Privacy Policy

01 Overview

Scripturix ("we", "us", "our") is committed to protecting your privacy. This policy describes how we collect, use, store, and share your personal information when you use our Bible study platform across web and mobile devices.

We believe your data belongs to you. We collect only what is necessary to provide the Service, we encrypt your data wherever possible, and we never sell your personal information to third parties.

02 Information We Collect

Account information — When you create an account, we collect your name, email address, and password (hashed, never stored in plain text). If you sign in via Google or Apple, we receive your name and email from the provider; we do not receive or store your third-party password.

User content — Bookmarks, highlights, notes, reading-plan progress, and collections you create within the Service. This data is yours and can be exported or deleted at any time.

Device information — Device name, type, operating system, and app version. Used to manage active sessions, enable cross-device sync, and deliver push notifications.

Usage data — Pages visited, features used, search queries, and interaction patterns. Collected in aggregate to improve the Service. We do not build individual behavioural profiles for advertising.

Payment information — Subscription and purchase transactions are processed by third-party providers (Stripe, Apple App Store, Google Play). We receive confirmation of payment status but do not store credit card numbers or banking details.

03 How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service.
• Sync your bookmarks, highlights, notes, and reading progress across devices.
• Authenticate your identity and secure your account.
• Process subscriptions and manage billing.
• Send transactional emails (account verification, password resets, subscription receipts).
• Detect and prevent fraud, abuse, and security incidents.
• Analyse aggregate usage patterns to guide product development.

04 Data Storage & Security

Your data is stored on secure servers with encryption at rest (AES-256) and in transit (TLS 1.3). User Content is end-to-end encrypted where technically feasible, meaning we cannot read your notes or highlights even on our own servers.

Authentication sessions use HttpOnly, Secure cookies with SameSite protections. Passwords are hashed using bcrypt with per-user salts. We do not store access tokens client-side.

We conduct regular security reviews and follow industry best practices for vulnerability management. No system is perfectly secure; if a breach occurs, we will notify affected users within 72 hours as required by applicable law.

05 Information Sharing

We share your information only in the following circumstances:

• Service providers — Trusted third parties that help us operate the Service (hosting, email delivery, payment processing, analytics). They are contractually bound to use your data only for the services they provide to us.
• Legal requirements — When required by law, legal process, or government request, or to protect the rights, property, or safety of Scripturix, our users, or the public.
• Business transfers — In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.
• With your consent — When you explicitly choose to share content, such as sharing a collection with other users.

06 Cookies & Local Storage

We use a minimal set of cookies and browser storage:

• Session cookie — HttpOnly cookie that authenticates your session. Essential for the Service to function. Cannot be read by JavaScript.
• Remember-me cookie — Optional cookie that stores your email for convenient sign-in. Set only when you select "Remember me".
• Preferences — Theme (light/dark), preferred translation, and reading settings stored in localStorage. These never leave your device.
• Analytics — We may use privacy-respecting analytics (no cross-site tracking, no advertising identifiers). You may opt out at any time.

07 Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request correction of inaccurate or incomplete data.
• Deletion — Request deletion of your account and associated data.
• Export — Download your User Content in a portable format.
• Restriction — Request that we limit processing of your data in certain circumstances.
• Objection — Object to processing based on legitimate interests.

08 Data Retention

We retain your account information and User Content for as long as your account is active. If you delete your account, we permanently erase your data within 30 days, except where retention is required by law (e.g., financial records for tax compliance).

Anonymised, aggregate analytics data that cannot be linked back to you may be retained indefinitely to improve the Service.

09 Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will promptly delete it.

Users aged 13–17 may use the Service with parental or guardian consent, as outlined in our Terms of Service.

10 International Transfers

Your data may be processed in countries other than your own. Where we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms.

11 Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. When we make material changes, we will notify you via email or an in-app notice at least 14 days before they take effect.

The "Effective" date at the top indicates when this policy was last revised. We encourage you to review this policy periodically.