My Mission PathMy Mission Path

Privacy Policy

Last updated: February 2026

1. Information We Collect

My Mission Path collects the minimum information necessary to provide our service. This includes:

Account Information

  • Name (first and last)
  • Email address
  • Password (securely hashed, never stored in plain text)
  • Birth date
  • Last active timestamp
  • Account settings (AI enabled/disabled, financial tracker visibility, reminder preferences, flexible mode option)

Mission Details

  • Gender (optional)
  • Age and mission eligibility status
  • Expected mission dates
  • Assigned mission location and language
  • Missionary Training Center (MTC) information

Usage Data

  • Journal entries you create and save
  • Preparation progress and task completion status
  • Settings and preference choices
  • Language practice, teaching practice, and mission readiness interactions
  • Daily AI feature usage for rate limiting purposes
  • Mission journey events (bishop interviews, mission calls, MTC start dates, and other Church-related milestones)
  • Daily practice and readiness habit tracking data (mindfulness practices, streaks, and skill development)
  • Contact form messages submitted through the application

Device Information

  • Browser type and version (for compatibility)
  • Operating system type
  • IP address (for authentication and security only)

Browser-Based Voice Features

Some features in My Mission Path may optionally use your browser's Web Speech API to enable voice input for language practice, pronunciation feedback, or voice-to-text functionality. When you enable voice features, your audio input is processed by your browser's speech recognition service. Please review your browser's privacy settings and the privacy policies of any third-party speech recognition providers to understand how voice data is handled. My Mission Path does not store audio recordings on our servers; audio is processed in real-time by your browser.

2. How We Use Your Information

Your information is used exclusively to:

  • Create and maintain your account
  • Provide personalized mission preparation features
  • Track your preparation progress and completed tasks
  • Enable AI-powered features (language practice, teaching scenarios, wellness support)
  • Enforce daily usage limits for AI features (200 interactions per day)
  • Store and retrieve your journal entries
  • Track optional mission savings data in the financial tracker feature
  • Remember your preferences and settings
  • Improve and maintain the platform's functionality
  • Comply with legal or regulatory requirements

3. AI Features and Data Processing

My Mission Path includes AI-powered features to support your mission preparation. Here's how they work:

How We Use Google Gemini AI

We use Google's Gemini 2.0 Flash AI model to power features including language practice conversations, teaching practice scenarios, and wellness coaching. These features are optional—you choose whether to use them.

Data Transmission to Google

When you use an AI feature, your input (text, context, and conversation content) is transmitted to Google's API servers in real-time to generate responses. Your message content is sent to Google's systems as part of this processing. Please review Google's Privacy Policy to understand how Google processes this data.

AI Conversation History and Session Summaries

Important: My Mission Path does not save or retain the full text of AI conversation messages. However, we generate AI-powered summaries of your AI sessions (including teaching practice, language practice, and mindfulness coaching sessions) which are stored in our database for your reference and to improve personalized features. These summaries are retained as long as your account exists and are permanently deleted when you delete your account. The full conversations themselves pass through Google's servers during processing, and you should review Google's data retention and use policies.

Daily Usage Limits

To ensure fair access, each user has a limit of 200 AI interactions per day. This limit is enforced on our server and resets daily. A local counter in your browser helps show your remaining messages, but the server-side check is the authoritative limit. We do not store detailed interaction logs.

Google's Use of Your Data

Google's Gemini API is governed by Google's standard privacy policies. Depending on your Google account settings and Google's current policies, data sent to Google's API may be used to improve their services. Refer to Google's Privacy Policy and Google Cloud Service Terms for complete details.

3b. Automated Decision-Making and AI Coaching

My Mission Path uses AI to provide personalized coaching and practice experiences through AI-powered character personas powered by Google Gemini.

AI-Generated Recommendations

Recommendations provided by AI characters (teaching practice scenarios, mindfulness guidance, skill coaching, and language practice) are generated by AI and are advisory in nature. These recommendations are not legally binding decisions and should not be treated as professional advice from medical, financial, or theological experts.

Right to Human Review

You have the right to request human review of any AI-generated recommendations or coaching provided through the app. To request human review or clarification, please contact us at mymissionpath@gmail.com with details of the specific recommendation you wish to discuss.

AI Character Personas

My Mission Path features AI-powered character personas — named individuals with distinct personalities — designed to create realistic, conversational practice experiences. These characters are powered by Google's Gemini AI model. They do not represent actual individuals and are tools to help you practice teaching and build confidence before your mission.

4. Data Storage and Security

Where Your Data Is Stored

  • Database: Supabase (PostgreSQL), located in secure cloud infrastructure
  • Hosting: Vercel, a globally distributed CDN and hosting platform
  • Local Storage: Some preferences and usage counters are stored in your browser's localStorage

Security Measures

  • Passwords: All passwords are hashed using industry-standard algorithms and are never stored in plain text
  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS (HTTPS)
  • Database Security: Supabase provides enterprise-grade security with encryption at rest and role-based access control
  • Access Controls: Only authorized personnel can access user data, and such access is logged

Data Breaches

In the unlikely event of a data breach, we will notify affected users as required by applicable laws and regulations. For users subject to GDPR, we will notify you within 72 hours of becoming aware of the breach, as required by Article 34. We will investigate the breach, take corrective action, and cooperate with relevant authorities.

5. Data Retention

We retain your data for as long as your account is active. Here's our retention schedule:

  • Active Account: All data is retained while your account exists
  • Account Deletion: When you delete your account (available in Settings), all personal data is permanently deleted within 30 days, including journal entries, progress records, and account information. Contact messages are de-linked from your account (the userId is set to null) and retained for support purposes for up to 90 days, then permanently deleted. You can request full deletion of your contact messages by emailing mymissionpath@gmail.com
  • Login Sessions: Your authentication session persists until you log out or 30 days pass without activity
  • AI Session Summaries: AI-generated session summaries are retained as long as your account exists and are permanently deleted when you delete your account
  • Contact Form Messages: Messages submitted through contact forms are retained for 90 days for support and customer service purposes, then permanently deleted
  • Backup Data: Supabase maintains automated backups for disaster recovery, which may retain data for up to 30 days after deletion for recovery purposes only

6. Third-Party Services

My Mission Path relies on trusted third-party services to operate. Here's what data each service receives:

Google Gemini AI (Google Cloud)

  • Data Shared: AI conversation messages, user input for language/teaching practice
  • Purpose: Generate AI responses for features
  • Privacy Policy: Google Privacy Policy

Supabase (Database & Authentication)

  • Data Shared: All account data, mission details, journal entries, settings, and progress data
  • Purpose: Store and manage your data securely
  • Privacy Policy: Supabase Privacy Policy

Vercel (Hosting & Deployment)

  • Data Shared: Application code and basic server logs (IP addresses, request metadata)
  • Purpose: Host the application and serve it to users globally
  • Privacy Policy: Vercel Privacy Policy

External Links

My Mission Path may contain links to official Church resources on ChurchofJesusChrist.org. These external sites have their own privacy policies. We encourage you to review their policies before sharing any information.

6b. International Data Transfers

My Mission Path operates with data processors located outside the European Union. If you are a resident of the EU, EEA, or other regions with data protection laws, your personal data may be transferred to and processed in countries that may not provide an equivalent level of data protection.

Standard Contractual Clauses

To ensure adequate protection for your data when transferred internationally, My Mission Path relies on Standard Contractual Clauses (also known as Model Clauses) approved by the European Commission. These clauses are incorporated into our agreements with the following data processors:

  • Supabase (Database): Processes and stores your personal data in secure cloud infrastructure with Standard Contractual Clauses in place
  • Vercel (Hosting): Hosts the application and processes server logs under Standard Contractual Clauses
  • Google Cloud (AI Services): Processes AI requests through Google's Gemini API under Google's data processing terms

By using My Mission Path, you consent to the transfer of your personal data to countries outside your country of residence, which may have different data protection laws.

7. Cookies and Local Storage

Cookies

We use only essential cookies to maintain your login session. Specifically:

  • NextAuth.js Session Cookie: Stores encrypted session information to keep you logged in. Expires when you log out or after 30 days of inactivity.

We do not use tracking cookies, advertising cookies, or analytics cookies. We do not share cookie data with advertisers.

Local Storage

We use browser localStorage for non-sensitive data that improves your experience:

  • Daily AI Usage Counter: Tracks your AI feature usage for the day (200 interactions per day limit)
  • UI Preferences: Remembers display settings like theme preference, collapsed sections, or other UI state

localStorage is stored locally on your device and is not transmitted to our servers.

8. Age Requirement

Minimum Age

My Mission Path is intended for users who are 16 years of age or older. We do not knowingly collect personal information from anyone under 16. Our account registration process requires users to confirm they are at least 16 years old.

If We Discover a User Under 16

If we become aware that a user under 16 has created an account, we will take immediate steps to delete their account and associated data.

Parent or Guardian Concerns

If you are a parent or guardian and believe someone under 16 has created an account or provided information to My Mission Path, please contact us at mymissionpath@gmail.com. We will verify and delete the account and associated data.

9. Your Privacy Rights

You have the following rights regarding your personal data:

  • Right to Access: You can view all personal data associated with your account by logging in
  • Right to Correct: You can update or correct your information through account settings
  • Right to Delete: You can delete your account and all associated data through Settings. We will permanently remove your data within 30 days
  • Right to Export: You can request a copy of your data in a machine-readable format by contacting mymissionpath@gmail.com
  • Right to Withdraw Consent: You can stop using AI features at any time; simply don't use those features

10. Your Rights Under GDPR (EU & EEA)

Legal Basis for Processing

We process your personal data under the following legal bases under GDPR:

  • Consent: For non-essential features (AI features, analytics improvements)
  • Legitimate Interest: To provide, maintain, and improve the service; to enforce our terms; and to protect against fraud
  • Contract Performance: To provide the service you've requested

Your GDPR Rights

If you are a resident of the EU or EEA, you have the following additional rights:

  • Right to Access (Article 15): Request a copy of your personal data
  • Right to Rectification (Article 16): Correct inaccurate data
  • Right to Erasure (Article 17): Request deletion of your data (right to be forgotten)
  • Right to Restrict Processing (Article 18): Limit how we use your data
  • Right to Data Portability (Article 20): Receive your data in a portable format
  • Right to Object (Article 21): Object to certain types of processing
  • Right to Lodge a Complaint: File a complaint with your national data protection authority

How to Exercise Your Rights

To exercise any of these rights, contact us at mymissionpath@gmail.com with your request. We will respond within 30 days of receiving your request.

11. Your Rights Under CCPA (California)

Data Sales

We do not sell or share your personal information for profit. We do not sell, rent, lease, or otherwise disclose your personal information to third parties in exchange for monetary or other valuable consideration.

Your CCPA Rights

If you are a California resident, you have the following rights:

  • Right to Know: Request what personal information we have collected about you
  • Right to Delete: Request deletion of personal information we have collected from you
  • Right to Opt-Out: Opt out of any future data sales (though we do not currently sell data)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

How to Submit a Request

To submit a CCPA request, contact us at mymissionpath@gmail.com. We will verify your identity and respond within 45 days.

12. Changes to This Policy

We may update this privacy policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

If we make material changes that significantly expand our collection or use of your data, we will notify you by email or through the application. Your continued use of My Mission Path after such changes constitutes your acceptance of the updated privacy policy.

We encourage you to review this policy periodically to stay informed about how we protect your privacy.

13. Contact Us

If you have questions about this privacy policy, our privacy practices, or your personal data, please contact us using one of the following methods:

In-App Contact Form

If you are logged in, you can submit privacy inquiries through a contact form available in your account settings. Click on Settings and then "Privacy & Support" to access the contact form.

We will respond to privacy inquiries within 7-10 business days. For GDPR or CCPA requests, we will respond within the timeframe specified by applicable law.

Summary of Data Handling

  • ✓ We collect only necessary data
  • ✓ Your password is hashed and encrypted
  • ✓ Full AI conversations are not stored; AI session summaries are retained
  • ✓ We use zero tracking or advertising
  • ✓ You can delete your account anytime
  • ✓ We comply with GDPR, CCPA, and COPPA
  • ✓ We do not sell your data