ScriptureRef ("we," "us," "our") believes your trust is sacred. This page explains, in plain English, what data the ScriptureRef website and mobile app collect, why we collect it, who we share it with, and how to reach us. By using ScriptureRef you agree to this policy.
Who this policy covers
This policy applies to:
- The ScriptureRef website at scriptureref.com.
- The ScriptureRef mobile apps for Android and iOS (where they reuse the same web app inside a native shell).
It does not cover websites or services we link to, including Stripe (for support payments) and any future translation, hosting, or analytics partners. Each of those has its own privacy policy.
Data we collect
Information you give us directly
If you choose to create an account, sign in, or subscribe to the newsletter, we collect:
- The email address you provide.
- Optionally, a name you choose to display.
- Your contact message and email if you write to us through the contact form.
Information stored on your device
To remember your reading progress, quiz scores, last-viewed lesson, and app preferences (notifications, haptics, theme), the website and app store a small amount of information directly on your device using browser local storage. The mobile app additionally mirrors this data into the device's secure preferences store so your progress survives reinstalls. None of this is sent to our servers.
Information we do not collect
We do not run advertising, do not embed third-party tracking pixels, and do not sell or rent any personal data to anyone. We do not track your location. We do not request access to your contacts, microphone, or camera.
How we use your data
The limited data we do collect is used only for the purposes you'd expect:
- To save your progress — so you can pick up where you left off.
- To deliver the newsletter — only if you've subscribed.
- To respond to messages — when you contact us.
- To keep the service safe and reliable — basic operational logs (e.g., request error rates) used for troubleshooting and abuse prevention.
Sharing
We do not sell or share your personal data with third parties for marketing or advertising. The only situations in which limited data may be transferred to a third party:
- Hosting and email delivery providers — vendors who help us run the website and deliver the newsletter (e.g., Cloudflare for hosting). They process data only on our instructions.
- Stripe — when you choose to support ScriptureRef through our website's support page, Stripe processes the payment directly on its own pages. We never see or store card details. Stripe's privacy policy at stripe.com/privacy applies to that flow.
- Legal compliance — if required by law or a valid legal process (e.g., a subpoena), in which case we will share only what is strictly required.
Cookies and local storage
ScriptureRef uses minimal browser storage and does not use third-party advertising cookies. Specifically:
- Local storage on your device, to remember your reading progress, quiz scores, and app preferences. You can clear it anytime from Settings → Reset progress, or by clearing your browser's site data.
- A service worker cache on the website, to make the site usable offline. The cache contains only public site assets, no personal data.
- Strictly-necessary cookies set by our hosting provider for security and abuse prevention (e.g., bot challenges).
If we add basic, privacy-respecting analytics in the future to help us improve the site, we will update this page first and disclose what we collect.
Children's privacy
ScriptureRef is intended for ages 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.
Your rights and choices
- Access, correction, deletion — write to us through the contact page and we will respond promptly. Any data stored only on your device can be cleared from Settings → Reset progress in the app, or by clearing site data in your browser.
- Newsletter opt-out — every newsletter email contains a one-click unsubscribe link.
- Notifications — daily reminders in the mobile app are off by default and can be turned on or off anytime in Settings → Daily reminders.
- California, EU/UK residents — you have additional rights under the CCPA/CPRA and GDPR/UK GDPR (access, rectification, erasure, portability, restriction, objection). Contact us to exercise any of them.
Security
Connections to ScriptureRef are encrypted in transit using HTTPS. Account passwords (when introduced) are hashed using industry-standard algorithms. We restrict internal access to data on a need-to-know basis. No system is perfectly secure, but we work prayerfully and carefully to protect what you entrust to us.
International transfers
Our service runs on global edge infrastructure, which means your data may be processed in regions outside your country of residence. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for these transfers.
Updates to this policy
We may update this policy occasionally — for example, when we add a new feature or work with a new vendor. Material changes will be posted here with a revised "Last updated" date at the top. For significant changes that affect how we use existing data, we will give reasonable advance notice on the website and, where appropriate, by email.
Contact us
Questions about your data, this policy, or anything else? Write us anytime through the contact page. We read every message.
You can also revisit this page anytime at scriptureref.com/privacy.html.