PRICING

Privacy Policy

Effective date: 15 May 2026
Website: https://prayerpop.eu/
Product: PrayerPop
Company: ÖSAIN OÜ, trading as PrayerPop
Contact: info@osain.ee

1. Who we are

PrayerPop is a WordPress plugin and related website operated by ÖSAIN OÜ, trading as PrayerPop.

PrayerPop helps churches, ministries, and Christian organizations collect prayer requests and testimonies, manage submissions, display approved public items, and optionally use AI moderation for public submissions.

2. What this Privacy Policy covers

This Privacy Policy explains how we collect, use, store, and share personal data when you:

  1. Visit our website.
  2. Buy or license PrayerPop.
  3. Contact us for support.
  4. Use PrayerPop on your WordPress website.
  5. Enable optional features such as email notifications, license validation, or AI moderation.

This Privacy Policy does not replace the privacy policy of each church, ministry, or organization using PrayerPop. If you submit a prayer request or testimony on a church website that uses PrayerPop, that church or organization is usually responsible for how your submission is reviewed, published, archived, or deleted.

3. Important roles: PrayerPop, church websites, and visitors

When a church installs PrayerPop on its own WordPress website, the church usually controls the submitted prayer requests and testimonies. This means the church decides why and how submissions are collected, reviewed, published, archived, or deleted.

PrayerPop provides the plugin software and may process limited technical data for licensing, updates, support, and optional services.

If AI moderation is enabled by a church, public submission text may be sent to OpenAI for moderation. Private submissions are not sent to AI moderation according to the current PrayerPop workflow.

4. Personal data we may collect

We may collect the following categories of data.

4.1 Website visitor data

When you visit prayerpop.eu, we may collect basic technical information such as:

  1. IP address.
  2. Browser type.
  3. Device information.
  4. Pages visited.
  5. Date and time of visit.
  6. Referring website.

This may be collected through WordPress, server logs, security tools, analytics tools if enabled, and cookies.

4.2 Purchase and billing data

Payments may be handled by Lemon Squeezy as Merchant of Record. Lemon Squeezy may collect and process data needed for checkout, payment, tax calculation, invoicing, fraud prevention, subscription management, and refunds.

This may include:

  1. Name.
  2. Email address.
  3. Billing address.
  4. VAT or tax details, if applicable.
  5. Payment method details.
  6. Order history.
  7. License information.

We do not directly store your full card number.

Your purchase may also be subject to Lemon Squeezy’s applicable buyer terms and privacy policy.

4.3 License and activation data

To manage licenses and updates, PrayerPop may process:

  1. License key.
  2. Site URL.
  3. Domain name.
  4. WordPress installation URL.
  5. Instance ID.
  6. License status.
  7. Plan type.
  8. Activation usage.
  9. Last validation time.
  10. Plugin version.
  11. Basic environment information needed for license validation.

Localhost and recognized local development environments do not consume a production activation seat. Public domains, client domains, and subdomains may consume an activation seat.

4.4 Support data

If you contact us for support, we may collect:

  1. Name.
  2. Email address.
  3. Website URL.
  4. Support message.
  5. Screenshots or files you send.
  6. Technical information about your WordPress setup, if you provide it.
  7. Order or license details needed to verify access.

Please do not send sensitive prayer requests, private pastoral information, passwords, API keys, or unnecessary personal data in support messages.

4.5 Prayer request and testimony data inside the plugin

PrayerPop stores submissions inside the customer’s WordPress website as WordPress posts and related metadata.

Depending on how the church configures PrayerPop, submitted data may include:

  1. Prayer request or testimony message.
  2. Name or anonymous marker.
  3. Submission type, such as prayer request or testimony.
  4. Visibility, such as public or private.
  5. Moderation status.
  6. Approval status.
  7. Counts, such as “I Prayed” or celebration counts.
  8. Date and time of submission.
  9. Technical or anti spam data needed to protect the form.

Private submissions are not shown publicly by PrayerPop. Public submissions may be displayed on the church website after approval or according to the church’s settings.

5. Optional AI moderation

PrayerPop includes optional AI moderation.

If a church enables AI moderation:

  1. AI checks only public submissions.
  2. Private submissions stay in the church’s internal manual workflow.
  3. Public submission text may be sent to OpenAI for a moderation decision.
  4. AI may return a decision such as approve, needs review, or decline.
  5. Admins can review and change AI decisions.
  6. If AI is unsure, the item can stay pending for manual review.
  7. PrayerPop sends AI moderation requests with response storage disabled according to the current product documentation.

AI moderation is designed to help with spam, unsafe content, direct money solicitation, prayer versus testimony mismatch, and similar review needs. It is not a replacement for pastoral care, human judgment, or church leadership.

You are responsible for your own OpenAI API key, account settings, billing, and usage limits.

6. Cookies and browser storage

PrayerPop may use cookies or browser storage for practical plugin features.

Examples include:

  1. prayed_{post_id} to prevent repeated “I Prayed” clicks from the same browser for 30 days.
  2. celebrated_{post_id} to prevent repeated “Celebrate” clicks from the same browser for 30 days.
  3. localStorage: prayerPopDisplayStyle to remember grid or list view preference until the browser data is cleared.

WordPress itself may also use cookies for login, comments, admin sessions, and user preferences. If comments are enabled on the website, WordPress may store comment related cookies.

7. Comments

If comments are enabled on prayerpop.eu, we may collect the data shown in the comment form, the visitor’s IP address, and browser user agent string to help spam detection.

An anonymized string created from your email address may be provided to the Gravatar service to check whether you use it. After approval, your profile picture may be visible publicly in the context of your comment.

If comments are disabled, this section may not apply.

8. Media uploads

If users are allowed to upload images to the website, they should avoid uploading images with embedded location data such as EXIF GPS data. Visitors may be able to download and extract location data from images published on the website.

PrayerPop itself is mainly designed for text submissions, but this section is included for general WordPress privacy coverage.

9. Embedded content from other websites

Pages on prayerpop.eu may include embedded content, such as videos, images, articles, or forms from other websites.

Embedded content from other websites behaves as if you visited that website directly. Those websites may collect data about you, use cookies, add third party tracking, and monitor your interaction with the embedded content.

10. How we use personal data

We may use personal data to:

  1. Provide and maintain the PrayerPop website.
  2. Process purchases and licenses.
  3. Provide downloads, updates, and license validation.
  4. Respond to support requests.
  5. Improve product reliability and security.
  6. Prevent fraud, abuse, spam, and unauthorized license use.
  7. Send service related emails.
  8. Comply with legal, tax, and accounting requirements.
  9. Manage refunds and disputes.
  10. Provide optional AI moderation when enabled by the customer.

11. Legal bases for processing

Depending on the situation, we may process personal data based on:

  1. Contract, when data is needed to provide the product, license, updates, support, or purchase access.
  2. Legitimate interests, such as securing our website, preventing fraud, improving the product, and supporting customers.
  3. Consent, where required, such as optional cookies, marketing emails, or optional features.
  4. Legal obligation, such as tax, accounting, fraud prevention, and regulatory requirements.

12. Who we share data with

We may share limited data with service providers that help us operate PrayerPop.

This may include:

  1. Lemon Squeezy for checkout, payment processing, tax handling, invoices, and refunds.
  2. Hosting providers for website and server operation.
  3. Email providers for transactional and support emails.
  4. OpenAI if AI moderation is enabled by the customer.
  5. Security, logging, or anti spam providers if used.
  6. Professional advisers, such as accountants or legal advisers.
  7. Authorities if required by law.

We do not sell personal data.

13. International data transfers

Some service providers may process data outside your country or outside the European Economic Area.

Where required, we aim to use appropriate safeguards, such as contractual protections or service providers that offer suitable data transfer mechanisms.

14. How long we keep data

We keep personal data only as long as needed for the purposes described in this Privacy Policy, unless a longer period is required by law.

Examples:

  1. Purchase and invoice records may be kept as required for tax and accounting.
  2. Support messages may be kept while needed to help with product support and history.
  3. License records may be kept while the license is active and for a reasonable period afterward.
  4. Website logs may be kept for security and debugging for a limited period.
  5. Prayer submissions stored in a customer’s WordPress site are controlled by that customer’s own retention settings.

PrayerPop includes retention settings for submissions. Approved or answered items can be archived first and later deleted based on the configured retention window. If retention is set to forever, automatic cleanup does not delete submissions.

15. Your rights

Depending on your location, you may have rights over your personal data, including the right to:

  1. Be informed.
  2. Access your personal data.
  3. Correct inaccurate data.
  4. Request deletion.
  5. Restrict processing.
  6. Object to processing.
  7. Request data portability.
  8. Withdraw consent where processing is based on consent.
  9. Not be subject to certain decisions based solely on automated processing.

To exercise your rights, contact us at info@osain.ee.

If your request concerns a prayer request or testimony submitted on a church website using PrayerPop, you may need to contact that church directly because they control the submission data on their own website.

16. Security

We use reasonable technical and organizational measures to protect personal data.

However, no website, plugin, email system, or internet transmission is completely secure. Customers are responsible for keeping their WordPress installation, themes, plugins, passwords, hosting, and administrator accounts secure.

17. Children and sensitive content

Prayer requests and testimonies may sometimes include sensitive personal information.

Churches using PrayerPop should decide who may submit requests, how requests are reviewed, and how sensitive information is handled. Churches should avoid publishing private, identifying, or sensitive information without proper permission.

PrayerPop is not intended to knowingly collect data from children without appropriate church or parental handling. If your church collects submissions from minors, you should have a clear local policy.

18. Uninstall behavior

When PrayerPop is uninstalled, plugin options and scheduled cron hooks may be removed.

Current product documentation says submission posts are not automatically deleted during uninstall. This helps prevent accidental loss of prayer data. Customers should delete or export submissions manually if needed.

19. Open source components

PrayerPop may use open source or WordPress provided components, including:

  1. WordPress Dashicons.
  2. Tabler SVG icon dataset.
  3. jQuery provided by WordPress core.

See the plugin’s THIRD_PARTY_NOTICES.md file for attribution details.

20. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

When we make changes, we will update the effective date above. Continued use of the website or product after changes means you accept the updated Privacy Policy.

21. Contact

For privacy questions, contact:

ÖSAIN OÜ
Email: info@osain.ee
Address: Juurdeveo 15-2, Estonia