Privacy Policy

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: When you create an account, we collect your email address, password (encrypted), and optional profile information such as your name and profile picture.
• Subscription Information: If you subscribe to a paid plan such as Plus, we collect payment information through our secure payment processor, Stripe. We do not store your full credit card details on our servers.
• User-Generated Content: This includes your personal study notes, Advent reflection entries, highlights, bookmarks, prayer requests, and any content you share in study groups or community forums if forum features are made available.
• Communication Data: Messages you send through our real-time chat feature in study groups, forum posts if forum features are made available, and any correspondence with our support team.
• Updates Information: If you subscribe for updates, we collect your email address and optional information about how you heard about us.

2.2 Information Collected Automatically

• Usage Data: We collect information about how you interact with our Service, including pages visited, features used, reading patterns, AI insights requested, and time spent in the application.
• Device Information: We collect information about the device you use to access our Service, including device type (mobile, tablet, desktop), operating system, browser type, and screen resolution.
• Log Data: Our servers automatically record information including your IP address, access times, and referring URLs.
• Location Information: We may collect general location information (country, timezone) based on your IP address to provide localized services and comply with regional regulations.
• Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to maintain your session, remember your preferences, and improve your experience.

2.3 Information from Third Parties

• Authentication Providers: If you choose to sign up using a third-party service (such as Google or Apple), we receive basic profile information from that service.
• Payment Processor: Stripe provides us with limited transaction information necessary to manage your subscription.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Improving Our Service

• Deliver AI-powered verse insights, reference previews, planned cross-reference discovery, and contextual information
• Provide access to 8 public domain Bible translations including LSV, BSB, WEB, ASV, YLT, KJV, NHEB, and Darby
• Enable personalized reading plans and track your reading progress
• Facilitate study groups with real-time chat functionality
• Power gamification features including streaks, domain milestones, and planned achievement features
• Store and sync your notes, highlights, and bookmarks across devices
• Provide offline access to downloaded Bible translations

3.2 Communication

• Send transactional emails (account verification, password resets, subscription confirmations)
• Provide customer support and respond to your inquiries
• Send optional promotional communications (with your consent)
• Notify you about changes to our Service, policies, or terms

3.3 Analytics and Improvement

• Analyze usage patterns to improve our Service
• Conduct research and development for new features
• Monitor and analyze trends, usage, and activities
• Detect, prevent, and address technical issues

3.4 Legal and Security

• Comply with legal obligations and enforce our terms
• Protect against fraudulent, unauthorized, or illegal activity
• Ensure the security and integrity of our Service

4. AI-Powered Features and Data Processing

TheoScriptura uses artificial intelligence to enhance your Bible study experience. We want to be transparent about how AI processes your data:

4.1 How AI Features Work

• Verse Insights: When you request AI insights on a verse, the verse text and surrounding context are sent to AI model to generate theological explanations, historical context, and practical applications.
• Cross-References: AI analyzes thematic connections between passages to suggest related verses.
• Word Studies: AI provides Greek/Hebrew word analysis and linguistic context.
• Character/Theme Studies: AI generates comprehensive studies based on biblical content.

4.2 AI Data Handling

• No Training on Your Data: Your personal notes, highlights, Advent reflection entries, and study content are NOT used to train AI models.
• Data Minimization: We only send the minimum necessary biblical text and context to AI services, never your personal information, notes, or private content.
• Response Caching: To improve performance and reduce costs, we may cache AI responses for common queries (public biblical content only).

4.3 AI Limitations Disclaimer

AI-generated insights are designed to complement, not replace, traditional Bible study methods, pastoral guidance, or scholarly resources. While we train our AI prompts on respected theological sources (commentaries, lexicons, and scholarly works), AI can occasionally produce inaccuracies. We encourage users to verify important theological conclusions with trusted pastors, teachers, and established resources.

5. How We Share Your Information

We do NOT sell your personal information as defined under CCPA or any other privacy law.

We may share your information in the following limited circumstances:

5.1 Service Providers

We work with trusted third-party service providers who assist us in operating our Service:

• Supabase: Database hosting, authentication, and real-time features
• AI: AI-powered verse insights and study features
• Stripe: Payment processing for subscriptions
• Vercel: Application hosting and analytics
• Email Service Providers: Transactional and marketing emails

These providers are contractually obligated to protect your information and may only use it to provide services to us.

5.2 Community Features

When you participate in community features, certain information becomes visible to other users:

• Your display name and profile picture in study groups and planned forums
• Content you choose to share publicly (notes, insights, prayer requests)
• Your reading streaks and domain milestones (if you enable public profile)
• Messages in study group chats (visible to group members)

5.3 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of TheoScriptura, our users, or others.

6. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Authentication: Secure password hashing using bcrypt, with optional two-factor authentication
• Access Controls: Role-based access controls and Row Level Security (RLS) in our database
• Regular Audits: Periodic security assessments and vulnerability testing
• Secure Infrastructure: Hosted on enterprise-grade cloud infrastructure with SOC 2 compliance

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

7. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy:

• Account profile data is retained while your account is active and for 30 days after a verified deletion request to allow recovery.
• Study content, Ask history, saved memory, notes, highlights, bookmarks, reading progress, and user-created plans are retained until you delete them or complete a verified account deletion request.
• Community content such as group discussions, shared plans, and Lifegroup guides is reviewed during deletion so shared records can be removed, anonymized, or retained where needed to preserve other users' records.
• Payment records are retained for legal, tax, fraud-prevention, and accounting requirements even when account access is removed.
• Usage Data: Aggregated analytics data retained for up to 2 years
• Payment Records: Retained for 7 years as required by financial regulations
• Waitlist Data: Retained until you sign up for an account or request removal
• Ask and Feedback Metadata: Ask question request metadata: anonymized after 90 days
• Ask and Feedback Metadata: Ask diagnostic traces: anonymized after 90 days
• Ask and Feedback Metadata: Knowledge-gap notification requests: deleted after 30 days

You can request earlier deletion of your data by contacting us at support@theoscriptura.com.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

8.1 All Users

• Access: request a copy of your account data by emailing support@theoscriptura.com
• Correction: update profile information in settings or ask support to correct inaccurate information
• Deletion: request verified deletion of your account and associated data, subject to legal and payment-record retention exceptions
• Data Export: request a structured export of profile data, study content, Ask history, reading progress, plans, groups, Lifegroup guides, and subscription records available to us
• Communication Preferences: opt out of promotional emails at any time

8.2 European Economic Area (GDPR)

If you are in the EEA, you have additional rights:

• Lawful Basis: We process your data based on consent, contractual necessity, legitimate interests, or legal obligation
• Data Portability: Receive your data in a structured, machine-readable format
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Lodge Complaint: File a complaint with your local data protection authority

8.3 California Residents (CCPA/CPRA)

California residents have specific rights under the CCPA and CPRA:

• Right to Know: Categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: Equal service regardless of exercising privacy rights
• Right to Correct: Request correction of inaccurate information

To exercise these rights, contact us at support@theoscriptura.com. We will respond within 30 days (GDPR) or 45 days (CCPA, with possible 45-day extension for complex requests upon notice).

9. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

• Essential Cookies: Required for authentication, security, and basic functionality
• Preference Cookies: Remember your settings (theme, reading preferences, font size)
• Analytics Cookies: Help us understand how you use our Service (via Vercel Analytics)

You can control cookies through your browser settings. Note that disabling essential cookies may affect the functionality of our Service.

We respect "Do Not Track" browser signals and do not track users who have enabled this feature.

10. Children's Privacy

Our Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@theoscriptura.com, and we will take steps to delete such information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer your information internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses approved by the European Commission
• Data processing agreements with all third-party providers
• Compliance with applicable data protection frameworks

12. Automated Decision-Making

We use automated systems to provide certain features of our Service:

• AI-Generated Content: Our AI features analyze biblical text to generate insights, cross-references, and study materials. These are computational analyses, not human-reviewed content.
• Rate Limiting: We use automated systems to enforce usage limits and prevent abuse.
• Content Moderation: We may use automated tools to detect potential violations of our Community Guidelines, subject to human review for enforcement actions.

You have the right to request human review of any automated decision that significantly affects you. Contact us at support@theoscriptura.com to request a review.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last Updated" date, and sending you an email notification (for registered users). We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: support@theoscriptura.com

For GDPR-related inquiries, you may also contact your local data protection authority.