Privacy Policy

Last updated: February 14, 2026

This Privacy Policy explains what information True Religion of Zion ("we", "us") collects when you use the bible.truereligionofzion.com platform, how we use it, how long we keep it, and the choices you have. We do not sell or share your personal information.

Quick links: California (CCPA/CPRA) Rights · EU/UK (GDPR) Rights · Data Retention · Data Security · Your Rights · Contact

Information we collect

  • Account information — if you register, we store your email address, display name, and a securely hashed password.
  • Study data — notes, highlights, quiz scores, flashcard progress, custom precepts, and reading position are saved to your account so we can sync them across devices.
  • Usage analytics— page-view and feature-use events help us understand what is and isn't working. Aggregated and never sold.
  • Device & browser data — standard request logs (IP address, user-agent, timestamp) used for security and rate limiting.
  • Payment data (only if you donate or buy merch) — payment card details are entered directly into our payment processor and merchandise fulfillment partner. We never see or store full card numbers.

How we use it

  • Operate, secure, and improve the platform.
  • Sync your notes and progress across devices.
  • Respond to feedback or support requests you send us.
  • Send transactional emails you specifically opt into (e.g. Daily Verse, password resets, re-engagement when you've been away).

We do not sell your personal data for money. We may use optional, consent-gated third-party analytics and advertising pixels (described under "Cookies & local storage" below) — these load only after you accept non-essential cookies, and you can decline or withdraw consent at any time via the cookie banner.

Cookies & local storage

We use cookies and browser local storage to keep you signed in, remember your reading position, and store your display preferences locally on your device. Specifically:

  • Essential (always on): authentication token, session ID, beta-access marker, dismissed-banner flags.
  • Guest tracking (always on): a first-party cookie named trz_guest_id containing a randomly-generated identifier (no email or name). It is used solely to enforce per-day usage limits (AI messages, flashcards, quiz previews) for anonymous Guest visitors and to persist your 15-day Trial state if you activate one. The cookie is HTTP-only, expires automatically, and is never shared with advertisers or third parties.
  • Functional (always on): display preferences (font size, dark mode, single/two-page layout, search-scope toggles).
  • Analytics (consent-gated; manage via the cookie banner): first-party pageview pings and feature-use events that help us improve the study tools.
  • Marketing & advertising (off unless you opt in): when enabled by us, third-party advertising pixels — such as the Meta (Facebook/Instagram) Pixel, Google Analytics / Google Ads, and the TikTok Pixel — may set cookies to measure campaigns and show you relevant ads. They load ONLY after you accept non-essential cookies, never before.

You can clear cookies and local storage at any time from your browser settings, or change your preference via the cookie banner (we show it again on request).

Third-party services

A small number of optional features use trusted third-party providers for payment processing, merchandise fulfillment, transactional email delivery, and error tracking. These providers receive only the information needed to perform their service and are bound by their own privacy and security commitments. We have contracts that require them to use your data only for the service they provide to us.

Data retention

We keep data for the minimum time needed to provide the Service.

DataRetention
Account, profile, notes, progressUntil you delete your account
Deleted accounts30-day grace, then hard-purged
Server / request logs (IP, user-agent)90 days
Analytics events12 months, then anonymized
Database backups30 days, then expired
Transactional email logs (sends, bounces)12 months

When you delete your account, we begin a 30-day grace window during which a signed-in user cannot log back in but the data is recoverable on request. After 30 days, your data is purged from active systems. Backups containing earlier snapshots roll off naturally within the backup retention window above.

Your rights — everywhere

You can:

  • Access — download a copy of your data anytime from Account → Privacy & Data → Export my data.
  • Correct — edit your profile from Account → Profile.
  • Delete — close your account from Account → Privacy & Data → Delete my account.
  • Object / restrict — email us if you want us to stop a specific processing purpose.
  • Withdraw consent — toggle analytics off via the cookie banner; unsubscribe from non-transactional emails via the footer of any email we send.

We will action access/correction/deletion requests within 30 days (GDPR) or 45 days (CCPA). The self-service buttons are instant.

For California residents (CCPA & CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act as amended by the CPRA.

Categories of personal information we collected in the last 12 months: identifiers (email, IP, device ID), customer records (name, hashed password), internet/network activity (page views, feature use), inferences (study preferences). We do not collect biometric, geolocation (precise), sensitive personal information, or health data.

Purposes: to provide and improve the Service, authenticate sessions, secure the platform from abuse, and deliver transactional emails you opt into.

Sources: directly from you (signup, profile, notes, feedback), automatically from your browser (request logs), and from our payment / fulfillment partners when you donate or order merch.

Disclosures for a business purpose: we share data with service providers under contract (payment processor, fulfillment, transactional email, error monitoring). With your consent, we also share limited online identifiers with advertising/analytics partners (Meta, Google, TikTok) for campaign measurement and advertising; you can withdraw this at any time via the cookie banner.

Sale / sharing of personal information: We do not sell your personal information for money.We may "share" online identifiers (such as cookie or device IDs) for cross-context behavioral advertising through consent-gated third-party pixels (Meta, Google, TikTok). These activate only if you accept non-essential cookies, and you can opt out at any time using the cookie banner or the "Do Not Sell or Share My Personal Information" control below.

Your CCPA rights:Right to Know, Right to Delete, Right to Correct, Right to Opt-Out of Sale/Sharing, Right to Limit use of Sensitive PI (we don't collect any), and Right to Non-Discrimination for exercising any of the above.

To exercise these rights, use the self-service buttons in Account → Privacy & Data or email support@truereligionofzion.com with the subject line "CCPA Request". We may need to verify your identity (matching your account email is usually sufficient). You may designate an authorized agent in writing; the agent must provide written authorization signed by you.

Do Not Sell or Share My Personal Information

For EU, UK, and EEA residents (GDPR / UK GDPR)

If you are in the European Union, European Economic Area, United Kingdom, or Switzerland, the General Data Protection Regulation (and UK GDPR) applies.

Data controller: True Religion of Zion — contact via support@truereligionofzion.com.

Legal bases we rely on:

  • Contract (Art. 6(1)(b)) — to operate your account and deliver the study tools you signed up for.
  • Consent (Art. 6(1)(a)) — for non-essential analytics cookies and for opt-in emails like Daily Verse. You can withdraw consent at any time.
  • Legitimate interests (Art. 6(1)(f)) — to secure the platform from abuse and to debug errors (via a third-party error-monitoring service operating as a sub-processor). Balanced against your right to object.
  • Legal obligation (Art. 6(1)(c)) — to respond to valid requests from authorities and to keep audit records.

Your rights:access, rectification, erasure ("right to be forgotten"), restriction of processing, portability (machine-readable export — use the Export button), objection, withdrawing consent, and the right to lodge a complaint with your local supervisory authority. UK residents can complain to the ICO; EU residents can find their authority on edpb.europa.eu.

International transfers:Our servers and database are hosted in the United States. When you use the Service from outside the US, your data is transferred to and processed in the US. Where required, we rely on the European Commission's Standard Contractual Clauses (SCCs) and equivalent UK transfer mechanisms with our sub-processors.

Children's privacy

The platform is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, email us and we will delete it. Users aged 13–17 should have a parent or guardian's permission before signing up.

Sub-processors (GDPR Art. 28)

We use a small number of service providers to operate the platform. Each receives only the data necessary to perform its function and is bound by a written contract requiring confidentiality and appropriate security measures. We do not authorize any sub-processor to use your data for its own marketing.

FunctionData sharedProcessing location
Database hostingAccount & study dataUnited States
Transactional email deliveryEmail address, display name, message bodyUnited States / EU
Payment processingBilling name, email, tokenized payment instrumentUnited States / EU
Merchandise fulfillmentShipping address, order detailsUnited States
Error monitoringDiagnostic event data (personally identifiable fields scrubbed before send)United States
AI text generationYour prompt text only — no account identifierUnited States

An up-to-date list of the specific sub-processors we engage, including legal names and country of incorporation, is available on request to support@truereligionofzion.com. Where data is transferred outside your country we rely on the European Commission's Standard Contractual Clauses and equivalent UK transfer mechanisms.

Our compliance attestation

  • Access / export requests: self-service, instant (well within GDPR's 30-day window).
  • Delete requests: scheduled immediately, account locked, hard-purge in 30 days (well within CCPA's 45-day window).
  • We do not sell personal information for money.
  • Any third-party advertising / analytics pixels are consent-gated — they load only after you accept non-essential cookies, and you can opt out at any time via the cookie banner.
  • Every data-rights request is timestamped in our internal audit log so we can produce evidence on regulator request.

Security

We use industry-standard security measures to protect your information in transit and at rest, including encrypted connections, access controls, rate limiting, and ongoing monitoring. We follow recognized best practices for password handling and account protection. No online service can be guaranteed to be 100% secure; we maintain incident-response procedures and will notify affected users without undue delay if we ever discover a breach involving their personal data.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via the site banner and (where required) by email. The "Last updated" date at the top of this page always reflects the most recent revision.

Data Security

We take the protection of your information seriously and apply industry-standard practices designed to keep your data safe both in transit and at rest. Our security program includes, without limitation:

  • Encrypted connections. All traffic between your device and our servers is encrypted using modern transport-layer protocols.
  • Secure credential handling. Passwords and sensitive identifiers are protected using one-way cryptographic functions; we never store payment card details on our own systems — those are handled exclusively by our certified payment processor.
  • Layered access controls. Administrative actions are gated behind multiple authentication factors and logged for accountability.
  • Continuous monitoring. We maintain automated systems that watch for unusual or unauthorized activity and respond accordingly.
  • Reasonable safeguards against common online threats. We employ widely-recognized defensive practices to mitigate well-known categories of online risk and regularly review our defenses against current standards.
  • Minimization. We collect only the information needed to operate the service and retain it only as long as necessary for the purposes described in this policy.

No method of transmission or storage is 100% secure. While we work hard to protect your information, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us at support@truereligionofzion.com so we can assist immediately.

Your Rights

You may request a copy of the personal information we hold about you, or request its deletion, at any time via your account settings or by contacting us. We will respond to verified requests within a reasonable period as required by applicable law.

We retain account data only as long as needed to operate the service. If you revert to free Guest tier, your saved cards and progress are preserved (not deleted) for up to 12 months from your last sign-in, after which they may be purged. You may also request immediate deletion at any time.

Contact

Questions about this policy or a data request? Email support@truereligionofzion.com.

We use cookies to keep you signed in, remember your preferences, and learn which study tools help most. We do not sell your data. See our Privacy Policy.