Privacy Policy
Last updated: April 4, 2026
We collect your email, age range, country, topic preferences, and how you interact with verses. We use this to personalize your experience and generate anonymized, aggregated insights reports that we sell to churches and faith-based organizations. Your individual data is never sold or shared. Church partners only see their own congregation's data. No cookies, no third-party trackers. You can delete your account anytime by emailing us.
1. Who We Are
HolyTL;DR is operated by Berry App Labs ("we," "us," or "our"). We are committed to protecting your privacy and being transparent about how we handle your data.
For privacy-related questions, contact us at hello@holytldr.com.
2. Data We Collect
We collect the following information when you use HolyTL;DR:
| Data Type | How Collected | Purpose |
|---|---|---|
| Email address | Supabase magic link sign-up | Account authentication |
| Age range | Onboarding selection | Content personalization, compliance |
| Country / locale | Onboarding + browser detection | Language, regional content |
| Selected topics | Onboarding (37 options) | Verse personalization |
| Verse reactions | Hit/miss feedback on verses | Improve recommendations |
| Bookmarks | Saved verses | Personal verse library |
| Mood logs | Vibe Check feature | Personalization, wellness tracking |
| Push notification tokens | Browser permission grant | Daily verse delivery |
| Streak data | Daily app opens | Engagement tracking |
| Referral codes | Referral link usage | Referral rewards |
| Poll responses | In-app polls | Community insights |
3. How We Use Your Data
3.1 Personalization
We use your topic selections, reactions, mood logs, and engagement patterns to personalize the daily verses you receive. The more you use the app, the more relevant your verses become.
3.2 Anonymized, Aggregated Insights
We generate aggregated, anonymized reports based on user data — such as trending topics, reaction rates, and engagement patterns — and sell these reports to churches, publishers, and faith-based organizations. These reports contain statistical trends only. Individual user records are never included in these reports.
For example, a report might show that "42% of users aged 18-24 selected 'anxiety' as a topic" but would never identify any specific user.
3.3 Church White-Label Data Isolation
Churches that use our white-label program can view aggregated data for only their own congregation's members. This data is logically isolated and is never combined with public aggregate reports or shared with other organizations.
3.4 Internal Promotions
Free-tier users may see promotional content for FamilyStori, another Berry App Labs product. This is not a third-party advertisement. No data is shared with FamilyStori unless you explicitly create an account there.
4. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your data under the following legal bases:
- Consent: You provide consent when you create an account and select your preferences during onboarding. You may withdraw consent at any time.
- Legitimate interest: We have a legitimate interest in generating anonymized, aggregated insights to improve our service and sustain our business, provided this does not override your fundamental rights.
- Contract performance: Processing necessary to provide the service you signed up for (delivering personalized verses, managing your account).
5. Your Rights
5.1 GDPR Rights (EU/EEA/UK)
You have the right to:
- Access: Request a copy of all personal data we hold about you.
- Rectification: Correct any inaccurate data.
- Erasure: Request deletion of your account and all associated data.
- Data portability: Receive your data in a structured, machine-readable format.
- Restriction: Request we limit processing of your data.
- Objection: Object to processing based on legitimate interest.
- Withdraw consent: Withdraw consent at any time without affecting prior processing.
To exercise any of these rights, email hello@holytldr.com. We will respond within 30 days.
5.2 CCPA Rights (California)
If you are a California resident, you have the right to:
- Know: Request what personal information we collect, use, and disclose.
- Delete: Request deletion of your personal information.
- Opt-out of sale: Direct us not to "sell" your personal information.
- Non-discrimination: We will not discriminate against you for exercising any of these rights.
Regarding the "sale" of personal information: Under the CCPA's broad definition of "sale," our practice of providing anonymized, aggregated insights reports to third-party organizations may qualify as a "sale" of personal information. While these reports do not contain individual-level data, we want to be fully transparent. You may opt out of having your data included in these aggregated reports by emailing hello@holytldr.com with the subject line "CCPA Opt-Out."
6. Children's Privacy (COPPA)
HolyTL;DR is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will promptly delete that information. If you believe a child under 13 has provided us with personal data, please contact us at hello@holytldr.com.
7. Data Retention
- Verse history and reactions: Retained for 1 year from the date of interaction, then automatically deleted.
- Account data (email, preferences, bookmarks): Retained until you delete your account.
- Aggregated data: Once data is anonymized and aggregated, it is no longer personal data and may be retained indefinitely.
- Push tokens: Deleted when you revoke notification permission or delete your account.
8. Data Processors & Third Parties
We use the following third-party services to operate HolyTL;DR:
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication | US-East |
| Vercel | Web hosting, edge functions | Global CDN (US origin) |
| Anthropic | AI-powered verse translation | United States |
| Stripe | Payment processing (Premium) | United States |
| Web Push (browser-native) | Push notifications | Varies by browser vendor |
Each processor is bound by their own privacy policies and data processing agreements. We do not share your individual data with any other third parties.
9. International Data Transfers
Your data is stored on Supabase servers in the United States (US-East region). If you access HolyTL;DR from outside the United States, your data will be transferred internationally to our US-based infrastructure. For EEA/UK users, this transfer is necessary for contract performance and is conducted with appropriate safeguards.
10. Cookies & Local Storage
HolyTL;DR does not use cookies. We use browser localStorage to store preferences, cached data, and session information. For full details, see our Cookie & Storage Policy.
We do not use Google Analytics, Facebook Pixel, or any third-party tracking technologies.
11. Data Security
We implement industry-standard security measures including encrypted data transmission (HTTPS/TLS), secure authentication via magic links (no passwords stored), and access controls on our infrastructure. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via an in-app notice. Your continued use of HolyTL;DR after changes are posted constitutes acceptance of the updated policy.
13. Contact Us
For any privacy-related questions, data requests, or concerns:
Berry App Labs
Email: hello@holytldr.com
Subject line: "Privacy Request"
For GDPR inquiries, this email also serves as our Data Protection Officer contact.