Privacy Policy

1) Scope & Audience

This Policy applies to individuals who visit or use the Service within the United States only. We offer and market the Service solely in the United States. If you are located outside the U.S., you must not use the Service. The Service is intended for individuals who are 18 years of age or older; you must not use the Service if you are under 18. If you access the Service on behalf of an organization, you represent you have authority to do so and share information in accordance with that organization's policies.

2) U.S.-Only Availability (No International Offering)

We do not offer the Service to individuals located outside the United States and we do not target or monitor individuals outside the U.S. We may implement geoblocking and other measures (e.g., IP/billing checks) to enforce this intent. If we learn that we have inadvertently collected personal information from a non‑U.S. resident or from use originating outside the U.S., we will assess and, if appropriate, delete such information upon request (see §12).

3) Information We Collect

We collect the following categories of information:

• Account & Identity Data: name, email, username, password or SSO identifiers, phone number (if provided or required for security/trial eligibility), role/organization (if provided).
• Payment Data: provided to our payment processor (e.g., card brand, last 4 digits, expiration, billing address), and transaction records. We do not store full payment card numbers.
• Usage Data: features used, pages visited, time spent, device/browser info, IP address (anonymized), and interaction patterns.
• User Content: prompts, responses, uploaded files, notes, preferences, and other content you create or share.
• Communications: emails/messages you send us (support, legal, feedback) and our correspondence with you.

We ask you not to upload/enter sensitive personal information (e.g., health, government IDs, precise geolocation, biometric templates). If you choose to upload it, you do so at your own risk.

4) Sources of Information

• Directly from you when you create an account, use features, or communicate with us.
• Automatically from your device/browser via cookies, SDKs, and logs.
• From third parties (e.g., payment processors, analytics providers) as permitted by law.

5) How We Use Information

We use information to:

• Provide and operate the Service (including AI processing of prompts/outputs).
• Personalize content and features (e.g., saved history, preferred Bible translations).
• Process payments and manage subscriptions.
• Communicate with you (service updates, support, legal notices).
• Improve the Service through analytics and research.
• Comply with legal obligations and protect rights.
• Security & fraud prevention: including account protection, abuse prevention, and eligibility controls for promotions/free trials (e.g., phone verification, 2FA).

6) AI Transparency

• Processing: We process your prompts, files, and other inputs to generate outputs and to provide features such as history, re-runs, and personalization.
• Model Providers: We may route data to third-party AI model providers and infrastructure processors to fulfill your requests and operate the Service. These third-party services are governed by their own terms and privacy policies, which may change over time. While we do not control those independent policies end-to-end, we exercise reasonable diligence in selecting providers, seek contractual commitments limiting their use of data to providing services to us, and minimize what we send where feasible. Some providers may retain limited logs for security, abuse prevention, reliability, or as required by law under their policies.
• Training: We do not use your personal information to train our AI models without your explicit consent.

7) Disclosure of Information

We disclose personal information to:

• Service Providers/Processors (cloud hosting, AI model providers, analytics, payments, email, support tools) bound by contractual confidentiality and security obligations.
• Affiliates for internal business operations consistent with this Policy. We may also send you marketing about our other products and services; we do not disclose your email/contact details to third parties for their own marketing purposes without your consent.
• Legal/Compliance recipients when required by law, subpoena, or to protect rights, safety, or the Service.
• Business Transfers (e.g., merger, acquisition, financing, or sale of assets). We will notify you of material changes to data handling.

We do not sell personal information or process it for targeted advertising (including "sharing" for cross‑context behavioral advertising) under applicable U.S. state privacy laws. If this changes, we will update this Policy and present the legally required opt‑out options.

8) Your Privacy Rights (U.S.)

Depending on your state of residence (e.g., CA, CO, CT, VA, UT, TX), you may have some or all of the following rights:

• Access/Know the categories and specific pieces of personal information we collected about you.
• Correct inaccurate personal information.
• Delete personal information (subject to certain exceptions).
• Opt‑out of the sale or sharing of personal information (if applicable).
• Limit the use and disclosure of sensitive personal information (if applicable).
• Portability of personal information in a structured, commonly used format.
• Non‑Discrimination for exercising your rights.

Marketing communications. You can opt out of promotional emails (including cross‑promotions for related services) at any time by clicking Unsubscribe in the email or by contacting us at privacy@aibiblescholar.app; your choice will not affect transactional or account‑related emails.

9) Data Retention

We retain information for the shortest time necessary to achieve the purposes in this Policy, unless a longer period is required by law. Typical periods:

• Account profile & settings: retained while your account is active; deleted within 30–90 days of closure.
• Phone & verification metadata: retained while your account is active; one‑time OTP logs typically retained up to 30 days for security/audit, then deleted or aggregated.
• User Content (prompts, notes, files): retained while your account is active or until you delete it; backups roll off within ~30 days.
• Usage & analytics data: typically retained for up to 2 years in aggregated/de‑identified form.
• Payment records: retained as required by law (typically 7 years).
• Communications: retained for the duration of the conversation plus reasonable follow‑up period.

10) Cookies & Tracking Technologies

We use:

• Strictly necessary cookies to operate the Service and keep you signed in.
• Functional & performance cookies to remember preferences and measure reliability.
• Analytics SDKs/tools to understand usage and improve features.

See our Cookie Policy for details and controls. Some browsers offer Global Privacy Control (GPC); when detected and applicable, we will honor it for opt‑out preferences that we support.

11) Security

We implement administrative, technical, and physical safeguards appropriate to the nature of the data (e.g., encryption in transit, role‑based access, logging/monitoring). No system is 100% secure. If we discover a security incident affecting your data, we will investigate and notify you and/or regulators as required by law.

12) Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us so we can delete it.

13) Data Storage & Transfers

We store and process data in the United States. Our processors may store/process data in other locations to provide their services, subject to contractual protections. We do not rely on international transfer mechanisms for GDPR because we do not offer the Service to EU/EEA/UK residents.

14) Third‑Party Services & Links

The Service may link to third‑party sites or integrate third‑party services. Their privacy practices are governed by their own policies; we are not responsible for them.

15) Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will provide notice (e.g., email or in‑app). The "Effective Date" above reflects the latest revision.