Who we are

Acts Bible is operated by Stoney DeVille (stoney@stoneytech.net). If you have any questions about this policy or your data, that's the address to write to — you will reach the human who operates the service.

What we collect, and why

Account data (signed-in users only)

When you sign in with Google, Apple, Microsoft, GitHub, or email/password, your Firebase account provides us with:

• Email address — used to identify your account, send the weekly newsletter if you opted in, and recover your account.
• Display name — used to attribute your contributions (bookmarks, notes, apologetics case authorship).
• Photo URL — used only as your avatar in the UI.
• Firebase UID — a random opaque identifier linking your contributions to your account.

If you choose to add optional profile info (church name, etc.), that is also stored with your user record.

Content you create

Bookmarks, notes, study history, apologetics cases, votes, and any other contributions are stored under your UID. Deacon and admin actions (reviews, approvals) are written to an audit log for transparency.

Usage data

Like any web service, we see IP addresses and basic request metadata in server logs for rate limiting, fraud prevention, and cost attribution of LLM-backed features. We do not fingerprint browsers or sell analytics data.

Weekly newsletter

Acts Bible publishes a weekly debate article every Friday. Newsletter subscription is strictly opt-in — the signup-flow checkbox is unchecked by default, and we only add you to the list if you affirmatively tick it (or toggle it on later in Settings). This satisfies GDPR Article 7's affirmative-consent requirement and US CAN-SPAM's no-bait rules.

Data shared with Substack (our newsletter processor)

The weekly is delivered through Substack, a third-party newsletter platform. When you subscribe, we share the following with Substack as needed to deliver the email:

• Your email address.
• Your display name (for personalization).

We do not share your Firebase UID, content you've created, or usage history with Substack. Their privacy policy is at substack.com/privacy.

Unsubscribing

You can unsubscribe any time from Settings (in the profile drawer), or via the one-click unsubscribe link in every newsletter email. A toggle-off preserves your account — it only changes whether you receive the weekly. The audit log keeps a record of both your subscribe and unsubscribe actions so we can prove consent was obtained and respected.

Your GDPR + CCPA rights

If you're a signed-in user, you can exercise the following rights directly from the app:

• Right of access (GDPR Article 15): download a complete JSON archive of every piece of data tied to your account. Call the export_my_data MCP tool, or use the "Export my data" button in Settings (coming soon). Rate limited to 1 export per 24 hours.
• Right to erasure (GDPR Article 17): permanently delete your account and cascade-anonymize every downstream trace. Call the request_account_deletion MCP tool, or use the "Delete my account" button in Settings (coming soon). The action is irreversible — we keep a hashed tombstone to enforce rate limits on re-entry, but no other record of your identity survives.
• Right to rectification: update your display name, church name, and email at any time in Settings.
• Right to withdraw consent: toggle off the weekly newsletter at any time in Settings. Past consent states remain in the audit log (so we can prove consent was valid at the time); future sends respect the current toggle.
• Right to data portability: the JSON archive from Article 15 above is a machine-readable export you can feed into any other service.

For any rights request we can't surface in-app — or to ask questions about how we handle your data — write to stoney@stoneytech.net.

How we store and protect your data

• All data is stored in Google Firebase / Firestore (us-central1), encrypted at rest and in transit.
• Authentication is handled by Firebase Auth — we never see your password.
• Payments (if you support the project) are handled by Stripe — we never see your card details.
• Admin access is restricted by Firebase custom claims and a Firestore-backed allow-list; every destructive action is audit-logged.

Cookies & local storage

Acts Bible uses only essential cookies + local storage — mostly Firebase Auth session tokens and your display-preference cache (tabs open, last verse viewed, etc.). We do not use advertising cookies or third-party trackers.

Children

Acts Bible is not directed at children under 13. If you become aware that a child has signed up, please contact stoney@stoneytech.net and we'll delete the account.

Changes to this policy

If we materially change this policy, we'll notify signed-in users via the app. This page always shows the current effective version; the "Last updated" date below tracks the most recent revision.