Privacy

Privacy Policy

Plain English first, legal precision underneath. Effective May 20, 2026.

The short version

VerseFlash stores the data needed to run real-time sermon transcription for your account - your sign-in identity, the sessions you create, and the transcripts and scripture detections you choose to save. We don't sell that data, we don't run ad networks, and we don't track you across other apps or websites. The full detail is below.

1. Who we are

VerseFlash is operated by Benlottejnr Apps, a sole-proprietor software studio. For privacy questions or to exercise your rights, write to [email protected].

Servers and data storage are in the United States (see Section 5).

2. What we collect

2.1 Account data

  • Email address - supplied by Google when you sign in. Used to identify your account and send service emails (deletion confirmations, billing notices if you move to a paid tier).
  • Display name - supplied by Google. Shown in your profile inside the app.
  • Google account ID - the standard OAuth subject identifier; the persistent key we use to recognise your account across sessions.

Sign-in is Google OAuth only. We never see your Google password.

2.2 Session data

  • One row per transcription session you start: timestamp, duration, device label, and a count of detected scriptures. Used to meter your monthly usage allowance and surface your session history.
  • Transcripts - only saved when you toggle "Save transcript" on for a session. If the toggle is off, we keep the session duration but discard the transcript when the session ends.
  • Scripture detections - the verse references the LLM matched against your transcript, with confidence scores. Stored alongside the saved transcript when "Save transcript" is on.
  • Preferences - your presenter / cast / display settings (font size, blackout mode, background choice).

2.3 Audio data

  • While a session is active, your microphone audio streams directly from your device to Deepgram (Section 4) for transcription.
  • We do not record or store the audio ourselves. The stream is consumed for transcription and discarded.
  • The resulting transcript text is what we work with - that's what gets saved (if you chose to save it) and what's sent in small windows to Gemini for scripture detection.

2.4 Device data

  • Device label and OS - recorded when a session is started, used in session history so you can tell sessions apart.
  • IP address - seen by our backend server for routine traffic logging and abuse prevention. IPs are not linked to your account in any persistent log we keep.

2.5 What we don't collect

  • We do not run analytics SDKs. No Firebase Analytics, no Google Analytics, no Mixpanel, no event tracking.
  • We do not collect location, contacts, photos, camera, calendar, or health data.
  • We do not use any advertising SDK and we do not show ads.
  • We do not collect crash-report data via Sentry, Bugsnag, Firebase Crashlytics, or similar third-party tools. When the app catches an error, a short technical report (error code, exception details, your app version and platform) is sent to our own backend for diagnostics. No third-party error-reporting service is involved.

3. How we use it

We use the data above for, and only for:

  • Running your account and showing you your own session history.
  • Streaming your microphone audio to Deepgram for transcription, in real time, while a session is active.
  • Sending small windows of the resulting transcript to Gemini for scripture detection.
  • Metering your free monthly transcription allowance and Premium-tier billing.
  • Routine operations: account recovery, fraud prevention, debugging errors that affect a specific account.

We do not sell, rent, or trade your personal data to anyone. We do not share data with advertisers. We do not build profiles for ad targeting.

4. Third parties that process user data

The following services process some portion of your data on our behalf. Each is listed by name, what we send, and a link to their own privacy policy.

  • Google LLC - Google Sign-In (the only auth method) and Google Gemini API (receives short rolling windows of your transcript text to identify KJV scripture references).
    Policy: policies.google.com/privacy.
  • Deepgram, Inc. - real-time speech-to-text. Receives your microphone audio stream while a session is active. Audio is consumed for transcription and discarded per Deepgram's data-retention policy.
    Policy: deepgram.com/privacy.
  • Amazon Web Services, Inc. - primary data store. Your account row, session metadata, and (if you opt in) saved transcripts and scripture detections live in an AWS-hosted Postgres database in the United States.
    Policy: aws.amazon.com/privacy.
  • Cloudflare, Inc. - DNS, TLS termination at the edge, and bot/DDoS protection for verseflash.com, app.verseflash.com, and api.verseflash.com. Sees request metadata (IP, headers) but not application-level account data.
    Policy: cloudflare.com/privacypolicy.
  • Crisp IM SAS - live chat widget on verseflash.com. If you open the chat to message support, Crisp processes the messages you send plus standard browser metadata (page URL, IP, user agent). The widget loads on the marketing pages only - not inside the signed-in app or the API.
    Policy: crisp.chat/privacy.

We only list services that actually process your personal data. Other infrastructure we use - for container images, fonts, or static asset hosting - never sees account info, session data, or audio, so it's not listed above.

5. Where your data lives

All servers, databases, container images, and operational tooling are hosted in the United States. If you use VerseFlash from outside the United States, your data is transferred to and stored in the United States. We rely on standard contractual clauses where required by your local law (UK GDPR, EU GDPR) and the data-protection commitments of our US-based vendors.

6. How long we keep it

  • Account data: as long as your account is active.
  • Session metadata (timestamps, duration, detection counts): as long as your account is active.
  • Saved transcripts and scripture detections: as long as your account is active, or until you delete the individual session from history.
  • Microphone audio: never stored - passed through to Deepgram in real time and discarded.
  • Server logs: rolling 30 days; used for debugging and abuse prevention.
  • Deletion requests: actioned within 30 days. See Delete account.

7. Your rights

You can ask us to:

  • Access a copy of the data tied to your account.
  • Correct anything that's wrong.
  • Delete your account and the data attached to it.
  • Restrict or object to some uses of your data.
  • Receive your data in a portable format on request.

To exercise any of these rights, email [email protected] from the address tied to your account, or use the form on the delete-account page. We aim to respond within 7 days and complete the action within 30 days.

8. Children

VerseFlash is for users 13 years and older. We do not knowingly collect personal information from children under 13 and we do not market VerseFlash to under-13 audiences. If you believe a child under 13 has created an account, email [email protected] and we will delete the account and any data we hold for it.

9. Security

We follow standard industry practice:

  • All traffic between the app and our servers is encrypted with TLS 1.2 or higher.
  • Authentication tokens (Laravel Sanctum) are scoped per-device and revocable.
  • Our backend runs in a hardened Linux container with restricted network access; only the API entry-points are publicly reachable.
  • Production database backups are encrypted at rest.
  • Cloudflare Authenticated Origin Pulls verify that requests reaching our server originated at the Cloudflare edge, preventing direct origin scraping.

No system is 100% secure. If we ever discover a breach that affects your data, we'll notify you within 72 hours where required by law.

10. Cookies and tracking on this website

This website (verseflash.com) is a static marketing site. It does not set tracking cookies, run analytics scripts, or include any advertising pixels. The only third-party request the site makes is to Google Fonts for the typefaces.

11. Changes to this policy

If we change this policy in a way that affects what we collect or how we use it, we will:

  • Update the "Effective" date at the top.
  • Post a short summary in the app's What's New screen.
  • For material changes, send an email to the address on your account.

12. Contact

Privacy questions: [email protected]
General support: [email protected]

Effective: May 20, 2026 · Last updated: May 20, 2026