Privacy Policy

1. Information we collect

We collect information you provide and data generated by your use of the Service:

• Account data: name, email address, password (stored hashed), and profile preferences such as spiritual phase, learning style, and date of birth when you complete onboarding.
• Study content: study sessions, log entries, notes (including CRDT sync state), mentorship relationships, and related metadata you create in the app.
• Technical data: session cookies, IP address, browser or device type, and server logs used for security, abuse prevention, and troubleshooting.
• Communications: messages you send us (for example, support or legal inquiries).

We do not sell your personal information. We collect the minimum needed to operate the Service described in our Terms of Service.

2. How we use information

We use personal information to:

• create and manage your account and authenticate you;
• store, sync, and display your study data (including offline note merge via CRDT);
• provide mentorship features you enable (for example, shared step notes with your mentor or mentee);
• improve reliability, security, and product quality;
• comply with law and enforce our Terms.

Study notes are stored on our servers in readable form unless a future end-to-end encryption option is enabled. TLS protects data in transit; database encryption at rest depends on our hosting provider.

3. Artificial intelligence

We may use automated systems, including artificial intelligence and machine learning, to operate, secure, and improve the Service. How AI is used depends on the feature and your role:

• Study experience: End-user study flows use curated platform tables for suggestions and prompts — not large language models generating personalized study content by default.
• Platform administration: Authorized platform administrators may optionally use AI tools to draft or review study plan templates. A human reviews output before it is published; end users do not receive raw AI-generated study material through this path.
• Safety and moderation: As community features such as forums, messaging, or shared attachments are introduced, we may use automated systems — including AI — to help detect abuse, harmful content, policy violations, tone issues, or content inconsistent with our guidelines. Automated checks may flag content for human review; we do not rely on AI alone for enforcement actions that affect your account.

When an AI feature is enabled, relevant text (for example, user-generated content submitted for moderation review, or administrative template drafts) may be processed by AI service providers acting on our behalf. Providers may include self-hosted models or third-party services under contractual obligations. We do not sell personal information to AI providers for their independent model training.

Private study notes are not sent to AI systems without your explicit action where such a feature exists. Self-hosted operators configure their own AI integrations and should disclose those practices to their users separately.

4. Sharing and disclosure

We may share information:

• with mentors or mentees you pair with through invitation-only mentorship features;
• with service providers who process data on our behalf (hosting, email, security) under contractual obligations;
• when required by law, legal process, or to protect rights, safety, and security;
• in connection with a merger, acquisition, or asset sale, subject to this policy.

Church-linked features may expose aggregate participation metrics to authorized church staff where you have linked an account and consented as described in the Service. We do not share individual study notes with church administrators by default.

5. Cookies and sessions

The web app uses HttpOnly session cookies for authentication (Laravel Sanctum). Marketing pages on our public website do not require login. Where reCAPTCHA is enabled, Google may process data according to its policies when you sign in or register.

6. Retention and deletion

We retain account and study data while your account is active. You may request account deletion through the Service or by contacting us. When you delete your account, private study data is removed; shared mentorship content may be retained in anonymized form as described in our product documentation. Backups may persist for a limited period before rotation.

7. Security

We use industry-standard measures to protect the Service, including access controls and encrypted transport. No method of transmission or storage is completely secure; you are responsible for keeping your credentials confidential.

8. Children

The Service is intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us data, contact us and we will take appropriate steps to delete it.

9. Your rights

Depending on where you live, you may have rights to access, correct, delete, or export personal information, or to object to certain processing. Contact us to exercise these rights. We may verify your identity before responding.

10. International users

We may process and store information in the United States and other countries where we or our providers operate. By using the Service, you consent to transfer and processing in those locations, subject to applicable law.

11. Open source software

Garrison Bible Study is open source under AGPL-3.0. Source code is available at https://gitlab.com/ChurchTechHelp/garrison. Self-hosting under AGPL does not change your responsibilities as an operator toward your users’ data; you must provide your own privacy notice and comply with applicable law.

12. Changes

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the “Last updated” date. Material changes may be notified through the Service or by email where appropriate.

13. Contact

Privacy questions: [email protected].