Privacy Policy

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: When you create an account, we collect your email address, password (encrypted), and optional profile information such as your name and profile picture.
• Subscription Information: If you subscribe to a paid plan (Base, Premium, or Lifetime), we collect payment information through our secure payment processor, Stripe. We do not store your full credit card details on our servers.
• User-Generated Content: This includes your personal study notes, journal entries (created using our TipTap-powered rich text editor), highlights, bookmarks, prayer requests, and any content you share in study groups or community forums.
• Communication Data: Messages you send through our real-time chat feature in study groups, forum posts, and any correspondence with our support team.
• Waitlist Information: If you join our waitlist, we collect your email address and optional information about how you heard about us.

2.2 Information Collected Automatically

• Usage Data: We collect information about how you interact with our Service, including pages visited, features used, reading patterns, AI insights requested, and time spent in the application.
• Device Information: We collect information about the device you use to access our Service, including device type (mobile, tablet, desktop), operating system, browser type, and screen resolution.
• Log Data: Our servers automatically record information including your IP address, access times, and referring URLs.
• Location Information: We may collect general location information (country, timezone) based on your IP address to provide localized services and comply with regional regulations.
• Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to maintain your session, remember your preferences, and improve your experience.

2.3 Information from Third Parties

• Authentication Providers: If you choose to sign up using a third-party service (such as Google or Apple), we receive basic profile information from that service.
• Payment Processor: Stripe provides us with limited transaction information necessary to manage your subscription.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Improving Our Service

• Deliver AI-powered verse insights, cross-references, and contextual information
• Provide access to 8+ Bible translations including ESV, NIV, NASB, BSB, WEB, ASV, KJV, and YLT
• Enable personalized reading plans and track your reading progress
• Facilitate study groups with real-time chat functionality
• Power gamification features including streaks, achievements, and reading challenges
• Store and sync your notes, highlights, and bookmarks across devices
• Provide offline access to downloaded content

3.2 Communication

• Send transactional emails (account verification, password resets, subscription confirmations)
• Provide customer support and respond to your inquiries
• Send optional promotional communications (with your consent)
• Notify you about changes to our Service, policies, or terms

3.3 Analytics and Improvement

• Analyze usage patterns to improve our Service
• Conduct research and development for new features
• Monitor and analyze trends, usage, and activities
• Detect, prevent, and address technical issues

3.4 Legal and Security

• Comply with legal obligations and enforce our terms
• Protect against fraudulent, unauthorized, or illegal activity
• Ensure the security and integrity of our Service

4. AI-Powered Features and Data Processing

TheoScriptura uses artificial intelligence to enhance your Bible study experience. We want to be transparent about how AI processes your data:

4.1 How AI Features Work

• Verse Insights: When you request AI insights on a verse, the verse text and surrounding context are sent to AI model to generate theological explanations, historical context, and practical applications.
• Cross-References: AI analyzes thematic connections between passages to suggest related verses.
• Word Studies: AI provides Greek/Hebrew word analysis and linguistic context.
• Character/Theme Studies: AI generates comprehensive studies based on biblical content.

4.2 AI Data Handling

• No Training on Your Data: Your personal notes, highlights, journal entries, and study content are NOT used to train AI models.
• Data Minimization: We only send the minimum necessary biblical text and context to AI services—never your personal information, notes, or private content.
• Response Caching: To improve performance and reduce costs, we may cache AI responses for common queries (public biblical content only).

4.3 AI Limitations Disclaimer

AI-generated insights are designed to complement, not replace, traditional Bible study methods, pastoral guidance, or scholarly resources. While we train our AI prompts on respected theological sources (commentaries, lexicons, and scholarly works), AI can occasionally produce inaccuracies. We encourage users to verify important theological conclusions with trusted pastors, teachers, and established resources.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We work with trusted third-party service providers who assist us in operating our Service:

• Supabase: Database hosting, authentication, and real-time features
• AI: AI-powered verse insights and study features
• Stripe: Payment processing for subscriptions
• Vercel: Application hosting and analytics
• Email Service Providers: Transactional and marketing emails

These providers are contractually obligated to protect your information and may only use it to provide services to us.

5.2 Community Features

When you participate in community features, certain information becomes visible to other users:

• Your display name and profile picture in study groups and forums
• Content you choose to share publicly (notes, insights, prayer requests)
• Your reading streaks and achievements (if you enable public profile)
• Messages in study group chats (visible to group members)

5.3 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of TheoScriptura, our users, or others.

6. Advent Journey Buddy System

Our "Journey to the Manger" Advent experience includes an optional accountability buddy feature. This section explains how we handle data within this feature:

6.1 How Buddy Invitations Work

• No Unsolicited Contact: We never email someone who hasn't signed up themselves. Invitations are shared directly by users via their preferred channels (WhatsApp, SMS, email, etc.).
• Voluntary Signup: We only collect a buddy's email address when they voluntarily accept an invitation and provide their information.
• Invite Expiration: Buddy invite links expire after 7 days for security and privacy.

6.2 What Buddies Can See

• Visible: Your name, completion status (which days you've completed), and current streak
• Never Visible: Your email address, journal reflections, time of completion, or any personal notes
• Journal Privacy: Your journal reflections are private and encrypted. They are never shared with buddies, and we cannot read them.

6.3 Buddy Emails

• Types of Emails: Progress nudges, celebration notifications, and weekly recaps
• Frequency Limits: Maximum 1 promotional email per day, with at least 48 hours between nudges
• Email Preferences: You can customize or disable buddy emails at any time via the preferences page
• Fatigue Protection: We automatically pause emails after 3 consecutive unopened messages

6.4 Removing Buddy Relationships

You can remove a buddy pairing at any time. When you do, your buddy will be notified once, and all shared progress visibility will end immediately. Your personal data and reflections remain unaffected.

7. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Authentication: Secure password hashing using bcrypt, with optional two-factor authentication
• Access Controls: Role-based access controls and Row Level Security (RLS) in our database
• Regular Audits: Periodic security assessments and vulnerability testing
• Secure Infrastructure: Hosted on enterprise-grade cloud infrastructure with SOC 2 compliance

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

8. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for 30 days after deletion request to allow for recovery
• User Content: Notes, highlights, and bookmarks are retained until you delete them or your account
• Usage Data: Aggregated analytics data retained for up to 2 years
• Payment Records: Retained for 7 years as required by financial regulations
• Waitlist Data: Retained until you sign up for an account or request removal

You can request earlier deletion of your data by contacting us at privacy@theoscriptura.com.

9. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

9.1 All Users

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Data Export: Download your notes, highlights, and reading history
• Communication Preferences: Opt out of promotional emails at any time

9.2 European Economic Area (GDPR)

If you are in the EEA, you have additional rights:

• Lawful Basis: We process your data based on consent, contractual necessity, legitimate interests, or legal obligation
• Data Portability: Receive your data in a structured, machine-readable format
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Lodge Complaint: File a complaint with your local data protection authority

9.3 California Residents (CCPA/CPRA)

California residents have specific rights under the CCPA and CPRA:

• Right to Know: Categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: Equal service regardless of exercising privacy rights
• Right to Correct: Request correction of inaccurate information

To exercise these rights, contact us at privacy@theoscriptura.com. We will respond within 30 days (GDPR) or 45 days (CCPA).

10. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

• Essential Cookies: Required for authentication, security, and basic functionality
• Preference Cookies: Remember your settings (theme, reading preferences, font size)
• Analytics Cookies: Help us understand how you use our Service (via Vercel Analytics)

You can control cookies through your browser settings. Note that disabling essential cookies may affect the functionality of our Service.

We respect "Do Not Track" browser signals and do not track users who have enabled this feature.

11. Children's Privacy

Our Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@theoscriptura.com, and we will take steps to delete such information.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer your information internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses approved by the European Commission
• Data processing agreements with all third-party providers
• Compliance with applicable data protection frameworks

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last Updated" date, and sending you an email notification (for registered users). We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@theoscriptura.com
• General Inquiries: support@theoscriptura.com

For GDPR-related inquiries, you may also contact your local data protection authority.