Skip to main content

Legal

Legal Information

Terms and privacy details for Rhema and related services.

Last Updated: March 17, 2026

Privacy Policy

This Privacy Policy explains how Rhema Bible ("Rhema," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use our website, applications, APIs, and related services (the "Services").

Contact us any time at hello@rhemabible.co.

1. Information We Collect

We collect the following categories of personal information:

  • Account and profile data: email, name, phone, avatar URL, and account metadata synchronized through our authentication provider (Clerk).
  • User-generated study data: notes, highlights, bookmarks, collections, reading preferences, reading history, plan progress, and journal entries.
  • Billing data: subscription status and Stripe customer/subscription identifiers. Payment card details are processed by Stripe, our payment processor, and are not stored by Rhema.
  • Technical and device data: IP address, browser/device details, request logs, security events, and diagnostic metadata from infrastructure providers.
  • Browser storage data: essential and functional data stored in local browser storage (for example keys such as `rhema-notes`, `rhema-highlights`, `rhema-reading-prefs`, `rhema-plan-progress-*`) and session storage for temporary workspace state.

2. Sources of Information

  • Directly from you when you create an account or use features.
  • Automatically from your browser, device, and app usage.
  • From service providers that support authentication, billing, hosting, storage, and database infrastructure.

3. How We Use Information

  • Provide and maintain the Services and your account.
  • Authenticate users and secure accounts.
  • Process subscriptions, billing, and account upgrades.
  • Synchronize your study content and preferences across sessions/devices.
  • Respond to support requests and send service communications.
  • Improve functionality, performance, and security.
  • Comply with legal obligations and enforce our terms.
  • Send marketing communications when permitted by law, with unsubscribe options.

4. How We Disclose Information

We may disclose information to trusted service providers that process data on our behalf for business purposes, including:

  • Clerk (authentication and account identity services).
  • Stripe (payment processing).
  • Neon/managed Postgres infrastructure (database hosting).
  • Vercel and Vercel Blob (application hosting and asset storage).
  • Sentry (error monitoring and diagnostics).
  • PostHog (product analytics and session replay).
  • Mailgun (transactional email delivery).
  • Embedded/linked third-party content providers (for example `youtube-nocookie.com`) when you view embedded content.

We may also disclose information when required by law, to protect rights and safety, or as part of a business transfer.

5. Sale/Sharing for Targeted Advertising

We do not sell personal information. We also do not share personal information for cross-context behavioral advertising (targeted advertising) as those terms are defined under applicable U.S. state privacy laws.

6. Cookies and Similar Technologies

We use cookies and browser storage for the following purposes:

  • Authentication (Clerk): session cookies required for sign-in, account security, and session continuity. These are strictly necessary for the Services to function.
  • Analytics (Vercel Analytics): cookieless, anonymous page-view analytics. No personal data is collected and no cookies are set.
  • Performance (Vercel Speed Insights): cookieless performance monitoring to help us improve page load times. No personal data is collected.
  • Error tracking (Sentry): captures diagnostic data when errors occur in production to help us identify and fix bugs. No session recording or user profiling is performed.
  • Product analytics (PostHog): first-party analytics cookies to understand how features are used and improve the product. For logged-in users, session replay is enabled with all form inputs automatically masked. Users are identified by their account ID to connect usage across sessions. We do not share analytics data with advertisers or other third parties.
  • Browser storage (localStorage): for signed-in users, reading preferences and study data are cached locally for faster loading — your data is also stored securely on our servers. For visitors who have not created an account, data is stored only in the browser and may be lost if browser storage is cleared.

We do not use any advertising, marketing, or cross-site tracking cookies.

7. Data Retention and Deletion

We retain personal information for as long as needed to provide the Services, fulfill legal obligations, resolve disputes, and enforce agreements.

If you delete your account, we remove active account/profile records and related user content from primary systems, subject to legal and operational retention requirements. Limited backup copies may persist for a reasonable period (typically up to 90 days) before secure deletion.

8. Security

We use administrative, technical, and organizational safeguards designed to protect personal information. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.

9. Children's Privacy

The Services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information, contact us and we will take appropriate steps.

10. U.S. State Privacy Rights

Depending on your state of residence, you may have rights to:

  • Know/access the personal information we collected about you.
  • Request deletion of personal information.
  • Request correction of inaccurate personal information.
  • Request a portable copy of personal information.
  • Opt out of sale/sharing/targeted advertising (we do not sell/share as stated above).
  • Appeal a denied privacy request.

To submit a privacy request, email hello@rhemabible.co with the subject line "Privacy Request." We may need to verify your identity before processing. We generally respond within timelines required by law.

If your request is denied, you may appeal by replying to our response within 30 days and writing "Privacy Appeal" in the subject line.

11. Do Not Track and Global Privacy Control

Some browsers offer "Do Not Track" signals. There is no uniform standard for these signals, so our Services do not currently respond to Do Not Track requests.

Where required by applicable law, we process recognized Global Privacy Control (GPC) signals as opt-out preference signals. Because we do not sell or share personal information for targeted advertising, GPC does not change our current sale/share practices.

12. International Data Transfers

Rhema is operated from the United States. If you use the Services from outside the United States, your information may be transferred to and processed in the United States and other countries where our service providers operate.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material updates will be reflected by changing the "Last Updated" date and, where required, by additional notice through the Services or account email.

14. Contact Us

For privacy questions or requests, contact hello@rhemabible.co.