Account and sessions
Accounts use email, password-based sessions, and recovery receipts so a user can return to goals, guidance history, and account-backed diary entries when signed in and online.
Faith Companion is built around a simple boundary: sources are governed, private notes belong to the user, and the app must keep those worlds separate.
Accounts use email, password-based sessions, and recovery receipts so a user can return to goals, guidance history, and account-backed diary entries when signed in and online.
Diary notes, goals, and private reflections are user space. They are not reviewed doctrine, source approval evidence, clergy advice, or emergency monitoring.
Guest diary entries stay local to the current browser or device. The mobile app stores local diary bodies as AES-GCM encrypted payloads, keeps the diary key in OS secure storage when available, supports device-lock behavior, and keeps offline source packs separate from private notes.
Operational analytics and feedback should measure product health without storing diary contents or sensitive free-text spiritual struggle as analytics payloads.
Private diary entries can be exported or deleted, and the hosted deletion page uses the signed-in browser session for immediate deletion or an email verification request otherwise.
Downloaded packs contain source text, search data, checksums, and rights metadata. They do not contain account identity, diary notes, or private user reflections.