← Home

Privacy Notice

Last updated: April 17, 2026

Who we are

Septem Horae (the "Service") is operated by Vicktor Moberg("we", "us"). We act as the data controller for personal data collected through the Service. You can reach us at [email protected].

What we collect, and why

  • Account data (email address, optional display name, optional avatar URL) — to create your account, sign you in, and personalize the Service. Legal basis: contract performance.
  • Prayer preferences and completions (which hours you pray, when, and your private journal entries) — to power the core Service: scheduling, streaks, and journaling. Legal basis: contract performance.
  • Timezone — to send notifications at the local times you choose. Legal basis: legitimate interests.
  • Push subscription data (browser endpoint and keys) — to deliver scheduled prayer reminders if you opt in. Legal basis: consent.
  • Technical data (IP address, device/user agent) — for security, fraud prevention, and to keep the Service running. Legal basis: legitimate interests.
  • Support correspondence — when you email us, to respond to your request. Legal basis: legitimate interests.

Who we share data with

  • Hosting and infrastructure providers — Lovable Cloud (which hosts our application and database).
  • Paddle — our Merchant of Record for Supporter purchases. When you purchase a Supporter tier, Paddle processes your payment, handles tax compliance, sends your receipt, and manages refunds. Paddle acts as an independent controller for the payment data you provide directly to them. See Paddle's privacy notice.
  • Authorities — where required by law.

How long we keep it

We retain your account, prayer, and journal data for as long as your account is active. If you delete your account, we delete or anonymise your personal data within a reasonable period. Supporter purchase records are retained as required by tax and accounting law (typically 6–10 years), held primarily by Paddle.

Your rights

Subject to your local law, you may have the right to access, correct, delete, restrict, or port your personal data, to object to processing, and to withdraw consent. EU/UK residents have these rights under GDPR/UK GDPR and may complain to a supervisory authority. To exercise any right, email [email protected]. We will respond within one month.

International transfers

Our service providers may store and process data outside your country. Where data leaves the UK or EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit, encrypted databases, and row-level access controls so that only you can see your prayer and journal data.

Cookies

We use only essential cookies and local storage to keep you signed in and to remember your prayer schedule. We do not use advertising or third-party analytics cookies.