Privacy Policy

You can use most of the App without creating an account. If you choose to enable cross-device sync inside Settings, we collect the additional information described under “Optional Account and Cross-Device Sync” below. Subscription status is determined through Apple and, where applicable, third-party paywall tooling described below.

• Subscription and purchase activity: Purchases are processed by Apple. We do not receive your full payment card number. The App may record which subscription product identifiers are active on your device for feature access.
• Device and app interaction (analytics and measurement): The App includes the Meta (Facebook) Software Development Kit, which can collect device and usage-related data and send events to Meta for app analytics and advertising measurement. When Apple’s App Tracking Transparencyframework grants tracking authorization, the App aligns Meta settings so that advertiser identifier collection may be enabled; if you do not grant tracking, advertiser identifier collection is disabled while other SDK features may still operate per Meta’s defaults.
• Purchase-related app events (Meta): When you complete certain App Store purchases inside the App (including auto-renewable subscriptions and any optional one-time purchases such as charitable donations offered in the Support experience), the App may send standard Meta app events (for example, trial start or purchase events with product and currency information) for advertising measurement and analytics.
• Paywall presentation: The App uses Superwall to show subscription paywalls. Superwall may collect identifiers and usage data according to its own privacy policy when you interact with paywalls.
• Feedback you choose to send: If you submit in-app feedback, the App transmits the text you enter, an optional email address if you provide one, a category label, an app name label, and a timestamp to an HTTPS endpoint we control (hosted through an automation service) so we can read and respond to feedback.
• Optional Support tab actions: If you participate in in-app voting or similar interactions offered on the Support tab, the App may send a non-personal identifier for the choice (for example, an organization code), a month label, an app name label, and a timestamp to the same kind of HTTPS automation endpoint for tallying results. If you complete an optional charitable donation through the Support experience, the purchase is processed by Apple as described above.

When you use certain features, the App sends data over encrypted HTTPS connections to service providers so those features can work:

• OpenAI:The App uses OpenAI’s APIs for AI-assisted features (such as verse explanations, short studies, and related guided experiences). The prompts can include the text you are studying or asking about (for example, a verse reference and verse text needed for context), along with instructional text required to produce a safe, on-topic response. If you enter your own OpenAI API key in the App, requests are authenticated with your key and processed under your relationship with OpenAI.
• API.Bible (American Bible Society): The King James Version (KJV) text is loaded from data bundled with the App. For certain other Bible translations, the App calls API.Bible with identifiers such as translation, book, and chapter. Responses may be cached on-device to reduce repeat network requests.
• Apple: In-App Purchases, StoreKit subscription state, App Store services, and the Family Controls / Managed Settings / Device Activity frameworks described above.
• Meta Platforms, Inc.: As described above, through the Facebook SDK and related app events.
• Superwall:Paywall presentation, subscription status coordination, and related analytics as described in Superwall’s documentation and privacy policy.
• Supabase:If you enable cross-device sync, your email address, magic-link sign-in events, and the synced study data described above are stored in our Supabase project (hosted on Amazon Web Services in the United States). Supabase also delivers magic-link sign-in emails on our behalf. See “Optional Account and Cross-Device Sync” above for details.

Each provider processes data under its own terms. Please review their policies:

• OpenAI Privacy Policy
• Apple Privacy Policy
• Meta Privacy Policy
• Superwall Privacy Policy
• API.Bible Privacy Policy
• Supabase Privacy Policy

• Operate the core Scripture First experience: applying and releasing on-device app restrictions through Apple’s Family Controls frameworks based on your reading progress
• Provide Bible text, AI-assisted explanations, and related study tools
• Process and validate subscriptions and paywall access
• Process optional charitable donations made through the Support experience
• Authenticate you, deliver magic-link sign-in emails, and synchronize your study data across devices when you enable cross-device sync
• Measure advertising and subscription performance through Meta’s SDK where enabled
• Improve reliability and understand aggregate usage patterns through vendors’ analytics where applicable
• Respond to feedback you send us
• Comply with law and protect rights and safety

We do not sell or share personal information as those terms are defined under the California Consumer Privacy Act. We instruct service providers as part of operating the App (listed above). We may disclose information if required by law, legal process, or to protect users and the public.

We retain information for as long as it is needed to provide the App and the features you use. Specifically:

• Synced account data. If you enable cross-device sync, we retain your email address and synced study data for as long as your account is active. When you tap Delete account in Settings, your auth identity and all synced study data are promptly removed from our cloud.
• Feedback. Messages you submit through the in-app feedback form are retained for as long as reasonably necessary to respond to and act on the feedback.
• On-device data. Data stored locally on your device (including Family Controls selection tokens) is retained on your device until you delete it inside the App or remove the App.
• Third-party services.Data processed by service providers (such as Apple, Meta, Superwall, OpenAI, API.Bible, and Supabase) is retained per each provider’s own retention policies.

• Network requests to third parties use HTTPS.
• API keys stored for your OpenAI and API.Bible access are stored in the iOS Keychain with device-only accessibility settings intended to keep them off unencrypted backups.
• We rely on Apple’s platform security for device-level protection, including the protections built into Family Controls.

No method of storage or transmission is perfectly secure.

Depending on where you live, privacy laws may give you rights to access, correct, delete, or restrict certain processing of personal information, or to opt out of certain sharing for advertising. Because most study content stays on your device, you can often delete it directly inside the App or by removing the App. For subscription billing history or refunds, use Apple’s account tools.

If you enabled cross-device sync, you can permanently delete your account and all of the synced data we hold about you at any time from inside the App: open Settings > Sync across devices and tap Delete account. This wipes your auth identity and your synced study data from our cloud and from any other devices that sign in afterwards.

To exercise rights that apply to information we hold as a business (for example, feedback you emailed through the App), contact us using the information below. We may need to verify your request as permitted by law.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal information based on the following legal grounds: your consent (for example, when you choose to enable cross-device sync or grant App Tracking Transparency authorization); the performance of our agreement with you (to provide the App and the features you use); our legitimate interests in operating, securing, and improving the App and measuring advertising performance, where those interests are not overridden by your rights; and compliance with legal obligations.

Subject to applicable law, you may have the right to access, correct, delete, restrict, or object to our processing of your personal information, the right to data portability, and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You also have the right to lodge a complaint with your local data protection authority. To exercise these rights, contact us using the information below.

Personal information processed for the App may be transferred to and stored in the United States or other countries where our service providers operate. Where required, we rely on appropriate safeguards for such transfers, including the standard contractual clauses published by relevant authorities.

Scripture First is suitable for general audiences and may also be installed on a child’s device with a parent or guardian configuring it. When the App is used under a child Apple ID, Family Controls authorization is granted through Apple’s Screen Time passcode flow controlled by the parent or guardian. The opaque-token handling described above applies in the same way.

The App is intended for users 13 years of age or older. We do not knowingly collect personal information from children under 13 through the App beyond what the operating system and integrated SDKs may collect in the ordinary course. If you believe a child has provided personal information to us through feedback or another channel, contact us using the information below and we will take appropriate steps to delete it.

If you use the App from outside the United States, your information may be processed in the United States or other countries where service providers operate. Those countries may have different data protection laws than your country.

We may update this Privacy Policy from time to time. We will post the updated policy and revise the “Last updated” date. If changes are material, we may provide additional notice as required by law or through the App.