Introduction
Footprints ("the App") is a personal Bible study and wellness companion developed by Christopher Lee Murray
("we," "us," or "our"). We believe your spiritual life is deeply personal, and we have designed Footprints
with privacy as a foundational principle. This Privacy Policy applies to all surfaces Footprints runs on —
phones and tablets, Wear OS watches, Android TV, Android Auto, and Android Automotive (AAOS) — and the
standalone Footprints Digital watch face. It explains what data the App collects, how it is used,
and how it is protected.
The short version: Your data stays on your device by default. AI processing happens
on-device. If you opt into cross-device sync, your data is end-to-end encrypted before it ever leaves
your phone — not even we can read it.
1. Data We Collect
1.1 Data you provide directly
- Study progress: Which books, chapters, and verses you have read or completed in the KJV
Bible.
- Notes and highlights: Any annotations, tags, or notes you attach to scripture passages.
- Journal entries: Personal reflections you write in the Sacred Reflection journal.
- Quiz responses: Answers and scores from the quiz feature.
- Study schedule preferences: Frequency, reminder times, and focus themes you configure.
1.2 Data collected through device sensors (with your permission)
- Activity data: Step count, walk duration, exercise type, and mindfulness session
records — written to and read from Android Health Connect with your explicit permission.
- Location data: GPS coordinates during Mindful Walks, only if you enable route tracking.
Location data is stored locally on your device.
- Activity recognition: Motion sensor data used to detect walking and suggest mindful
walks. This data is processed on-device and is not stored.
1.3 Account and authentication data
- Google account information: If you sign in with Google, we receive your name, email
address, and profile photo from Google. This is used solely for authentication and to identify your sync
account.
1.4 Data collected automatically
- Ad interaction data: If you choose to watch a rewarded ad (via Google AdMob), AdMob may
collect device identifiers, IP address, and ad interaction data in accordance with Google's Privacy Policy.
- Purchase data: If you make a contribution via Google Play Billing, Google processes the
transaction. We receive confirmation of the purchase but do not receive or store your payment details.
2. How We Use Your Data
| Data |
Purpose |
Where processed |
| Study progress & notes |
Track your Bible study journey; generate quizzes and study suggestions |
On-device only |
| Journal entries |
Provide AI-powered biblical context and personal reflections |
On-device (Gemini Nano) |
| Health & activity data |
Record and display mindful walk metrics; write to Health Connect |
On-device only |
| Location (GPS) |
Map your walk route (opt-in only) |
On-device only |
| Google account info |
Authentication and cross-device sync identification |
On-device + Google's servers |
| Scripture text-to-speech |
Verse-by-verse spoken scripture ("TTS by Verse" mode) |
Android system TTS engine, on-device |
| Streamed chapter audio |
Natural narration ("Narration by Chapter" mode and in-car / on-watch playback) |
Streamed from Cloudflare R2; cached locally |
| AI Confidant model files |
Downloaded once for on-device AI inference |
Fetched from Cloudflare R2; runs on-device |
| Phone ↔ watch state |
Mirror current chapter / playback to the wrist; surface complications + tile |
Wearable Data Layer (paired-device link) |
| Cast control to TV |
"Play this chapter on TV" hand-off when a Cast device is selected |
Google Cast SDK (local network) |
3. On-Device AI Processing
Footprints uses on-device AI (Google's Gemini Nano via the ML Kit and AI Core APIs) for features such as
study suggestions, journal reflections, scripture resonance, and quiz generation. All AI inference runs
locally on your device. Your journal entries, study data, and personal notes are never sent to
external AI servers.
If your device does not support on-device AI, these features gracefully degrade to curated, static content —
they do not fall back to cloud AI processing.
4. Cross-Device Sync and Encryption
If you choose to enable cross-device sync, Footprints stores your data in a hidden application-specific
folder within your personal Google Drive account (appDataFolder). This folder is invisible in
your Drive interface and inaccessible to other applications.
End-to-end encryption: Before any data leaves your device, it is encrypted using
AES-256-GCM with a key derived from a passphrase you create (via Argon2id key derivation). We never see,
store, or transmit your passphrase or encryption key. This is zero-knowledge encryption — not even
Google can read your synced data.
The Google Drive OAuth scope used is drive.appdata, which is classified as non-sensitive by
Google and grants access only to the hidden app-specific folder — not to your other Drive
files.
If you forget your passphrase, your synced data cannot be recovered. This is by design.
5. Third-Party Services
Footprints integrates with the following third-party services:
- Google Sign-In: For authentication. Subject to Google's Privacy Policy.
- Google Drive API: For optional cross-device sync (
appDataFolder scope
only).
- Google Play Billing: For processing optional contributions. Google processes payments;
we do not receive your financial details.
- Google AdMob: For optional rewarded video ads. AdMob collects device and ad interaction
data per Google's policies. You are never required to watch ads — this is always a choice.
- Android Health Connect: For reading and writing exercise and mindfulness session data.
All Health Connect data remains on-device unless you configure Health Connect to sync elsewhere
independently.
- Cloudflare R2 (object storage): Hosts the public-domain KJV narration audio and the
AI Confidant model files. Your device fetches these as static assets over HTTPS — no account, no
credentials, no personal data is sent. Cloudflare's edge servers see your IP address and the URL of the
file you request, as is standard for any web download. Audio is cached locally so repeat playback is
offline. Subject to Cloudflare's Privacy
Policy.
- Android system TTS: Verse-by-verse spoken scripture uses the on-device TTS engine
provided by Android (typically Google Speech Services or the manufacturer's). No scripture text leaves
your device for this feature; the system engine renders speech locally.
- Google Play Services — Wearable Data Layer: Synchronises playback state and the daily
verse between a paired phone and watch. The link is between your two devices; nothing is stored on
Google's servers as part of this exchange beyond what Google Play Services itself transports.
- Google Cast SDK: Discovers Cast-enabled TVs on your local network so you can hand off
a chapter from your phone to your TV. Cast discovery is local-network only; no scripture content is
sent through Google's servers.
6. Data Storage and Retention
All Footprints data is stored locally on your device using an SQLite database and Android DataStore. Data
persists until you choose to delete it or uninstall the App.
If you enable cross-device sync, encrypted copies of your data are stored in your Google Drive appDataFolder
and count toward your personal Google Drive storage quota. You can disable sync or delete synced data at any
time from the App's settings.
7. Data Sharing
We do not sell, rent, or share your personal data with any third parties.
The only circumstances under which your data leaves your device are:
- Cross-device sync (opt-in, end-to-end encrypted, stored in your own Google Drive)
- Audio narration streaming and AI Confidant model downloads (a request to Cloudflare R2 for a static
asset; no personal data is sent — only the file URL and your IP)
- Phone↔watch state mirroring (opt-in, between your own paired devices via the Wearable Data Layer)
- Cast hand-off to TV (opt-in, local-network discovery of Cast devices)
- Rewarded ads (opt-in, ad interaction data collected by Google AdMob)
- If required by law, court order, or legal process
8. Children's Privacy
Footprints is not directed at children under the age of 13. We do not knowingly collect personal information
from children under 13. If you believe a child has provided us with personal information, please contact us
and we will take steps to delete such information.
9. Your Rights and Choices
- Access and deletion: All your data is on your device. You can view, export, or delete
it at any time through the App's settings.
- Sync control: You can enable or disable cross-device sync at any time. Disabling sync
does not delete previously synced data from your Drive — you can delete that separately from settings.
- Permissions: You can revoke any permission (location, activity recognition, Health
Connect) at any time through Android's system settings. Features that depend on revoked permissions will
degrade gracefully.
- Ad preferences: You can manage ad personalization settings through your Google Account
settings.
10. Security
We take reasonable measures to protect your data, including:
- AES-256-GCM encryption with Argon2id key derivation for all synced data
- Android Keystore for secure local key storage
- All network communication over HTTPS/TLS
- On-device AI processing to minimize data exposure
- Non-sensitive OAuth scopes to limit access
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through
the App or by updating the effective date at the top of this page. Your continued use of the App after
changes are posted constitutes acceptance of the updated policy.
12. Contact
If you have questions or concerns about this Privacy Policy or your data, please contact us at:
Email: leechristophermurray@gmail.com