Android & iOS Store Disclosure Drafts
Draft wording and checklist for Google Play Data Safety and Apple App Privacy submissions.
Last Updated: June 16, 2026
Submission Warning
App store declarations must match the final compiled Android and iOS apps, their SDKs, permissions, and actual behavior at the time of submission. Review this page before every release.
Google Play Data Safety Draft
| Question Area | Recommended Draft Answer |
|---|---|
| Does the app collect user data? | Yes. The app collects account, contact, user content, device/app, location, identifiers, diagnostics, and app activity data depending on features used. |
| Is data encrypted in transit? | Yes. Data should be transmitted over HTTPS/TLS through Supabase, Firebase, Google, and related service endpoints. |
| Can users request deletion? | Yes. Users can request deletion in-app and through the public Delete My Account page. |
| Is data shared? | Yes, with service providers such as Supabase, Firebase/Google, app stores, notification providers, external giving providers, and with the user’s church/admins where required for app functionality. |
| Location | Collected for attendance, geofencing, check-in validation, duplicate prevention, late status, and attendance history. Background location may be collected only if automatic attendance is enabled and permission is granted. |
| Personal info | Name, email, phone number, profile photo, church affiliation, address/parish/city if provided, roles, support contact information. |
| User content | Posts, comments, prayer requests, testimonies, direct/group messages, photos, audio, videos, support attachments, counseling/care requests. |
| Financial info | Grace Connect is not intended to collect card credentials. It may store giving links, receipt URLs, transaction references, amounts/categories if the finance module is enabled. |
| Device or other IDs | Notification tokens, account IDs, user IDs, church IDs, device/app diagnostics, analytics identifiers where used. |
Apple App Privacy Draft
Apple App Privacy details should disclose data linked to the user where applicable, including contact information, identifiers, user content, location, diagnostics, usage data, and possibly financial-related references if enabled. Tracking should be marked “No” unless Grace Connect or an SDK tracks users across apps/websites owned by other companies for advertising or data broker purposes.
iOS Purpose String Drafts
Location When In Use: “Grace Connect uses your location to verify attendance when you check in at your church.”
Always / Background Location: “Grace Connect uses background location only if you enable automatic attendance, so your church attendance can be recorded when you are near your church during a scheduled service.”
Camera / Photos: “Grace Connect lets you upload profile photos, support screenshots, and church/community media when you choose.”
Microphone: “Grace Connect uses the microphone only when you choose to record an audio message or media upload.”
Notifications: “Grace Connect sends church announcements, messages, prayer updates, event reminders, and account notices.”
Android Prominent Disclosure Draft
Use the Location Disclosure page wording immediately before requesting background location permission.