Privacy Policy — Bible & Prayer Companion
Effective Date: 09/05/2026
Last Updated: 09/05/2026
This Privacy Policy explains how DEALROOM AI PTY LTD ("we", "us", "our") collects, uses, and protects your information when you use the Bible & Prayer Companion mobile application (the "App") and any related services (collectively, the "Service"). By using the App, you agree to the practices described in this Policy.
If you do not agree with this Policy, please do not use the App.
1. Who We Are
The data controller responsible for your personal information is:
- DEALROOM AI PTY LTD
- Address: 119 Clara Ave, Truganina, VIC 3029, Australia
- Email: hello@brainwavex.com.au
2. Information We Collect
2.1 Information you provide directly
- Account information: email address, password (stored as a one-way bcrypt hash — we never store plain text passwords), display name, and (optional) denomination preference.
- User content: bookmarks, highlights, notes, reading-plan progress, reading streaks, and questions you submit to the in-app AI assistant.
- Support communications: any message you send us.
2.2 Information collected automatically
- Usage data: chapters read, time spent reading, feature usage events, and crash diagnostics.
- Device & technical data: device model, operating system version, app version, language, time zone, and a randomly generated device identifier used for push-notification routing.
- Subscription data: subscription status, product purchased, and renewal status — provided to us by Apple App Store, Google Play, and our subscription processor RevenueCat. We do not receive your full payment-card details.
2.3 Information we do NOT collect
- We do not collect precise GPS location.
- We do not access your contacts, photos, or microphone unless you explicitly grant permission for a specific feature.
- We do not sell or rent your personal information to anyone.
3. How We Use Your Information
- Provide the Service — authenticate you, sync bookmarks and reading progress across devices, deliver reading plans and AI study tools.
- Personalize your experience — show denomination-aligned content, surface daily reading reminders, track streaks.
- Process subscriptions — verify entitlements via RevenueCat / Apple App Store / Google Play.
- Send notifications you have opted into — daily reading reminders, plan progress alerts. You can disable these at any time in your device settings.
- Improve the App — aggregate usage trends and crash reports to fix bugs and ship better features. Where possible, this data is anonymized.
- Comply with law — respond to legal requests, prevent fraud, and enforce our Terms of Service.
4. Legal Bases for Processing (GDPR / UK GDPR)
If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR:
| Purpose | Legal Basis |
|---|---|
| Operating your account, syncing your data | Performance of a contract (Art. 6(1)(b)) |
| Processing subscriptions | Performance of a contract (Art. 6(1)(b)) |
| Sending essential service emails | Legitimate interest (Art. 6(1)(f)) |
| Sending optional push notifications | Consent (Art. 6(1)(a)) — you can withdraw any time |
| Crash diagnostics & analytics | Legitimate interest in keeping the App stable |
| Complying with law | Legal obligation (Art. 6(1)(c)) |
5. AI Features and Third-Party Processing
Bible & Prayer Companion uses Anthropic's Claude API to generate responses to user questions. When you use AI features, we transmit to Anthropic:
- Your typed question or reflection
- Bible verse text you have selected for context (optional)
- Your selected denomination preference
We do not transmit your name, email address, account identifier, or any device identifier. Conversations are identified to Anthropic only by an ephemeral session ID generated server-side, which cannot be linked to your identity by Anthropic.
Anthropic processes this data under its own privacy policy (https://www.anthropic.com/legal/privacy) and Commercial Terms. Anthropic does not use API inputs or outputs to train its models. Anthropic provides data protection equivalent to that described in this policy.
You may withdraw AI consent at any time in Settings → Privacy & AI. Withdrawing consent disables AI features but does not delete your account.
6. Third-Party Services (Subprocessors)
We share limited data with the following service providers strictly to operate the App. Each is bound by confidentiality and data-protection obligations.
| Provider | Purpose | Data shared | Privacy Policy |
|---|---|---|---|
| Apple App Store | iOS distribution & in-app purchases | Apple-issued purchase tokens | apple.com |
| Google Play | Android distribution & in-app purchases | Google-issued purchase tokens | google.com |
| RevenueCat | Subscription state management | Anonymous app user ID, purchase events | revenuecat.com |
| API.Bible | Scripture text delivery | Verse references requested (no personal data) | scripture.api.bible |
| bible-api.com | Fallback scripture text | Verse references requested (no personal data) | bible-api.com |
| Anthropic (via Emergent LLM) | AI study assistant | Your question text and any verse context you attach | anthropic.com |
| MongoDB Atlas / Hosting | Encrypted data storage | All account data described in Section 2 | mongodb.com |
| Expo / EAS | Push notification delivery | Device push token | expo.dev |
7. International Data Transfers
Your data may be processed in countries other than your own, including the United States. When we transfer personal data out of the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) and equivalent UK / Swiss mechanisms.
8. Data Retention
- Account data is retained for as long as your account is active.
- Bookmarks, notes, reading progress, and AI conversations remain until you delete them or your account.
- Crash & diagnostic logs are retained for up to 90 days.
- Subscription receipts are retained for up to 7 years to meet tax and accounting obligations.
- When you delete your account, we erase or anonymize personal data within 30 days, except where retention is required by law.
9. Data Security
We use industry-standard safeguards including:
- TLS 1.2+ encryption for all data in transit.
- Encryption at rest for the database.
- Bcrypt password hashing (passwords are never stored in plain text).
- JWT-based authentication with short-lived tokens.
- Principle of least privilege for internal access.
- Regular dependency and security patching.
No system is 100% secure. If you suspect your account has been compromised, contact us immediately at hello@brainwavex.com.au.
10. Your Rights
Depending on where you live, you have some or all of the following rights:
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to fix inaccurate information.
- Deletion — ask us to delete your account and personal data ("right to be forgotten").
- Portability — receive your data in a structured, machine-readable format.
- Restriction / Objection — limit or object to certain processing.
- Withdraw consent — for any processing that is based on your consent.
- Lodge a complaint — with your local data-protection authority.
To exercise any of these rights, email hello@brainwavex.com.au. We will respond within 30 days. We do not discriminate against users who exercise their privacy rights.
11. California Residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (as amended by the CPRA):
- Right to know what personal information we collect, use, and disclose.
- Right to delete personal information we collect from you.
- Right to correct inaccurate personal information.
- Right to opt out of the sale or sharing of personal information. We do not sell or share your personal information for cross-context behavioral advertising.
- Right to limit use of sensitive personal information — we do not collect sensitive personal information as defined by the CPRA.
- Right to non-discrimination for exercising any of the above.
Categories of personal information collected in the last 12 months: identifiers, customer records, internet/usage activity, and inferences. To exercise your CCPA rights, email hello@brainwavex.com.au with the subject line "California Privacy Request".
12. Children's Privacy
The App is not directed to children under 13 years of age (or under 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at hello@brainwavex.com.au and we will delete it promptly.
13. Push Notifications
With your permission, we send push notifications for daily reading reminders and plan milestones. You can revoke this permission at any time in your device settings (iOS: Settings → Notifications → Bible & Prayer Companion; Android: Settings → Apps → Bible & Prayer Companion → Notifications).
14. Subscriptions & In-App Purchases
Premium features are offered via auto-renewing subscriptions sold through the Apple App Store and Google Play. Payment is charged to your App Store or Google Play account at confirmation of purchase. Subscriptions automatically renew unless cancelled at least 24 hours before the end of the current period. Manage or cancel any subscription in your device's app store account settings. We do not receive or store your payment-card information.
15. Account Deletion
You can delete your account from within the App: Profile → Account → Delete Account (or by emailing hello@brainwavex.com.au). Deletion is permanent; your bookmarks, notes, and reading history will be erased.
For Apple's App Store account-deletion requirement, this in-app option satisfies guideline 5.1.1(v).
16. Changes to This Policy
We may update this Privacy Policy as our practices evolve or laws change. When we make material changes, we will:
- Update the "Last Updated" date at the top.
- Post a notice in the App.
- For significant changes, request your renewed consent where required by law.
Continued use of the App after an update constitutes acceptance of the revised Policy.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data:
- Email: hello@brainwavex.com.au
- Mailing address: 119 Clara Ave, Truganina, VIC 3029, Australia
- Data Protection Officer (if applicable): hello@brainwavex.com.au