Privacy policy

Bibleeasy is a service that helps adults (parents, catechists, pastors, teachers) adapt biblical passages for children using AI, with personalization by tradition, age range, and narrative style. The data controller is the platform's operator. For any privacy matter, see section 14 (Contact).

We collect only what we need to operate the service. The categories below are the complete list: • Account data — name, email address, language preference, password (hashed; never stored in plaintext). • Authentication data from Sign in with Google — see section 4 for the complete breakdown. • Profile and usage data — religion/tradition selection, age-range presets, generated adaptations, items you save or hide in your library, referral codes you enter or share. • Subscription and billing data — plan, subscription status, credit balance, invoices. Payment card data is handled exclusively by Stripe; we never see or store your full card number. • Technical data — IP address, browser/device user agent, timestamps, language headers, basic logs needed for security, abuse prevention, and debugging. • Communications — messages you send through the contact form or support channels.

We use your personal data only for the following purposes (legal bases under GDPR/LGPD in parentheses): • Provide the service — create your account, authenticate your sessions, generate adaptations, render your library (contract performance). • Send transactional messages — sign-in confirmations, password resets, billing receipts, account deletion confirmations (contract performance). • Process payments — via Stripe, including renewals and pay-as-you-go purchases (contract performance). • Prevent abuse and secure the service — rate limiting, fraud detection, audit logs (legitimate interest). • Comply with law — keep records when required by tax, accounting, or legal obligations (legal obligation). • Improve the product — aggregate, anonymized analytics on usage patterns (legitimate interest). We do not sell your data and we do not use it for behavioral advertising. If we ever introduce a use that requires your separate consent (e.g. marketing emails), we will ask for it explicitly and let you withdraw it at any time.

When you choose to sign in with your Google account, we request the following OAuth scopes: • openid — to obtain a stable Google account identifier (the “sub” claim). • https://www.googleapis.com/auth/userinfo.email — to obtain your verified email address. • https://www.googleapis.com/auth/userinfo.profile — to obtain your display name and profile picture URL. From these scopes we receive and store: your Google account ID (sub), your verified email, your display name, and a reference URL to your Google profile picture. We do not download or rehost the picture; it is loaded directly from Google's servers in your browser. We use this Google user data exclusively to: • Create and authenticate your Bibleeasy account. • Display your name and avatar inside the app's profile menu. • Send transactional emails (sign-in confirmations, password recovery, account deletion confirmations) to the verified email. Google user data obtained through these scopes is never sold, rented, or transferred to third parties for advertising. It is not used to train any AI or machine learning model. It is not used for any purpose other than the ones listed above. You can revoke Bibleeasy's access to your Google account at any time at https://myaccount.google.com/permissions. Revoking access does not delete your Bibleeasy account; to delete the account itself and all related data, follow section 9 (Your rights). Our use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We share data only with service providers that are necessary to operate the platform, and only the minimum needed for each provider to do its job. Each is bound by a data processing agreement and may not use your data for its own purposes: • Cloud hosting and database — to host the application and store your account/adaptation data. • Stripe — to process subscriptions and one-off purchases. Stripe receives your name, email, and billing details; we receive only a customer reference and subscription status. • Email delivery provider — to send transactional emails to the address on file. • Google — when you choose Sign in with Google, authentication is delegated to Google as described in section 4. • LLM providers (Anthropic, OpenAI, Google AI, xAI, Maritaca AI) — when you generate an adaptation, the prompt and the biblical passage you selected are sent to the chosen model provider so it can produce the adapted text. The prompt does not contain your name, email, password, billing data, or Google profile data; it contains only the biblical text and the choices you made (tradition, age range, style). We have contractual commitments with these providers that the content sent is not used to train their models. • Authorities — when required by a valid legal process (court order, subpoena) and only to the extent strictly necessary. We do not sell or rent your personal data to anyone, ever.

We use a small number of strictly necessary cookies and equivalent local storage entries: a session cookie to keep you signed in, a CSRF token, language preference, and an optional referral code. We do not use third-party advertising cookies, tracking pixels, or cross-site behavioral tracking. We do not need a cookie consent banner because we only use cookies essential to the service you requested.

We keep account and adaptation data for as long as your account is active. After you delete your account, personal data is removed within 30 days, except where we are required to keep specific records for longer (e.g. tax invoices, kept for the period required by Brazilian tax law). Aggregate, fully anonymized statistics may be retained indefinitely; they cannot be linked back to you. Technical logs (IP addresses, request logs) are retained for up to 90 days for security and debugging, then deleted or anonymized.

All traffic is encrypted in transit with TLS. Passwords are stored as bcrypt hashes; we never see the plaintext. Production databases are backed up regularly with encrypted snapshots. Access to production systems is limited to a small number of authorized personnel and protected by strong authentication. We will notify affected users and regulators in case of a personal data breach, within the timelines required by applicable law.

Under Brazil's LGPD, the EU/UK GDPR, and applicable U.S. privacy laws (e.g. CCPA/CPRA), you have the right to: • Access — obtain a copy of the personal data we hold about you. • Correction — fix any inaccurate or incomplete data. • Deletion — ask us to delete your account and personal data. • Portability — receive your data in a structured, machine-readable format. • Restriction or objection — limit or object to certain processing activities. • Withdrawal of consent — for any processing based on consent, at any time. • Lodge a complaint — with Brazil's ANPD, your local EU Data Protection Authority, or the relevant U.S. state authority. To exercise any of these rights, write to us through the contact form (section 14). We respond within 15 calendar days for LGPD requests and within the timelines required by GDPR/state law. We may need to verify your identity before acting on a request.

Bibleeasy is intended for adults (18+) who prepare biblical content for children. We do not knowingly collect personal data from children. The adult user selects the age range so the generated text is appropriate; the platform never asks for the child's name, age, or any other identifying information. If you believe a child has provided us personal data, please contact us and we will delete it promptly.

Some of our service providers (cloud hosting, Stripe, email delivery, LLM providers, Google) operate servers outside Brazil and the EU/UK. Where personal data is transferred internationally, we rely on contractual safeguards such as the European Commission's Standard Contractual Clauses or equivalent mechanisms recognized by the LGPD.

We do not use your personal data — including any data obtained through Sign in with Google — to train, fine-tune, or otherwise improve any AI or machine learning model. The LLM providers we send adaptation prompts to are contractually bound not to use those prompts to train their public models. Adaptations you choose to publish in the public library are anonymized (your name is removed) before being shown to other users.

We may update this policy as the product evolves or as the law changes. Material changes will be communicated by email and/or a notice on the platform at least 30 days before they take effect. The “Updated on” date at the top of this page always reflects the latest revision.

Questions, requests, or complaints about this policy should be sent through https://bibleeasy.app/en-US/contact (or https://biblifacil.app/pt-BR/contato in Portuguese). We respond within 48 business hours, and within the legally mandated timelines for formal data-rights requests.