1. Information Collection and Categories of Data

The Company collects various categories of information from and about users through their interaction with the Service. Such collection is necessary for the performance of our contractual obligations and for our legitimate business interests as further detailed herein.

A. Personally Identifiable Information (PII)

We collect information that identifies, relates to, describes, or is reasonably capable of being associated with a particular individual. This includes, but is not limited to, the following categories provided directly by the User:

• Account Credentials and Identity Data: Full legal name, electronic mail address, telephonic contact information, and affiliation with any ecclesiastical organization or church.
• Authentication and Security Data: Security credentials, including passwords, which are subjected to cryptographic hashing and salting to ensure confidentiality and integrity.
• Subscription and Transactional Data: Details pertaining to the User’s subscription status, including commencement and termination dates, renewal history, and records of services rendered.

B. Non-Personal and Technical Data

Upon access or utilization of the Service, the Company automatically receives and records certain information from the User's device and browser. This data is utilized for system administration, diagnostic purposes, and to ensure the security of the Service:

• Device and Connection Information: Unique device identifiers, hardware model, operating system version, and browser type utilized for Service access.
• Interaction and Usage Metrics: Chronological records of Service access, duration of use, and specific interactions within the application environment.
• Session Management Identifiers: Digital tokens and session-specific data required to maintain a secure and authenticated state during User interaction.

2. Legal Basis for Data Processing

For individuals residing within the European Economic Area (EEA) and the United Kingdom, the Company processes personal data under one or more of the following legal bases as set forth in Article 6 of the GDPR:

• Contractual Necessity: Processing is essential for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (e.g., the provision of scripture services and subscription management).
• Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. This includes security monitoring, fraud prevention, and Service optimization.
• Consent: The data subject has given clear and unambiguous consent for the processing of their personal data for one or more specific purposes.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which the Company is subject under applicable law.

3. Purposes of Processing and Use of Information

The Company utilizes the collected information for specific, explicit, and legitimate purposes as follows:

• Service Provisioning: To deliver the Service, provide scripture content, and facilitate the functional requirements of the application.
• Account Administration: To manage User accounts, verify subscription eligibility, process renewals, and maintain accurate records of service history.
• Identity Verification and Security: To authenticate User identity, prevent unauthorized access, and mitigate risks associated with multi-device concurrent usage in violation of terms.
• Operational Communication: To transmit essential administrative notifications, updates regarding the Privacy Policy or Terms of Service, and responses to User inquiries.
• Compliance and Enforcement: To adhere to statutory and regulatory requirements and to enforce the Company’s contractual rights and terms of use.

4. Data Security and Safeguards

The Company employs an array of technical, administrative, and physical safeguards designed to preserve the confidentiality, integrity, and availability of personal information. These measures are proportional to the sensitivity of the data and include:

• Implementation of industry-standard encryption protocols for the storage of sensitive data elements, including passwords and subscription metadata.
• Deployment of secure server architectures and the enforcement of the principle of least privilege regarding personnel access to data.
• Continuous assessment and monitoring of system logs and infrastructure for potential security vulnerabilities and threats.

Notwithstanding these efforts, the User acknowledges that no electronic transmission or storage method is inherently devoid of risk, and the Company cannot provide an absolute guarantee of security against sophisticated cyber-attacks or unauthorized third-party intervention.

5. Data Retention Policy

Personal data shall be retained only for such duration as is necessary to fulfill the purposes for which it was collected, or as required by applicable legal, regulatory, or accounting mandates. Upon the termination of a User account, the Company may retain certain data for a reasonable period to resolve disputes, prevent fraud, and comply with legal obligations, after which such data shall be securely deleted or anonymized.

6. Cookies, Tracking, and Passive Data Collection

The Service utilizes "cookies" and similar tracking technologies (collectively, "Tracking Technologies") to enhance User experience and gather information regarding Service utilization. These technologies may include first-party cookies and third-party cookies used for:

• Essential Functionality: Maintaining User session state and authentication.
• Preference Management: Remembering User settings and customizations across sessions.
• Analytics and Performance: Collecting aggregated data to analyze traffic patterns and Service performance.

Users may exercise control over Tracking Technologies through browser settings; however, the disablement of such technologies may adversely impact the functionality and availability of the Service.

7. Disclosure and Sharing of Information

The Company does not engage in the sale, lease, or trade of personal data for monetary or other valuable consideration. Disclosure of information is strictly limited to the following circumstances:

• Authorized Service Providers: Engagement with third-party vendors who perform services on our behalf (e.g., hosting, analytics, support), subject to strict confidentiality and data processing agreements.
• Legal and Regulatory Mandates: Disclosure when required by law, subpoena, or order of a court or governmental authority of competent jurisdiction.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, personal data may be transferred as part of the business assets, subject to the recipient's adherence to the terms of this Privacy Policy.

8. Transborder Data Transfers

Personal data collected by the Company may be stored and processed in jurisdictions other than the User's country of residence, including the United States. Such jurisdictions may have data protection laws that differ from those in the User's home country. By utilizing the Service, the User acknowledges and consents to the transfer of information to these jurisdictions.

9. Data Subject Rights (GDPR & CCPA/CPRA)

Pursuant to applicable law, Users may possess certain rights regarding their personal information, subject to statutory limitations and verification procedures:

• Right of Access: The right to obtain confirmation as to whether personal data is being processed and to receive a copy of such data.
• Right to Rectification: The right to request the correction of inaccurate or incomplete personal data.
• Right to Erasure (Right to be Forgotten): The right to request the deletion of personal data under specific circumstances.
• Right to Restrict Processing: The right to request the limitation of data processing activities.
• Right to Data Portability: The right to receive personal data in a structured, commonly used, and machine-readable format.
• Right to Object: The right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to Non-Discrimination: The right not to be subjected to discriminatory treatment for exercising privacy rights under the CCPA/CPRA.

To initiate a request to exercise these rights, the User must contact the Company via the designated communication channels provided in the "Contact Information" section.

10. Protection of Minors

The Service is not directed toward, nor intended for use by, individuals under the age of thirteen (13). The Company does not knowingly solicit or collect personal information from minors. If the Company becomes aware that it has inadvertently collected data from a minor, it will take immediate steps to delete such information from its records.

11. Amendments to the Privacy Policy

The Company reserves the right, at its sole discretion, to modify or update this Privacy Policy at any time. Notice of material changes will be provided by posting the revised policy on the Service and updating the "Last updated" date. Continued use of the Service following such amendments constitutes the User's acceptance of the revised Privacy Policy.

12. Contact Information

For inquiries, complaints, or to exercise data rights, please address correspondence to:

Electronic Mail: support@livingbiblescripture.com