Privacy Policy

This Privacy Policy describes how SEER (“we,” “us,” or “SEER”) collects, uses, and shares information when you use the SEER mobile application, the seerscriptures.com website, and related services (together, the “Services”). Read it carefully. By using the Services you agree to the practices described here.

SEER is operated by Jordan Bales as a sole proprietor in Utah, USA. Jordan Bales is the data controller for the Services for purposes of GDPR, CCPA, and equivalent privacy laws. Contact details are at the bottom of this page.

1. Information we collect

a. Information you give us

• Account information — email address, display name, and password (stored hashed) when you create an account.
• Profile content — optional profile photo you choose to upload, and birthday if you choose to generate an Oraqel Code.
• Study annotations — bookmarks, highlights, notes, tags, and reading progress you save in the app.
• Community content — posts, comments, and messages you submit to SEER Circle (when applicable).
• AI queries — text you submit to ABEL, our AI research assistant.
• Voice input — when you use voice features (voice journal, dictated notes, and Patriarchal Blessing transcription), the app records audio and transmits it to our Cloudflare Worker, which processes it with Cloudflare Workers AI (Whisper model) to produce a text transcript. Audio is processed in transit and is not retained by SEER or Cloudflare Workers AI after transcription. The resulting text is returned to your device only and is not included in any analytics pipeline.
• Support correspondence — messages you send us at privacy@seerscriptures.com.

b. Information collected automatically

• Device and log data — IP address, device type, operating system, app version, timestamps, and a per-device identifier. The device identifier is used for Text-to-Speech request routing, rate limiting, and worker-side security checks. Used for security, abuse prevention, and basic operations. We do not build advertising profiles from this data.
• Crash and diagnostic data — crash reports, error events, and diagnostic context (stack traces, device context, app version) are automatically captured by Sentry when errors occur. When you are signed in, these reports include your account identifier so we can investigate account-specific issues. Request bodies are stripped before transmission so scripture text and ABEL queries are not included in error reports.
• Subscription tier limits — counts (e.g. how many ABEL queries you have run this week) used solely to enforce your tier.
• Product-improvement events — a fixed allowlist of in-app actions including: app opens; screen views; ABEL queries and per-query operational diagnostics (model used, response time, cache status); ABEL answer engagement signals (scrolled to end, copied, shared, 30-second dwell); follow-up queries; concept-search invocations; bookmarking or refining an ABEL answer; study guide opens and completions; spending five or more minutes on a chapter; chapter listening completions; manual sync and export completions; library reorder and pin actions; and Gospel Library import start/completion. These events drive a self-improving loop that helps us keep the doctrinal direction of the app aligned with how the community actually studies. What ships with each event: the event name (from a fixed allowlist), a salted, irreversible hash of your user identifier, your subscription tier, and a structured payload that includes the text of your ABEL questions (so we can see what the community is asking and refine the doctrinal direction of answers over time). What never ships:the text of ABEL’s generated answers, your private notes, your highlights, or scripture content you have selected for personal study. The salt that produces the hash is held only on our server and is never written to the analytics store, so the stored identifier cannot be reversed back to your account even with full administrative access. Events are written to Cloudflare Analytics Engine, an append-only time-series store, and retained for 90 days, after which they are automatically deleted. Because the store is append-only and pseudonymized at write time, individual events cannot be retrieved, modified, or deleted on a per-user basis once written — they exist only as statistical signal. These events are never shared with advertisers, data brokers, or third parties for their own purposes.
• Session recordings — we enable session recording via PostHog with a default sample rate of zero (no recording during normal use). Recordings are triggered automatically when your session encounters an error, capturing the interaction context leading up to that error so we can diagnose the issue. Text input fields are masked in all recordings. Recordings are processed by PostHog Inc., used solely for product improvement, retained for up to one year, and never used for advertising or cross-app tracking.

We do not use third-party advertising trackers, data brokers, fingerprinting SDKs, or analytics platforms that follow you across other apps and sites. We collect data linked to your account identity for product improvement only — never for advertising, never sold, never shared with third parties for their own purposes. PostHog Inc. acts as our data processor for the behavioral analytics and session recordings described above. Anthropic, Supabase, Cloudflare, Sentry, Voyage AI, ElevenLabs, RevenueCat, Resend, and Expo similarly act as data processors — they handle data on our behalf under contract, and are bound from using it for their own commercial purposes. The doctrinal-alignment flywheel described above is separate from the PostHog pipeline and runs on our own infrastructure.

c. Subscription and purchase data

In-app purchases and subscriptions made on iOS are processed by Apple through the App Store’s In-App Purchase system, and Apple is the merchant of record for those transactions. Purchases made on the web (at seerscriptures.com) are processed through RevenueCat Web Billing, with Stripe, Inc. acting as the payment processor. In either case we do not collect, store, or have access to your payment card information, billing address, or any other financial data — card data is handled solely by Apple or Stripe. We use RevenueCat to manage subscription status and entitlements across both surfaces; RevenueCat receives an anonymized user identifier and the purchase receipt (from Apple) or transaction identifier (from Stripe) — never payment card information. Subscription status (active tier, expiration) is the only billing-related data we receive.

d. Sensitive information (religious beliefs)

SEER’s content reflects religious affiliation and study, which constitutes sensitive personal information under certain laws (including GDPR Article 9 and CCPA “sensitive personal information”). We process this data solely to provide the Services. We do not sell, rent, share, or use this data to infer characteristics about you, and we do not disclose it for direct marketing.

2. How we use your information

• Provide, maintain, and improve the Services.
• Authenticate you and sync your study annotations across your devices.
• Generate AI responses through ABEL using the Anthropic Claude API.
• Process subscriptions, enforce tier limits, and prevent abuse.
• Send transactional email (account verification, password reset, receipts).
• Send optional product updates if you opt in. You can unsubscribe at any time.
• Comply with legal obligations and respond to lawful requests.

3. ABEL Scripture Intelligence (AI processing)

Questions you submit to ABEL are transmitted to our Cloudflare Worker and forwarded to Anthropic for inference. Per Anthropic’s commercial terms, your prompts are not used to train Anthropic’s models. Prompts are retained by Anthropic only as needed to respond to your query and are not used for model training.

Separately, SEER records a copy of each ABEL question (up to the full text) in our analytics pipeline — Cloudflare Analytics Engine, an append-only time-series store — alongside a one-way salt-hashed identifier derived from your account ID. The salt lives only on our Cloudflare Worker; without it the stored hash cannot be linked back to your identity even with full administrative access. Events are retained for 90 days, then automatically deleted. This data helps us measure doctrinal alignment and improve ABEL’s responses. Because the store is append-only and pseudonymized at write time, individual events cannot be retrieved or deleted on a per-user basis once written — they exist only as statistical signal. Your account, profile, study annotations, and other personal data are deleted on request as described in Section 5; see also Section 6 for the full retention schedule.

3.1 ABEL Memory (personalized responses)

SEER offers an optional ABEL Memoryfeature that lets ABEL personalize its responses by drawing on your past conversations, your saved notes and highlights, your Oracle Code reading, your Covenant Journal and Dream & Vision records, your Patriarchal Blessing, optional Book of Remembrance entries you mark as shareable, prior ABEL answers you have saved, your stewardship declarations, your personal context, and an optional personal profile (name, birthday, family). Here is how this data is stored and shared:

• Storage. The memory database lives in your app’s sandboxed SQLite storage on your device. Sensitive fields — Book of Remembrance entries, Oracle Code scrolls, profile fields, stewardship declarations, and the content of past ABEL answers — are encrypted at rest using AES-256 with a hardware-backed key (iOS Secure Enclave / Android Keystore). The key never leaves your device.
• Cross-device sync (default: private to your account). When you are signed in, SEER mirrors your vault data — ABEL Memory profile and settings, Oracle Code scrolls, Book of Remembrance entries, journal and dream entries, and Patriarchal Blessing text and ABEL chat history — to our Supabase database so it is available on any device where you sign in to the same account, including the SEER web companion at seerscriptures.com. By default this mirrored data is stored in readable form on Supabase, protected by row-level security (only your account can read or write your rows), TLS in transit, and AES-256 at rest at the infrastructure layer. This means it is private to your account but is technically readable by SEER administrators with database access — the same model used for your notes, highlights, and other synced study data. Your locally stored copy remains AES-256 encrypted on your device. Deleting your account removes all synced vault data from our servers as described in Section 5.
• Optional end-to-end encryption. If you want these sacred entries to be unreadable even by SEER, you can turn on end-to-end encryption under Account → Sync Mode & Passphrase. When enabled, each entry is encrypted on your device before it is uploaded, using a key derived from a passphrase that only you hold; SEER stores only the encrypted form and never receives your passphrase or your key. This is optional and off by default. Important: because only your passphrase can unlock the data, SEER cannot recover it for you — if you forget your passphrase, the encrypted cloud copy cannot be restored (your on-device copy remains readable on devices you have already unlocked).
• Transit-only. When you ask ABEL a question, the app may include relevant memory snippets in the request as transient query context. These snippets travel to our Cloudflare Worker, are injected into the prompt sent to Anthropic, and are processed under Anthropic’s API privacy terms (no training use). We do not store these snippets, do not log them to our analytics, do not retain them in our worker logs or Sentry diagnostics, and do not cache responses generated with memory context.
• Per-category controls (on by default, opt-out anytime). You control which categories of data ABEL can see in Account → ABEL Memory, and from the Personalize dropdown on the Ask ABEL screen. Every category is ON by default so ABEL is as insightful as possible out of the box, and you can turn any of them off at any time: conversation history, notes & highlights, Oracle Code references, Covenant Journal entries, Dream & Vision records, Patriarchal Blessing context, Book of Remembrance entries (only those you mark shareable), saved ABEL answers, personal profile, stewardship declarations, personal context, and study patterns. Turning a category off immediately stops ABEL from receiving that data in future requests; it does not delete the underlying data from your device.
• Per-entry sharing. Within your Book of Remembrance, each individual entry has its own “share with ABEL” toggle. ABEL only ever sees entries you have explicitly marked shareable.
• Browse, export, delete. In Account → ABEL Memory you can browse your stored memory, export the full database as a JSON file, clear conversation history while preserving other categories, or clear everything. Deletion is immediate and unrecoverable on your device.
• Account deletion. If you delete your SEER account, all synced vault data (ABEL Memory profile, Oracle Code scrolls, Book of Remembrance entries, journal entries, and Patriarchal Blessing text and chat) is permanently deleted from our Supabase database as part of the account deletion cascade described in Section 5. The on-device encrypted copy is removed when you uninstall the app.

The privacy posture above is structurally enforced by our worker code, not just policy. See our DMCA Policy and the worker audit checklist for the technical controls that keep ABEL Memory snippets out of our logs, caches, and analytics pipelines.

3.2 SEER Circle — Direct Messages

SEER Circle includes a direct messaging feature that lets members send private messages to one another. Important: direct messages are currently stored unencrypted on our Supabase (Postgres) database servers. This means direct message content may be readable by SEER administrators with database access, and is subject to all standard Supabase security controls (row-level security, TLS in transit, AES-256 at rest at the infrastructure layer).

Stewards (moderators) may review reported message content when abuse is reported through the in-app reporting flow. We will never proactively read your private messages except as required by law or to investigate a specific abuse report. End-to-end encryption for direct messages is planned for a future release.

4. How we share your information

We do not sell your personal information. We share data only with the following service providers (sub-processors), and only to the extent necessary to operate the Services:

• Apple — processes iOS in-app purchases (merchant of record) and push notification tokens (if enabled).
• Supabase — managed Postgres database and authentication. Stores your account, profile, and study annotations under row-level security (you can only read and write your own rows). Also stores cross-device vault data when you are signed in: ABEL Memory profile and settings, Oracle Code scrolls, Book of Remembrance entries, journal and dream entries, and Patriarchal Blessing text and ABEL conversation history. Only your account can access your rows.
• Cloudflare — hosts the website and the ABEL Worker, stores the product-improvement events described above in Cloudflare Analytics Engine (append-only, 90-day retention), and processes voice input for transcription via Cloudflare Workers AI (Whisper model). Audio submitted for transcription is not retained after the transcription response is returned. Standard server logs include IP and user-agent and are retained briefly for security.
• Anthropic — receives the text of your ABEL queries to generate responses, custom-canon text you submit via the Import feature for document formatting, and Patriarchal Blessing images you upload for text extraction (OCR). Anthropic does not use API submissions to train its models. See anthropic.com/legal/privacy.
• Voyage AI — receives your ABEL question text only (transformed into a numeric vector) for semantic scripture retrieval. Question text is not retained.
• ElevenLabs — receives text you choose to play aloud through Text-to-Speech. This may include verse text, ABEL response excerpts, and Patriarchal Blessing or journal snippets where audio playback is offered. Audio responses are cached locally on your device.
• RevenueCat — manages subscription entitlement state across iOS and web. Receives an anonymized user ID and the Apple receipt or Stripe transaction identifier; never payment card information.
• Stripe — payment processor for purchases made on the web. Stripe handles your card details directly; SEER never receives or stores card data. See stripe.com/privacy.
• Expo / EAS — delivers app updates and push notifications.
• Resend — sends transactional and Daily Verse email. Receives your email address only if you have opted in to email.
• Sentry — automatically receives crash and error diagnostics when errors occur. When you are signed in, reports include your account identifier. Request bodies are stripped before transmission so scripture text and ABEL queries are not included. See sentry.io/privacy.
• PostHog — receives your account identifier and structured in-app interaction events (screen views, button taps, sign-in / sign-out), plus session recordings (taps, scrolls, navigation, and on-screen text during your sessions). Used solely for product improvement. Does not receive scripture content you have selected, your private notes, or your highlights. PostHog acts as our processor and is contractually bound from using your data for its own purposes. See posthog.com/privacy.

We may also disclose information when required by law, to protect rights, safety, or property, or as part of a merger, acquisition, or asset sale (in which case we will notify users in advance).

5. Your privacy rights

Depending on where you live (including the EEA, UK, Switzerland, Canada, and US states with privacy laws — California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia), you may have rights including:

• Access — request a copy of the personal information we hold about you.
• Correction — fix information you believe is inaccurate. You can edit most fields directly in the app.
• Deletion — permanently remove your account and associated data. Use Account → Delete Account inside the SEER app for an immediate in-app delete, or email us. The deletion cascade covers your account, profile, study annotations (bookmarks, highlights, notes, tags, underlines, stars, collections, saved ABEL answers), Circle posts and messages, and all synced vault data (ABEL Memory profile, Oracle Code scrolls, Book of Remembrance entries, journal and dream entries, Patriarchal Blessing text and ABEL chat history). Product-improvement events in Cloudflare Analytics Engine cannot be deleted per-user because the store is append-only and pseudonymized; they auto-expire after 90 days.
• Portability — receive a copy of your data in a portable format. From Account → Sync → “Email My Data” inside the SEER app, you can request a complete export of your highlights, notes, tags, bookmarks, and saved answers, delivered as JSON and Markdown to your account email within ~30 seconds. No fee; limited to once per hour. Vault data (journal entries, Book of Remembrance, Patriarchal Blessing, Oracle Code scrolls) can be exported from their respective screens inside the app.
• Withdraw consent — where we rely on consent to process your data.
• Non-discrimination — for exercising any of these rights.
• Limit use of sensitive information — including religious beliefs, where applicable.

To exercise these rights, see our Privacy Request page or email us directly at privacy@seerscriptures.com. We will verify your identity and respond within 30 days as required by applicable law. EU/UK residents may also complain to their local data protection authority; California residents may submit complaints to the California Attorney General.

6. How long we keep your information

We retain your account, profile, and study data while your account is active and for up to three months after termination, after which it is deleted or anonymized. Product-improvement events (the doctrinal-alignment flywheel) are written to Cloudflare Analytics Engine and retained for 90 days from collection, then automatically deleted. Because that store is append-only and pseudonymized at write time, individual events cannot be retrieved or deleted on a per-user basis. PostHog session recordings are retained for up to one year from collection, after which they are automatically deleted. Backups may persist for a short window beyond that until they cycle. Aggregate, de-identified information may be retained longer for service-improvement purposes. You can request immediate deletion of your account, profile, and study data at any time via the Account → Delete Account button in the SEER app.

7. Security

We use industry-standard safeguards: TLS in transit, hashed passwords, row-level security in the database, hardware-backed secure storage for session tokens on your device, and rate-limited APIs. No system is perfectly secure; we cannot guarantee absolute security but we work hard to protect your data and we will notify you of any material breach affecting your account.

8. Children

The Services are intended for users aged 13 and older. We do not knowingly collect information from children under 13. If you believe a child has provided us information, contact us and we will delete it.

9. Do-Not-Track signals

Most web browsers and some mobile operating systems offer a Do-Not-Track (“DNT”) signal. Because there is no industry standard for honoring DNT signals, we do not currently respond to them. If a uniform standard is adopted, we will update this Policy to reflect our practice.

10. International users

The Services are operated from the United States. If you use them from outside the United States, your information will be transferred to and processed in the United States, which may have different data-protection laws than your home country.

11. Changes to this policy

We will update this Privacy Policy from time to time. The “Effective” date at the top reflects the most recent revision. Material changes will be posted prominently in the app or by email before they take effect.

12. Contact

Questions, comments, or privacy requests? Email privacy@seerscriptures.com or write to:

SEER
656 Eton Ct.
Farmington, UT 84025
United States