Privacy Policy
Last updated: March 9, 2026
Family Bible Study ("we," "us," or "our") operates the website at familybiblestudy.liveand related services (the "Service"). This Privacy Policy explains how we collect, use, and protect your personal information.
1. Information We Collect
Account Information
When you create an account we collect your name, email address, and password (stored as a one-way hash). You may optionally provide a phone number, profile photo, testimony, beliefs, and a favorite Bible verse.
Phone Number & SMS
If you choose to enable SMS notifications or use phone-based sign-in, we collect your phone number. We send text messages through Twilio Inc.for verification codes and optional study reminders. By providing your phone number and opting in to SMS, you consent to receiving text messages from Family Bible Study. Message and data rates may apply. You may receive up to 10 messages per week depending on your family's study activity. Reply STOP at any time to opt out, or HELP for assistance.
Usage Data
We collect basic server logs (timestamps, request paths) to maintain and improve the Service. We do not use third-party analytics or advertising trackers.
Content You Create
Testimonies, beliefs, prayer requests, study notes, poll responses, and topics you submit are stored on our servers and shared with members of your family group(s).
2. How We Use Your Information
- To provide and operate the Service (authentication, family groups, study sessions)
- To send transactional emails (verification codes, password resets, weekly digests)
- To send SMS notifications you have opted in to (study reminders, voting alerts)
- To improve the Service and fix bugs
- To protect the security of your account (login anomaly detection, rate limiting)
We do not sell, rent, or share your personal information with advertisers or data brokers.
3. Legal Basis for Processing (EEA Users)
If you are in the European Economic Area, we process your data under these legal bases:
| Activity | Legal Basis |
|---|---|
| Account registration | Consent (you agree at sign-up) |
| Family features & study sessions | Performance of contract |
| Testimony, beliefs, gospel sharing | Explicit consent (religious data, Article 9) |
| Email notifications | Consent (withdrawable) |
| SMS notifications | Explicit, separate consent |
| Security logging (IP, device) | Legitimate interest |
4. SMS Messaging Terms
- SMS notifications are optional and off by default. You must explicitly opt in through your notification preferences.
- Message frequency varies based on your family's activity (up to 10 messages/week).
- Message and data rates may apply depending on your carrier.
- Reply STOP to any message to unsubscribe immediately.
- Reply HELP for support information.
- Supported carriers include AT&T, Verizon, T-Mobile, and most major US carriers.
- SMS consent is not required for registration or use of the Service.
- We will not share your phone number or SMS opt-in data with third parties for marketing purposes.
5. Third-Party Services
| Provider | Purpose | Data Shared |
|---|---|---|
| Railway | Hosting & database | All application data (encrypted at rest) |
| Cloudflare | CDN, DNS, file storage, captcha | Uploaded files, request metadata |
| Resend | Transactional email | Email addresses, notification content |
| Twilio | SMS & phone verification | Phone numbers, message content |
Each provider maintains their own privacy practices. See Twilio's Privacy Policy for details on SMS data handling.
6. Data Storage & Security
- Passwords are hashed with bcrypt (never stored in plain text)
- All connections use HTTPS/TLS encryption in transit
- Database is hosted on Railway with encrypted volumes
- Authentication uses short-lived JWT access tokens and httpOnly refresh token cookies
- Two-factor authentication (TOTP) available for all accounts
- Rate limiting and account lockout protect against brute-force attacks
- Content Security Policy (CSP) headers prevent cross-site scripting
- Sensitive data is filtered from application logs
7. Data Retention
| Data | Retention Period |
|---|---|
| Active accounts | Retained while account is active |
| Inactive accounts (no login) | Warning at 22 months, deleted at 24 months |
| Deleted accounts | Purged within 24 hours of confirmed deletion |
| Session tokens | 30 days (revoked on logout) |
| Security audit logs | 3–5 years (compliance requirement) |
| Email delivery logs | 90 days |
8. Cookies
We use the following cookies, all of which are strictly necessary for the Service to function:
| Cookie | Purpose | Duration |
|---|---|---|
| Refresh token | Authentication (httpOnly, secure) | 30 days |
| Theme preference | UI customization | Persistent |
| Cookie consent | Record consent preference | 1 year |
We do not use analytics, tracking, or advertising cookies.
9. Your Rights
You may at any time:
- Access your data through your profile and settings pages
- Export a copy of all your data in machine-readable format (JSON) via Settings
- Update your name, email, password, phone number, and preferences
- Delete your account and all associated data via Settings (24-hour grace period to cancel)
- Opt out of SMS by replying STOP or toggling off SMS in notification preferences
- Opt out of email notifications through your email preferences page
Additional Rights for EEA Residents
Under the General Data Protection Regulation (GDPR), you also have the right to:
- Data portability — receive your data in a structured, machine-readable format
- Restriction — request that we limit processing of your data
- Object — object to processing based on legitimate interest
- Lodge a complaint — file a complaint with your local Data Protection Authority
10. Children's Privacy
The Service is not intended for children under 13. We require age confirmation (13+) at registration. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it promptly.
11. International Data Transfers
Our servers are located in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) and vendor compliance certifications to ensure lawful transfers.
12. Changes to This Policy
We may update this policy from time to time. We will notify registered users by email and via in-app notification of any material changes. Continued use of the Service after changes constitutes acceptance.
13. Contact Us
For questions about this policy or to exercise your data rights, email us at support@familybiblestudy.live.