Privacy Policy

Moreh is operated by Well Applications LLC. This policy explains how we collect, use, and protect your information.

Effective date: May 28, 2026

1. Information We Collect

• Account data: your name, email address, and password (hashed using bcrypt — never stored in plain text) when you create an account.
• Bible notes & highlights: notes, highlights, and annotations you create within the app, stored on our servers so they sync across your devices.
• Chat history: messages you send to Theo, our AI guide. Conversation history is stored to maintain context within a session and may be cleared. We do not use your messages to train AI models.
• Usage analytics: anonymous, non-identifiable data about which screens you visit and features you use (e.g., "Bible screen opened," "study plan started"). This helps us understand how the app is used and improve it. This data is associated with your account ID, not sold, and not shared with advertisers.
• IP address: your IP address is logged by our server infrastructure for security purposes, including rate limiting, abuse prevention, and guest usage tracking. IP addresses are not shared with third parties and are not used for advertising.
• Server logs: standard server logs (request timestamps, endpoints accessed, error events) are retained for up to 90 days for security and debugging purposes.
• Device data: push notification tokens and app preferences (theme, font size, translation, layout) stored to deliver notifications and sync your settings.
• Payment data: handled entirely by Stripe. We store only your Stripe customer ID and subscription status. We never see or store credit card numbers.

2. How We Use Your Information

• To provide, maintain, and improve the Moreh app experience.
• To personalize Theo's responses using your saved notes, study plans, and denomination preference.
• To send optional push notifications (daily verse, plan reminders) — you can disable these at any time in your device settings or the Me tab.
• To send transactional emails (account verification, password reset). We do not send marketing emails without your consent.
• To process subscription payments and manage your Pro access via Stripe.
• To detect and prevent abuse, fraud, and unauthorized access.
• To analyze aggregate, anonymized usage patterns to improve the app.

3. Third-Party Services

We do not sell your personal data. We share data only with the following service providers, and only to the extent necessary to provide the service:

• Stripe — payment processing. Your payment information is governed by Stripe's Privacy Policy.
• Anthropic — AI responses for Theo. When you send a message to Theo, that message (along with relevant context from your notes and study plans) is transmitted to Anthropic's API to generate a response. Anthropic processes this data per their Privacy Policy. Anthropic does not use API inputs and outputs to train their models by default. Your Theo conversations are not permanently stored by Anthropic.
• Resend — transactional email delivery (verification and password reset emails only).
• Railway — cloud hosting for our API server and database. Your data is stored on Railway's infrastructure in the United States.
• Wikimedia Commons — when Theo retrieves an image (map, artifact, manuscript), it is fetched from Wikimedia's public servers. No personal data is sent to Wikimedia.
• API.Bible — Bible translation content. Queries include the selected translation ID; no personal account data is sent.

4. Study Partner Notes and AI Context

If you connect with study partners, your non-private notes may be visible to them within the app. When a connected partner interacts with Theo, your non-private notes may be included in the context sent to the AI to enrich their study — for example, Theo may reference a verse you noted when your partner asks a related question. Theo does not identify you by name in these references unless directly asked, in which case only your first name is shared.

To prevent your notes from being shared or included in AI context, mark them as private before saving. You can manage and remove study partner connections at any time from the Me tab.

5. Data Retention & Deletion

• Account deletion: You may delete your account at any time from Me tab → Delete Account. This immediately and permanently removes your profile, notes, highlights, chat history, study plans, and all associated personal data from our active database.
• Post-deletion: Deleted account data may persist in encrypted database backups for up to 60 days, after which it is permanently purged. We do not restore deleted accounts from backup except in the case of proven unauthorized deletion.
• Inactive accounts: We do not automatically delete inactive accounts. You remain in control of your data until you choose to delete your account.
• Server logs: retained for up to 90 days, then deleted automatically.
• Usage analytics: retained in aggregate form indefinitely; individual records associated with deleted accounts are removed upon account deletion.

6. Children's Privacy (COPPA)

Moreh is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has created an account or provided us with personal information, please contact us immediately at trevor@moreh.app and we will promptly delete that information. This policy is consistent with the Children's Online Privacy Protection Act (COPPA).

7. Security

All data is transmitted over HTTPS/TLS. Passwords are hashed using bcrypt and never stored in plain text. We use industry-standard security practices for our server infrastructure. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law.

8. Tracking and Advertising

Moreh does not track you across third-party apps or websites. We do not use advertising identifiers (IDFA on iOS or GAID on Android), do not serve ads, and do not share data with ad networks or data brokers. The analytics we collect are solely for improving our own app.

9. Your Rights (EEA/UK — GDPR)

If you are located in the European Economic Area or the United Kingdom, you have additional rights under GDPR/UK GDPR, including:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate data.
• Erasure: request deletion of your data (account deletion in-app fulfills this).
• Restriction: request that we limit processing of your data.
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests.

Our lawful basis for processing is performance of contract (providing the service you signed up for) and legitimate interests (security, abuse prevention, service improvement). To exercise any of these rights, email trevor@moreh.app. You also have the right to lodge a complaint with your local data protection authority.

10. Your Rights (California — CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal data we collect, use, disclose, and sell (we do not sell).
• Request deletion of your personal data (via Me tab → Delete Account, or by emailing us).
• Correct inaccurate personal data.
• Opt out of the sale or sharing of personal data — we do not sell or share your data for advertising purposes.
• Limit use of sensitive personal information — we do not use sensitive personal information beyond what is necessary to provide the service.
• Non-discrimination for exercising these rights.

To exercise these rights, contact us at trevor@moreh.app. We will respond within 45 days as required.

11. Changes to This Policy

We may update this policy from time to time. We will notify users of material changes via email or in-app notice at least 14 days before the changes take effect. The "Effective date" at the top of this page always reflects the current version. Continued use after the effective date constitutes acceptance of the updated policy.

12. Contact

Questions or requests? Email us at trevor@moreh.app or visit our support page.