Privacy Policy

bible-app (“we”, “us”) operates the bible-app web application (the “Service”). This Privacy Policy explains what data we collect when you use the Service, how we use it, and the rights you have over that data.

1. Information we collect

We collect only what we need to run the Service:

• Account data. Email address (from the magic link or Google sign-in flow). We never see your password or your Google account directly.
• Profile preferences. Bible translation, devotional goal, and tradition you choose during onboarding so we can tune the daily reflection and chat to you.
• Devotion activity. Which days you completed, your streak, which verses/reflections/prayers you marked done. This is used solely to render your calendar and streak.
• Chat queries and AI responses. What you ask in the Bible Chat tab, and the responses you receive. Anonymized queries may be stored in a shared answer cache to speed up future answers for everyone — this cache contains the question text and the AI response, but no link back to which user asked it.
• Payment metadata. If you subscribe to Plus or buy a Pastor minute pack, we store the Stripe subscription / customer identifiers and the high-level state (active, trialing, canceled). We do not see your card number, CVC, or billing address — those go directly to Stripe.
• Technical data. Standard server logs (IP, user agent, timestamps) and product-analytics events via PostHog (page views, button taps). We use this only to debug bugs and to measure whether features are working.

2. How we use your data

• To deliver the Service: showing your daily devotion, streak, chat history, etc.
• To personalize the AI reflection and chat to your translation and tradition.
• To process Plus subscriptions and Pastor minute packs via Stripe.
• To send necessary transactional emails (sign-in links, receipts).
• To improve quality — debugging, fixing crashes, monitoring usage patterns.

We do not sell your personal data. We do not show advertising. Plus subscriptions are how the Service is funded.

3. Third-party processors

We use a small number of carefully-selected processors. Each handles a specific piece of the workflow and only sees the data needed for that piece:

• Supabase (database + authentication hosting). Stores your account, profile, and activity. See Supabase's privacy page for their own disclosures.
• OpenAI (AI inference). Receives the text of your chat question and the relevant Bible passages to generate the response. Per OpenAI's API policy, data sent via the API is not used to train their models by default.
• Stripe (payments). Handles all card data end-to-end. We never receive it.
• PostHog (product analytics). Receives anonymized usage events. We do not send PostHog the content of your chats or personal devotions.
• Resend (transactional email, where configured). Sends sign-in magic links and receipts.

4. Cookies and local storage

We use cookies and your browser's local storage for:

• Authentication — the Supabase session cookie keeps you signed in.
• Preferences — your reading font size, last-opened Bible chapter, dismissed onboarding hints.
• Analytics — anonymized PostHog identifier.

We do not use third-party tracking cookies for advertising. You can clear cookies and local storage at any time via your browser.

5. Data retention

Account and profile data are retained while your account is active. When you delete your account, we delete or anonymize your personal data within 30 days, subject to retention obligations for billing records (typically up to 7 years for tax compliance).

6. Your rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data via your profile settings.
• Delete your account and associated data.
• Export your data in a portable format.
• (EU/UK users) Object to processing, restrict processing, and lodge a complaint with your local data-protection authority.

To exercise any of these, email us at support@bible-app.example. We aim to respond within 30 days.

7. Children

The Service is intended for users 13 years of age and older (16 in jurisdictions that require parental consent below that age). We do not knowingly collect personal data from younger children. If you believe we have collected data from a child below this age, please contact us at support@bible-app.example and we will delete it.

8. International data transfers

Our processors (Supabase, OpenAI, Stripe, PostHog) are based in the United States. By using the Service from outside the US, you consent to the transfer of your data to the US under the terms of our processors' respective data-processing agreements.

9. Security

We protect your data with HTTPS in transit, encrypted-at-rest storage via Supabase, and access controls on all administrative systems. No system is perfectly secure; if we become aware of a breach affecting your data, we will notify you within 72 hours.

10. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the current version. Material changes will be announced via email or an in-app notice before they take effect.

11. Contact

Questions about this Privacy Policy or your data? Email support@bible-app.example.