BreadlyBreadly
00 crumbs

Breadly

Privacy Policy

Last updated: [EFFECTIVE DATE]

This Privacy Policy explains how [LEGAL ENTITY NAME] ("Breadly", "we", "us") collects, uses, and protects your personal data when you use the Breadly app and website (the "Service"). Breadly is a Bible-learning app that offers lessons, memorization, reading plans, and an optional paid subscription ("Breadly Plus").

If you have any questions about this policy or want to exercise your data rights, contact us at joachim@noobwork.no.

1. Data we collect and why

We collect only what we need to run Breadly:

  • Account data — your email address and (if provided) display name. Used to create and secure your account.
  • Learning data — your lesson progress, streaks, XP ("crumbs"), completed lessons, notes and reflections, onboarding answers (goal, experience level, daily session length, reminder time, preferred translation). Used to power the core product.
  • Subscription data — your Stripe customer ID, subscription status, plan, current period end, trial end, and cancellation state. Used to unlock Breadly Plus and manage billing. We never see or store your card numbers; Stripe handles those.
  • Product analytics — pseudonymous event data (which screens you visit, which lessons you finish) via PostHog. Used to improve the app.
  • Error reports — crash and error data via Sentry, used to diagnose and fix bugs.
  • Local device storage — we use localStorage and similar browser storage for app state, onboarding progress, and your authentication session. We do not use third-party advertising cookies.

2. Legal basis (GDPR)

  • Contract — to provide the Service you have signed up for (account, lessons, subscription management).
  • Legitimate interests — to keep the Service secure, prevent abuse, debug crashes, and understand aggregate product usage.
  • Legal obligation — to keep records required by tax and accounting law for paid transactions.
  • Consent — where we ask for it (for example, marketing emails, if any). You can withdraw consent at any time.

3. Third-party processors

We rely on the following sub-processors. Each processes your data only on our instructions and under their own privacy and security commitments:

  • Supabase — account, authentication, and database hosting.
  • Stripe — payment processing, subscription management, tax calculation, and the customer billing portal. Card data is sent directly to Stripe and never touches our servers.
  • PostHog — product analytics.
  • Sentry — error and performance monitoring.
  • App hosting / CDN — for serving the web app and routing requests.

Bible text shown in the in-app reader is fetched from a third-party public-domain Bible API (helloao.org). We do not send your account information or any personal data to that service — only the book/chapter you are reading.

4. Data retention

We keep your account and learning data for as long as your account is active. Billing records are retained as required by applicable tax and accounting law (typically up to 7–10 years). Error logs and analytics events are kept for a limited rolling window (typically 30–90 days) and may be aggregated thereafter. When you delete your account, we delete your personal data within 30 days, except where retention is legally required.

5. International transfers

Our processors may store and process data in countries outside your own, including the United States and other jurisdictions. Where required, transfers rely on appropriate safeguards such as the EU Standard Contractual Clauses or the EU–US Data Privacy Framework.

6. Your rights (GDPR / UK GDPR)

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your account and personal data ("right to be forgotten").
  • Receive your data in a portable, machine-readable format.
  • Object to or restrict certain processing.
  • Lodge a complaint with your local data protection authority (in Norway, the Datatilsynet).

To exercise any of these rights, email joachim@noobwork.no. We respond within 30 days.

7. Account deletion

You can request deletion of your account and associated data at any time by emailing joachim@noobwork.no. Cancelling an active subscription is handled separately through the Stripe billing portal (see our Refund & Billing Policy).

8. Children's privacy

Breadly is a faith-and-education app intended for users aged 13 and older (16 in the EU/EEA where local law requires it). We do not knowingly collect personal data from children below those ages. If you believe a child has provided us personal data, contact us and we will delete it.

9. Security

We use industry-standard measures including encryption in transit (TLS), access controls, and database-level row-level security so that each user can only access their own data. No system is perfectly secure, but we work to protect your information appropriately.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date above and, for material changes, take reasonable steps to notify you (for example, by email or an in-app notice).

11. Contact

[LEGAL ENTITY NAME]
[REGISTERED ADDRESS]
Email: joachim@noobwork.no

PrivacyTermsRefunds & Billing