Privacy Policy

Last updated: 31 December 2025

1. Introduction

Daily Grace ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and mobile application (the "Service").

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

2. Data Controller

Daily Grace is the data controller responsible for your personal data. For any privacy-related queries, contact us at:

  • Email: support@bibleboost.app

3. Information We Collect

3.1 Information You Provide

  • Account Information: Email address and password when you register
  • Payment Information: Processed securely by Stripe; we do not store card details
  • Journal Entries: Personal reflections you choose to save (Premium feature)
  • Preferences: Theme selections and favourite verses

3.2 Information Collected Automatically

  • Usage Data: Pages viewed, features used, and interaction patterns
  • Device Information: Browser type, operating system, and screen size
  • IP Address: For security and approximate geographic location
  • Cookies: See our Cookie section below

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract: To provide the Service you've signed up for
  • Legitimate Interests: To improve our Service and prevent fraud
  • Consent: For marketing communications (which you can withdraw anytime)
  • Legal Obligation: To comply with applicable laws

5. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions
  • Send important service notifications
  • Personalise your experience with relevant verses
  • Generate devotional content
  • Respond to your enquiries and provide support
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

6. Data Sharing

We share your data only with:

  • Stripe: For secure payment processing (see Stripe's Privacy Policy)
  • Content Generation Services: For generating devotional content (verse text only, no personal data)
  • Audio Services: For text-to-speech audio generation (devotional text only)
  • Hosting Providers: To store and serve the application
  • Legal Authorities: When required by law or to protect our rights

We do not sell your personal data to third parties.

7. International Transfers

Your data may be transferred to and processed in countries outside the UK and EEA, including the United States (for content generation services). We ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the ICO
  • Adequacy decisions where applicable

8. Data Retention

We retain your data for as long as necessary to provide the Service:

  • Account Data: Until you delete your account
  • Journal Entries: Until you delete them or your account
  • Payment Records: 7 years for legal and tax purposes
  • Usage Logs: 12 months

When you delete your account, we remove your personal data within 30 days, except where retention is required by law.

9. Cookies

We use cookies and similar technologies to enhance your experience:

9.1 Essential Cookies

Required for the Service to function. These cannot be disabled.

  • Session Cookie: Keeps you logged in
  • CSRF Token: Protects against cross-site attacks

9.2 Preference Cookies

Remember your settings and choices.

  • Theme Preferences: Your selected verse themes
  • Cookie Consent: Your cookie preferences

9.3 Managing Cookies

You can control cookies through:

  • Our cookie consent banner (Essential Only / Accept All)
  • Your browser settings

Note: Disabling essential cookies may prevent the Service from functioning properly.

10. Your Rights (GDPR)

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent

To exercise these rights, email us at support@bibleboost.app. We will respond within 30 days.

11. Data Security

We implement appropriate security measures including:

  • HTTPS encryption for all data in transit
  • Secure password hashing (bcrypt)
  • Regular security updates and monitoring
  • Limited access to personal data on a need-to-know basis

While we strive to protect your data, no method of transmission over the internet is 100% secure.

12. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on the Service
  • Updating the "Last updated" date
  • Sending an email for significant changes

14. Complaints

If you have concerns about how we handle your data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

15. Contact Us

For privacy-related questions or to exercise your rights:

  • Email: support@bibleboost.app

This Privacy Policy was last reviewed and updated on 31 December 2025.