Privacy Policy

Our Privacy Commitment: Your Data Stays With You

At SpiritFlow, your privacy is our foundation. Your notes, bookmarks, and reading progress are stored exclusively in your personal iCloud account using Apple's CloudKit - we never store your Bible study data on SpiritFlow servers. Access to your app is protected by Face ID and Touch ID, ensuring only you can access your spiritual journey. This privacy policy explains our security model and what limited data we do collect.

Security Architecture

How SpiritFlow Protects Your Privacy

SpiritFlow uses a privacy-first architecture that keeps your data under your control:

• iCloud Storage: All notes, bookmarks, and reading progress are stored in your personal iCloud account via Apple's CloudKit, not on our servers
• Biometric Protection: Face ID and Touch ID protect access to the app - only you can unlock your Bible study data
• Apple ID Authentication: Your identity is verified through your Apple ID, eliminating the need for separate passwords
• Device Sync: Seamless synchronization across your iPhone, iPad, and Mac via your iCloud account
• Apple Encryption: iCloud provides enterprise-grade encryption for data at rest and in transit

What This Means for You

• Your Data, Your Cloud: Notes, bookmarks, and highlights are stored in YOUR iCloud account, not on SpiritFlow servers
• No Server Access: We have no ability to read, access, or retrieve your Bible study content
• Apple Security: Your data benefits from Apple's industry-leading security practices
• Multi-Device Access: Access your data on any device signed into your Apple ID
• Account Recovery: If you lose access to your Apple ID, use Apple's account recovery process

Important Security Note

Your Bible study data is protected by your Apple ID and biometric authentication. If you lose access to your Apple ID, you'll need to use Apple's account recovery process. SpiritFlow cannot recover your data as we don't store it on our servers.

1. Information We Collect

1.1 Information You Provide

• Apple ID: We use your Apple ID for authentication via iCloud - we don't store your email or password
• Bible Study Content (Stored in iCloud): Your notes, bookmarks, highlights, and reading progress are stored in your personal iCloud account via CloudKit. SpiritFlow servers never receive or store this content
• Preferences: Theme selections, notification settings, and app configurations
• Mood Entries: Optional mood tracking data stored in your iCloud
• Subscription Information: If you subscribe to premium features, payment is processed securely by Apple via StoreKit. RevenueCat helps us manage subscription status. We receive subscription status (active/expired) but never your payment details

1.2 Information Automatically Collected

• Device Information: iOS version, device model (for optimization and support purposes)
• Usage Analytics: App usage patterns, feature interactions (may include anonymized metrics)
• Authentication Tokens: Secure session tokens for maintaining your login

1.3 Information We Do NOT Collect

• Precise location data
• Contacts or photos from your device (unless you explicitly share them)
• Advertising identifiers for ad targeting
• Biometric data (Face ID/Touch ID authentication is handled by iOS, not our servers)

2. How We Use Your Information

• Provide Core Features: Enable Bible reading, note-taking, bookmarks, and reading progress via your iCloud account
• AI Features: Process your questions through AI models to provide verse insights and Bible chat responses
• Improve the App: Analyze anonymized usage patterns and crash reports to improve features and fix bugs
• Send Notifications: Deliver daily verse reminders and app updates (only if you enable notifications)
• Customer Support: Respond to your inquiries and troubleshoot technical issues

3. AI Processing and Third-Party Services

3.1 AI Bible Chat & Verse Insights

SpiritFlow uses AI to provide Bible chat and verse insights:

• Bible Chat: When you ask questions about Scripture, your questions are sent to our secure backend which connects to AI services
• Verse Insights: When you request insights on a verse, the verse reference and context are processed through AI
• AI Processing: All AI requests are processed through our secure Cloudflare Workers backend
• No Personal Data: AI services receive your questions and verse references, not your personal notes or private data

3.2 Important Note About AI Services

Please be aware that when using AI features, your questions may be transmitted to third-party AI providers. While we use secure connections, you should be mindful of what information you include in your AI chat questions.

4. Data Storage and Security

4.1 iCloud-Based Storage

SpiritFlow stores all your Bible study data in your personal iCloud account using Apple's CloudKit:

• Your iCloud, Your Data: All notes, bookmarks, highlights, and reading progress are stored in your private CloudKit container within your iCloud account
• No SpiritFlow Servers: We do not operate database servers that store your Bible study content - your data never touches our infrastructure
• Apple Encryption: iCloud provides encryption for data at rest and in transit
• Multi-Device Sync: Access your data seamlessly across iPhone, iPad, and Mac
• Apple Compliance: iCloud maintains SOC 2 Type II, ISO 27001, and other security certifications

What this means: Your Bible study data is stored with Apple, not with SpiritFlow. We have no access to read, modify, or retrieve your notes and bookmarks.

4.2 Data Security Measures

• Biometric Authentication: Face ID and Touch ID protect access to the app
• Apple ID: Your identity is verified through your Apple ID
• Transport Security: All AI API calls use HTTPS encryption
• Regular Updates: We keep our app and backend workers up-to-date with security patches

4.3 Data Retention

• Active Accounts: Data is retained in your iCloud as long as you use the app
• Deleted Items: When you delete a note or bookmark, it is removed from your iCloud
• App Deletion: Uninstalling the app does not delete your iCloud data - you can manage iCloud storage through iOS Settings
• iCloud Backups: Your data may be included in your iCloud backups, managed through your Apple ID settings

5. Data Sharing and Third Parties

5.1 We Do NOT Sell Your Data

We will never sell your personal information or Bible study content to advertisers or data brokers.

5.2 Third-Party Services We Use

• Apple iCloud/CloudKit: Bible study data storage and sync (see Apple's privacy policy)
• RevenueCat: Subscription management and analytics (see RevenueCat's privacy policy)
• Third-Party AI Services: AI Bible chat and verse insights (processed through secure cloud infrastructure)
• Apple App Store: App distribution and in-app purchases (see Apple's privacy policy)

5.3 Legal Requirements

We may disclose your information if required by law (e.g., court order, subpoena) or to protect our rights, safety, or the safety of others. We will attempt to notify you unless legally prohibited from doing so.

6. Your Privacy Rights

You have the right to:

• Access Your Data: View all your notes, bookmarks, and reading progress within the app
• Export Your Data: Request a copy of all your data in a portable format (contact support)
• Delete Your Data: Delete individual notes/bookmarks or your entire account (Settings > Account > Delete Account)
• Control AI Usage: Choose whether to use AI features that send data to third parties
• Manage Notifications: Control all app notifications through iOS Settings

7. GDPR & CCPA Compliance

7.1 For EU Users (GDPR)

If you are in the European Economic Area, you have rights under GDPR including:

• Right to access your personal data
• Right to data portability (export your data)
• Right to rectification (correct your information)
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to object to automated decision-making

To exercise these rights, contact us at privacy@spiritflow.app.

7.2 For California Users (CCPA)

California residents have the right to:

• Know what personal information is collected and how it's used
• Request deletion of personal information
• Opt-out of data sales (we don't sell data)
• Non-discrimination for exercising CCPA rights

8. Children's Privacy

SpiritFlow is not intended for users under 13 years old. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, please contact us at privacy@spiritflow.app.

9. Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated via email or in-app notification. Continued use of the app after changes indicates your acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or requests regarding your privacy:

• Privacy Inquiries: privacy@spiritflow.app
• General Support: support@spiritflow.app
• Data Protection Officer: Available upon request for GDPR inquiries