1) region. Some processors (such as AI providers) may process data outside your country. Any cross-border transfer is carried out in compliance with applicable restrictions, conditions, or government directions under the DPDP Act, the UAE PDPL, the KSA PDPL, and other applicable laws.
7. Data retention
We retain your personal data for as long as your account is active and as needed to provide the Service. When you delete your account, we delete or irreversibly anonymise your personal data within a reasonable period, except where we are required to retain certain records to comply with legal, tax, accounting, or security obligations.
8. Your rights
Subject to your local law, you have the right to access, correct, and request erasure of your personal data; to withdraw consent; to object to or restrict certain processing; and, under the DPDP Act, to nominate an individual to exercise your rights in the event of death or incapacity. To exercise any right, contact privacy@unoah.com or use the in-app controls. You can request account deletion at any time at unoah.com/account/delete or from within the app. We respond within the timelines required by applicable law and, where no shorter mandatory period applies, within ninety (90) days.
9. Children
UNOAH is intended for users aged 18 and over and we treat any user under 18 as a child. We do not knowingly process a child’s personal data without verifiable parental or guardian consent, as required by Section 9 of the DPDP Act and equivalent laws. We do not track, behaviourally monitor, or target advertising at children. If you believe we have inadvertently collected a child’s data, contact privacy@unoah.com and we will take prompt action.
10. Security
We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), hashing of direct identifiers before analytics, access controls, and monitoring. No method of transmission or storage is completely secure; where required by law we will notify the competent authority and/or affected users of a personal data breach.
11. Changes to this policy
We may update this Privacy Policy from time to time. For material changes, we will provide notice by email or a prominent in-app notice at least fourteen (14) days before they take effect.
12. Contact
- Privacy & data requests: privacy@unoah.com
- India Grievance Officer: grievance-india@unoah.com
- General support: hello@unoah.com
- Supervisory authorities: Data Protection Board of India; UAE Data Office (dataoffice.ae); KSA SDAIA (sdaia.gov.sa).