Privacy Policy
In accordance with the GDPR (Regulation 2016/679) and German BDSG.
1. Data controller
Details are listed in the Impressum. Impressum →
2. Data we collect
- Authentication data: email and name via Google OAuth when you sign in.
- Technical data: IP address, country (from IP), device type, User-Agent — for rate-limiting and abuse prevention.
- Usage: search queries, viewed verses, saved parallels (when signed in).
- Cookies: technical only (NextAuth session, language preference, visitor ID). No third-party cookies are set without your consent.
3. Legal basis
Processing is based on Art. 6(1)(b) GDPR (service performance) and Art. 6(1)(f) GDPR (legitimate interests — security, abuse prevention). Authentication is based on your consent under Art. 6(1)(a) GDPR.
4. Recipients
- Vercel Inc. (USA) — application hosting.
- Supabase Inc. (USA, EU regions) — database.
- Google LLC — OAuth sign-in.
- Anthropic / OpenAI — processing query text for AI analysis.
Transfers to the USA are based on Standard Contractual Clauses (SCC) and the EU-US Data Privacy Framework.
5. Retention period
Authentication data — until account deletion. Technical logs — 30 days. Saved parallels — until you delete them.
6. Your rights
Under GDPR you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21). To exercise — write to velovoriesdeepbible@gmail.com.
You also have the right to lodge a complaint with a supervisory authority — for Germany this is the BfDI or your state DSB.
7. Changes
We may update this policy. Material changes will be marked by the date below.
Last updated: 2026-05