Privacy Policy

Unlike traditional social media platforms, iTestify is built on a **privacy-first foundation**. Our business model is centered on premium community experiences, voluntary donations, and organizational partnerships—not advertising.

• No Targeted Advertising: We do not host third-party tracking pixels, behavioral retargeting scripts, or advertising networks on our platform.
• We Do Not Sell Your Data: We never sell, rent, trade, or barter your personal information, testimonies, profile details, or browsing habits to any third-party brokers, marketing companies, or data harvesters.
• No Commercial AI Training: We do not feed your personal testimonies or shared faith experiences into commercial or third-party Large Language Models (LLMs) for commercial training.

We collect information necessary to authenticate your profile, safely host your Testimonies, connect you with fellowships, and ensure platform security.

2.1 Account and Profile Information (Supabase Auth)

To create an account on iTestify, you must authenticate through our secure backend provider, **Supabase**. We collect:

• Authentication Data: Email address, secure password hashes, and unique user identifiers (UUID) generated by Supabase Auth.
• Profile Metadata: Display name, username, biography, denominational affiliation (optional), and custom profile picture/avatar.
• Geographical Region: Geographical preferences (e.g., country, state, or city) to help you discover and organize local fellowship circles in your vicinity.

2.2 Testimonies, Comments, and Witnessing Data

We collect and store any content you actively publish on the platform:

• Testimonies: The text, images, tags, and date details of the faith experiences you post.
• Witnessing Activity: Record of the Testimonies you choose to verify and the specific tier you select (Believer, Shared Experience, or Eye-Witness).
• Interactions: Comments, encouraging reactions, and fellowship board messages.

iTestify utilizes **Supabase**, an enterprise-grade open-source backend platform built on PostgreSQL database architecture, to manage your profile and security credentials.

3.1 Encryption in Transit and at Rest

All communication between the client and Supabase is encrypted using TLS/HTTPS. Data is encrypted at rest using AES-256 cryptographic standards. Short-lived JWT session tokens verify your identity on each API request and are never shared with external domains.

3.2 Secure Row Level Security (RLS)

We implement strict Postgres Row Level Security (RLS) policies within Supabase. This means that:

• Your private draft testimonies are cryptographically restricted so that only your unique authenticated account UUID can query or modify them.
• User email addresses and secure notification tokens are locked down behind backend RLS filters, completely inaccessible to other users or external web scrapers.

We believe you should have complete command over how your spiritual presence is shared. We provide comprehensive settings in your Account Dashboard to configure your privacy bounds.

4.1 Profile and Testimony Visibility

You can configure your iTestify profile and published Testimonies under three visibility levels:

• Public: Visible to anyone on the internet, including search engine crawlers and logged-out visitors.
• Community-Only: Hidden from search engines and logged-out users. It can only be searched, read, and interacted with by other authenticated iTestify members.
• Private: Hidden from search and discovery. Only users you explicitly approve as "Fellowship Connections" can read your Testimonies.

4.2 Email Visibility Preference

To protect you from unwanted solicitation, your registered email address is kept hidden by default. You can opt to change this in your profile settings to **Fellowship Leaders Only** or **Public to Connections**.

4.3 Push Notifications (VAPID)

Our PWA supports push notifications via Web Push using secure VAPID keys. This is established directly between your browser and our secure backend, completely free of any ad-tracking frameworks.

We process your data strictly to fulfill our spiritual platform services. This includes:

• Delivering your feed, displaying Testimonies, and executing the witnessing tier system.
• Suggesting local fellowships, faith categories, or testimonies that align with your denominational or spiritual interests.
• Delivering push notifications to your device in accordance with your VAPID settings.
• Screening for blasphemous, fraudulent, abusive, or non-faith-oriented content, and preventing malicious automated crawling/scraping.

We do not share your personal information with third parties except under the following very limited circumstances:

• With Your Consent: When you choose to make a Testimony public, join a public Fellowship, or elect to share your email visibility.
• Service Constraints: We share metadata with necessary cloud infrastructure providers (e.g., Supabase, Vercel, push dispatchers) solely to execute the functional operations of the platform.
• Legal Compliance and Safety: If required to do so by applicable law, NDPR audits, or subpoenas.

7.1 Deactivation vs. Permanent Deletion

You can temporarily deactivate your account to hide your presence, or permanently delete it. In a permanent account deletion, we initiate a comprehensive database purge.

7.2 Testimony Anonymization Option

Because testimonies can have profound spiritual value and impact the faith journeys of others who have engaged with them, we offer you a choice upon permanent account deletion:

• Complete Erasure: All of your posted Testimonies are permanently deleted from the database.
• Anonymized Archiving: Your Testimonies remain on the platform to encourage others, but all associations with your name, username, email, and profile are completely stripped. The author name is permanently replaced with *"Anonymous Creator"* or *"Former Believer"*.

To maintain our premium, ad-free experience, we partner with a minimal number of trusted service providers bound by strict data processing agreements:

• Supabase, Inc. (Database hosting, Auth, secure media storage)
• Vercel, Inc. (PWA hosting and edge network caching)
• Postmark/SendGrid (Secure transactional email verifications)

In accordance with the **Nigeria Data Protection Act (NDPA 2023)** and the **Nigeria Data Protection Regulation (NDPR)**, users in Nigeria possess specific statutory data rights:

• Right to be Informed: Sincere disclosure of how your data is collected and processed (detailed in this policy).
• Right of Access & Portability: Request a digital copy of all personal data we hold about you and export it in a standard JSON format.
• Right to Rectification: Edit your profile details at any time.
• Right to Erasure (Forgotten): Request the permanent deletion of your profile data.
• Right to Object/Restrict: Withdraw consent to specific processing, adjust your profile privacy levels, and toggle email visibility.

To exercise any of these rights, please contact our Data Protection Officer at privacy@itestify.io.