Last updated · May 27, 2026

Privacy Policy

This Privacy Policy describes how Theosis ("we," "us," or "our") handles personal information in the Theosis mobile application and related services ("Service"). Our guiding principle is restraint: we collect what we need to make the Service work, nothing more, and we do not sell or share your data with advertisers.

1

Anonymous use

You can use most of the Service without an account. When you do, everything you create — highlights, saved verses, notes, reading list, prayer rule, diptych, last-read position, completion marks — stays on your device in local storage (AsyncStorage on iOS and Android). Nothing about your activity is transmitted to our servers in this mode.
2

Account data

If you create an account, we collect and store:

  • Account identifier (a UUID issued by our authentication provider, Clerk Inc.);
  • Your email address (if you sign in with email or with an OAuth provider that shares one);
  • Display name if your OAuth provider shares it;
  • Preferences you set in onboarding or Settings: calendar system, primary translation, text size, fasting level, jurisdiction, parish, patron saint, preferred fathers, hidden fathers, commentary ranking, daily-card order, onboarding status;
  • Content you create: highlights, saved verses, notes, favorite people, reading list, recent searches, prayer-rule entries, diptych entries, daily-activity dates, completion marks.
3

What we don’t collect

We do not collect your contacts, photos, microphone, precise location, browsing history outside Theosis, advertising identifiers, or biometric data. We do not include third-party analytics SDKs that track screen views, session length, or aggregate behavior. We do not sell or share your personal information with third parties for their marketing or advertising purposes.
4

How we use your data

We use the data described in Section 2 only to operate the Service for you: render the interface in your preferred configuration, sync your content across your devices, surface your reading history and completions, deliver the Service generally, comply with legal obligations, and detect and prevent abuse.
5

Service providers

We rely on the following providers, each subject to its own privacy policy:

  • Clerk Inc. (clerk.com) — authentication. Handles your email, password, and OAuth tokens.
  • Vercel Inc. (vercel.com) — application hosting and routing. Receives Service requests including authenticated API calls.
  • Neon Inc. (neon.tech) — Postgres database hosting. Stores the account and content data described in Section 2.
  • Apple Inc. and Google LLC — OAuth identity providers used at your election.
  • Expo (expo.dev) — mobile runtime. Receives application updates and crash data limited to the JavaScript bundle.
  • OpenStreetMap Foundation (nominatim.openstreetmap.org) — geocoding. When you search parishes by ZIP, city, or address, that text is sent to look up coordinates. We don't retain it.

We share only the minimum data required for each provider to deliver its function.

6

Cookies and similar technology

The mobile app does not use cookies. Authentication tokens are stored in Apple Keychain or Android Keystore via Expo SecureStore. Application preferences are stored in AsyncStorage as plain JSON on your device.
7

Retention

Anonymous on-device data persists until you uninstall the app, clear app data, or sign in (at which point the data is imported into your account). Account data persists until you delete your account. We may retain anonymized aggregate metrics (number of accounts, country counts) indefinitely for operational purposes.
8

Your rights

Depending on your jurisdiction you may have rights to access, correct, port, restrict, or delete personal information we hold about you, and to object to certain processing.

  • Access: see a full machine-readable snapshot of everything we hold about you from Settings → Account → Manage.
  • Deletion: Settings → Account → Delete my account permanently removes every record we hold about you from our servers. This action is not reversible.
  • Correction or portability: contact us at contact.theosis@gmail.com.
9

Children

Theosis is not directed at children under 13. If you believe a child under 13 has created an account, contact us and we will delete the record promptly. For users 13–17, we recommend using the Service with the consent of a parent or guardian.
10

Security

We use industry-standard measures to protect data in transit (HTTPS for all API calls; TLS at every provider) and at rest (encrypted volumes at Vercel and Neon). No system is perfectly secure; if a breach is suspected we will notify affected users where required by law.
11

International transfers

Our infrastructure runs primarily in the United States. If you access the Service from outside the U.S., your data may be transferred to, stored at, or processed in the United States. By using the Service you consent to this transfer.
12

California, EU/UK, and other jurisdictions

Residents of California (CCPA/CPRA), the European Economic Area, the United Kingdom, and certain U.S. states may have additional rights including the right to know what categories of personal information are collected and shared, the right to opt out of "sale" or "sharing" of personal information (we do not sell or share), and the right to a non-discriminatory experience when exercising these rights. We honor these rights. Contact us to make a request.
13

Changes

We will update this Privacy Policy from time to time. For material changes (new categories of data collected, new purposes, new third-party sharing) we will surface a notice in the app and, where you have provided an email address, by email before the changes take effect.
14

Contact

Privacy questions, deletion requests, or rights requests should be sent to contact.theosis@gmail.com. We respond personally, usually within five business days. For matters governed by GDPR you may also contact your local data protection authority.
Made with reverence — for prayer, not for data.