← Back to Bible Study Pro

Legal · Binding

Privacy Policy

Version 2.0 · Effective: 1 May 2026 · Reviewed quarterly

Bible Study Pro ("we", "us", "our") is built by The Godchaser Movement, operated by AIONIQS Ltd, a company registered in England and Wales, under the domain bible.godchaserpodcast.com. This Privacy Policy explains what information we collect, how we use it, the legal bases for doing so, and the rights you have. It applies to all users of the Service. By using the Service you agree to the practices described here.

This Policy is designed to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679; the "GDPR"), the UK GDPR and Data Protection Act 2018, the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively the "CCPA/CPRA"), the Brazilian Lei Geral de Proteção de Dados (the "LGPD"), and the transparency obligations of the EU AI Act (Regulation (EU) 2024/1689).

1. Data controller

For the purposes of the GDPR and UK GDPR, the data controller is AIONIQS Ltd, registered in England and Wales. You can reach our privacy team at hello@godchaserpodcast.com.

2. Information we collect

2.1 Account information

When you create an account we collect your email address and a password hash (we never store passwords in plaintext). If you sign in with Google we additionally receive your name, profile picture, and Google account ID, as supplied by Google.

2.2 Subscription information

If you upgrade to a paid plan, our payment processor (Stripe) collects your billing details. We never see or store your full card number — only the last four digits and a Stripe customer ID, used to manage your subscription. Stripe is the controller of your payment-card data; their privacy notice applies to that processing.

2.3 Study data you create

Your journals, prayer requests, prophetic log, study notes, memory verses, study history, and seminary progress are stored privately and associated only with your account. Where you opt into shared features (e.g. Study Together rooms), the relevant messages and prayer requests are stored in our database while the room is active and shared with the participants you invite.

2.4 AI prompts and outputs

When you use AI features we send the relevant prompt (your topic, verse, or question plus the conversation context within that lesson, plus our system prompt / AI Constitution) to Anthropic for processing. We log AI requests and outputs for product quality, safety monitoring, defect investigation, and abuse prevention. We do not include your name, email, or other directly identifying information in the prompt.

2.5 Usage and device information

We collect basic technical information automatically: IP address, browser type, device type, operating system, language preference, and the pages you visit. This is used for security, abuse prevention, accessibility, and product improvement.

2.6 Cookies and similar technologies

We use essential cookies to keep you signed in and to remember your preferences. We do not use advertising cookies. We may use privacy-respecting analytics that do not individually identify you. You can manage cookies via your browser settings; disabling essential cookies will break sign-in.

3. Legal bases for processing (GDPR / UK GDPR)

We process your personal data on the following legal bases:

  • Performance of a contract (Article 6(1)(b) GDPR) — to provide the Service you have signed up for, including AI features, account management, and billing;
  • Legitimate interests (Article 6(1)(f) GDPR) — for security, abuse prevention, defect diagnosis, aggregate product analytics, and AI safety monitoring, where those interests are not overridden by your fundamental rights;
  • Consent (Article 6(1)(a) GDPR) — for any optional processing where we explicitly ask for it (you can withdraw consent at any time);
  • Compliance with a legal obligation (Article 6(1)(c) GDPR) — to retain billing records, respond to lawful requests from authorities, or comply with mandatory rules.

4. How we use your information

  • To provide and personalise the Service (e.g. resuming where you left off, generating studies in your language);
  • To process subscriptions and send transactional emails (sign-up confirmations, password resets, billing receipts);
  • To improve the product — diagnose bugs, measure feature usage in aggregate, and prioritise improvements;
  • To enforce our Terms of Service, the AI Disclaimer, and the AI Guarded Intelligence Constitution; to prevent abuse, fraud, or harm to users;
  • To comply with legal obligations and respond to lawful requests from authorities.

5. Automated decisions and profiling (GDPR Art 22)

We do not subject you to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. The Service produces study material; you make decisions. If we ever introduce a feature that would constitute automated decision-making within the meaning of Article 22 GDPR, we will obtain your explicit consent first and provide the safeguards required by law.

6. AI processing (transparency under EU AI Act Art 50)

AI-generated content in the Service is produced by general-purpose AI models supplied by Anthropic PBC. The output you receive is generated or substantially modified by an AI system. We disclose this on every AI-powered surface and in our AI Disclaimer.

We do not use your private journal entries, prayer requests, prophetic log entries, or notes to train AI models. Prompts that you submit to AI features are processed by Anthropic in line with their commercial API terms and are not, by default, used to train Anthropic's general models.

7. What we never do

  • We never sell your personal information to anyone, ever (no "sale" or "share" within the meaning of CCPA/CPRA);
  • We never use your private journal, prayer requests, prophetic log, or notes to train AI models;
  • We never share your data with advertisers or ad-tech;
  • We never read your private content unless legally compelled or you explicitly request support;
  • We never use your data to make decisions that legally affect you (no Article 22 automated decisions).

8. Sharing with service providers (sub-processors)

We share information only with the third-party processors required to operate the Service. Each acts only on our documented instructions and is bound by data-processing agreements that include the standard contractual clauses where personal data leaves the European Economic Area or the United Kingdom.

  • Supabase — authentication and database hosting;
  • Anthropic PBC — AI generation for studies, devotionals, the agent, and the seminary tutor;
  • Stripe — payment processing for paid subscriptions;
  • Vercel — application hosting and edge delivery;
  • scripture.api.bible — Bible text retrieval for the in-app reader;
  • Resend (or equivalent SMTP) — transactional email delivery;
  • Sentry — error monitoring (configured to scrub personal data from stack traces).

A current list of sub-processors is available on request. We will give notice of any material change in sub-processors before it takes effect.

9. International transfers

Our processors operate data centres in the United States, the European Union, and the United Kingdom. Where personal data is transferred from the EEA or UK to a country without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (2021/914) and, where applicable, the UK International Data Transfer Addendum, supplemented by the safeguards required after Schrems II (encryption in transit and at rest, access controls, transparency, and the right to audit). By using the Service you consent to these transfers.

10. Data retention

Account data is retained while your account is active. If you delete your account we delete your authentication record and all server-stored study-room data within 30 days. Backups are retained for an additional 30 days for disaster recovery and then permanently deleted. Locally-stored data (journal, prayer log, etc.) is deleted whenever you clear your browser storage or sign out from a device.

We retain billing records for the period required by tax and accounting law (typically six years in the UK). We retain abuse-and-security logs for a maximum of 12 months.

11. Your rights

Depending on where you live you have some or all of the following rights, which we honour for all users regardless of jurisdiction:

  • Access — a copy of the personal data we hold about you (GDPR Art 15);
  • Rectification — correction of inaccurate or incomplete data (GDPR Art 16);
  • Erasure — deletion of your account and associated data (GDPR Art 17; "right to be forgotten");
  • Restriction — limit processing in certain circumstances (GDPR Art 18);
  • Portability — export your study data in a machine-readable format (GDPR Art 20);
  • Objection — object to processing based on legitimate interests (GDPR Art 21);
  • No automated decisions — not be subject to solely-automated decision-making (GDPR Art 22);
  • Withdraw consent — at any time, where processing is based on consent;
  • Lodge a complaint — with your local data-protection authority (UK: ICO; EU: your member-state DPA; California: California Privacy Protection Agency);
  • CCPA/CPRA rights (California residents): right to know, right to delete, right to correct, right to opt out of sale or sharing (we do not sell or share), right to limit use of sensitive personal information, right to non-discrimination for exercising rights;
  • LGPD rights (Brazil): rights of confirmation, access, correction, anonymisation, portability, deletion, information about sharing, and revocation of consent.

Email hello@godchaserpodcast.com with any request and we will respond within 30 days (45 days for CCPA, extendable once where necessary). Identity verification may be required.

12. Children

Bible Study Pro is not directed at children under 13 (under 16 in jurisdictions where the digital age of consent under the GDPR is 16). We do not knowingly collect personal information from such children. If you believe a child has registered, contact us and we will delete the account.

13. Security

We use industry-standard practices: passwords are hashed (bcrypt), traffic is encrypted in transit (TLS 1.2+), databases are encrypted at rest, access is role-restricted, and production access is logged. We will notify affected users and the relevant data-protection authority within 72 hours of becoming aware of any confirmed personal- data breach affecting them, in accordance with GDPR Art 33–34.

14. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be announced on the home page and via email at least 14 days before they take effect. Continued use after the effective date constitutes acceptance.

15. Forward-compatible compliance

We commit to monitoring and aligning with, at minimum, the following frameworks as they evolve and to updating this Policy accordingly: GDPR; UK GDPR and DPA 2018; CCPA/CPRA; LGPD; EU AI Act (Regulation (EU) 2024/1689); UK AI policy framework; US Executive Order 14110 on Safe, Secure, and Trustworthy AI; NIST AI Risk Management Framework; Colorado SB 24-205 and equivalent US state AI legislation; and the OECD AI Principles. Where any provision conflicts with a mandatory provision of applicable law, that mandatory provision prevails and the rest of this Policy remains in force.

16. Cookies notice (summary)

We use only essential cookies (sign-in, preference persistence) and privacy-respecting aggregate analytics. We do not use third-party advertising cookies, cross-site trackers, or fingerprinting. You can clear cookies via your browser settings; doing so will sign you out.

17. Contact

For privacy questions, data-subject requests, security reports, or anything else: hello@godchaserpodcast.com.

© 2026 Bible Study Pro · The Godchaser Movement · Operated by AIONIQS Ltd, England and Wales