BibleTrivia.aiPowered by The Catholic Connect Foundation

Privacy Policy

Last Updated: February 10, 2026

The Catholic Connect Foundation ("Foundation," "we," "us," or "our") operates BibleTrivia.ai (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services. Please read this policy carefully. By using the Service, you consent to the practices described in this Privacy Policy.

1. Information We Collect

We collect several types of information to provide and improve the Service:


a) Account Information

When you create an account, we collect:

  • Name and email address
  • Profile image (if signing in with Google)
  • Password (hashed with bcrypt; we never store plaintext passwords)

    • b) Authentication Data

    Depending on your sign-in method:

  • Google OAuth: We receive your Google profile information (name, email, profile picture) and an authentication token
  • Email/Password: We store your email and a securely hashed password
  • Email Magic Link: We process your email address to send authentication links

    • c) Usage Data

    As you use the Service, we collect:

  • Bible reading progress (chapters read, verses saved, highlights)
  • Quiz results (scores, accuracy, answers selected)
  • Reading plan progress (days completed, streaks)
  • Gamification data (points earned, levels, achievements unlocked)
  • Church Teachings viewed
  • Notes and favorites you create

    • d) Analytics Data

    We use analytics services to understand how users interact with the Service:

  • Google Analytics (GA4): Page views, session duration, user flow, device information, geographic region
  • Google Tag Manager: Tag management for analytics scripts

    • e) Marketing and Advertising Data

    We use tracking pixels for conversion tracking and audience analytics:

  • Meta Pixel (Facebook): Tracks events like registrations, content views, and shares for advertising analytics
  • TikTok Pixel: Tracks events for advertising analytics

    • f) Referral Data

    When you use or interact with referral links:

  • IP address (for click attribution and fraud prevention)
  • Device type and browser information
  • Referral codes and conversion status
  • Timestamp of referral events

    • g) Error and Diagnostic Data

    To maintain Service quality, we automatically collect:

  • JavaScript error messages and stack traces
  • Browser type and version
  • Operating system and device type
  • User identifier (UUID) if logged in
  • Page URL where the error occurred

    • h) Email Communications

    We collect your email address to send:

  • Account verification emails
  • Password reset emails
  • Optional: Weekly reading digests and streak reminders

    • i) Local Storage Data

    We store the following in your browser's local storage (not sent to our servers unless synced):

  • Authentication tokens
  • Reading progress and quiz progress
  • Gamification state (points, level, achievements)
  • Cookie consent preference
  • Reading plan progress
  • Referral attribution codes
  • User interface preferences (font size, theme)

    • 2. How We Use Your Information

    We use the information we collect for the following purposes:


  • Provide the Service: Deliver Bible content, quizzes, reading plans, and gamification features
  • Authenticate Users: Verify your identity and maintain secure access to your account
  • Track Progress: Save your reading history, quiz scores, achievements, and streaks across sessions and devices
  • Personalize Experience: Recommend reading plans and content based on your activity
  • Communicate with You: Send account verification, password reset, and optional engagement emails
  • Analyze Usage: Understand how users interact with the Service to improve functionality and content
  • Prevent Fraud: Detect and prevent fraudulent referral activity, multiple account creation, and system manipulation
  • Maintain Security: Monitor for and respond to security threats, errors, and service disruptions
  • Comply with Law: Fulfill legal obligations and respond to lawful requests

    • 3. Cookies and Tracking Technologies

    We use the following tracking technologies:


    Google Tag Manager (GTM)

    We use GTM to manage analytics and marketing tags on our website. GTM itself does not collect personal data but facilitates the deployment of other tracking scripts.


    Google Analytics (GA4)

    We use Google Analytics to collect anonymized usage data including page views, session information, and user interactions. Google Analytics uses cookies to distinguish unique users.

  • Measurement ID: G-P3QMXF4040
  • We use Google Consent Mode v2, which respects your consent preferences
  • For EEA (European Economic Area) users, analytics cookies are disabled by default until you provide consent

    • Meta Pixel (Facebook)

    We use Meta Pixel for conversion tracking and advertising analytics. This helps us understand the effectiveness of our outreach.

  • The Meta Pixel tracks events such as page views, registrations, and content interactions
  • For EEA users, the Meta Pixel is disabled by default until you provide consent

    • TikTok Pixel

    We use TikTok Pixel for conversion tracking and advertising analytics.

  • For EEA users, the TikTok Pixel is disabled by default until you provide consent

    • Local Storage

    We use your browser's local storage (not cookies) to store authentication tokens, user preferences, and progress data. This data remains on your device and is only sent to our servers when you explicitly sync your progress.


    Cookie Consent

    For users in the European Economic Area (EEA), we display a cookie consent banner. You may accept or decline non-essential cookies. Your preference is stored in your browser's local storage. Essential cookies required for the Service to function are always active.

    4. Third-Party Services

    We share data with the following third-party service providers, each for specific purposes:


    Google LLC

  • Purpose: Authentication (Google OAuth), analytics (GA4), tag management (GTM)
  • Data shared: Email, name, profile picture (OAuth); anonymized usage data (GA4)
  • Privacy policy: https://policies.google.com/privacy

    • Meta Platforms, Inc.

  • Purpose: Conversion tracking and advertising analytics
  • Data shared: Anonymized event data (page views, registrations)
  • Privacy policy: https://www.facebook.com/privacy/policy

    • TikTok Inc.

  • Purpose: Conversion tracking and advertising analytics
  • Data shared: Anonymized event data
  • Privacy policy: https://www.tiktok.com/legal/privacy-policy

    • Resend

  • Purpose: Transactional email delivery (verification, password reset)
  • Data shared: Email address, email content
  • Sender address: hello@updates.bibletrivia.ai
  • Privacy policy: https://resend.com/legal/privacy-policy

    • Railway

  • Purpose: Backend hosting and PostgreSQL database
  • Data shared: All user data stored in our database
  • Privacy policy: https://railway.app/legal/privacy

    • Vercel

  • Purpose: Frontend hosting and edge functions
  • Data shared: Standard web request data (IP address, user agent)
  • Privacy policy: https://vercel.com/legal/privacy-policy

    • We do not sell your personal information to any third party.

    5. Data Storage and Security

    We take reasonable measures to protect your personal information:


  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS
  • Password Security: Passwords are hashed using bcrypt with a work factor of 12 before storage; we never store plaintext passwords
  • Token Security: Authentication tokens have configurable expiration (7 or 30 days) and are transmitted only over HTTPS
  • Database Security: Our PostgreSQL database is hosted on Railway with encrypted connections and access controls
  • Access Controls: Only authorized personnel have access to user data, and access is limited to what is necessary for their role

    • While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

    6. Data Retention

    We retain your information for the following periods:


  • Account Data: Retained until you delete your account or request deletion
  • Reading and Quiz Progress: Retained for the life of your account
  • Authentication Tokens: Expire after 7 days (standard) or 30 days ("Remember me" enabled)
  • Email Verification Tokens: Expire after 24 hours
  • Password Reset Tokens: Expire after 1 hour and are single-use
  • Error Logs: Retained for up to 90 days, then automatically purged
  • Analytics Data: Retained according to each analytics provider's policies (Google Analytics: 14 months by default)
  • Referral Data: Retained for the life of the referrer's account

    • After account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

    7. Your Rights

    Depending on your location, you may have the following rights regarding your personal data:


    All Users

  • Access: Request a copy of the personal data we hold about you
  • Deletion: Request deletion of your account and associated data
  • Opt-Out of Marketing Emails: Unsubscribe from non-essential emails via the email preferences page or unsubscribe link in emails
  • Opt-Out of Analytics: Decline cookies via the cookie consent banner (EEA users) or use your browser's Do Not Track setting

    • European Economic Area (EEA) Residents - GDPR

    Under the General Data Protection Regulation, you have additional rights:

  • Rectification: Request correction of inaccurate personal data
  • Restriction: Request that we limit the processing of your data
  • Data Portability: Request your data in a structured, machine-readable format
  • Object: Object to processing of your data for certain purposes
  • Withdraw Consent: Withdraw consent for data processing at any time
  • Lodge a Complaint: File a complaint with your local data protection authority

    • Our legal basis for processing data under GDPR:

  • Contract performance (providing the Service)
  • Legitimate interests (analytics, security, service improvement)
  • Consent (marketing cookies, optional emails)

    • California Residents - CCPA/CPRA

    Under the California Consumer Privacy Act and California Privacy Rights Act, you have the right to:

  • Know: Request disclosure of what personal information we collect, use, and share
  • Delete: Request deletion of your personal information
  • Opt-Out of Sale: We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights

    • To exercise any of these rights, contact us at contact@catholicconnect.care. We will respond within 30 days (or the period required by applicable law).

    8. Children's Privacy

    The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at contact@catholicconnect.care.


    If we learn that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information as quickly as possible.


    Users between the ages of 13 and 18 may use the Service with the consent and supervision of a parent or guardian.

    9. International Data Transfers

    The Service is operated in the United States. If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.


    By using the Service, you consent to the transfer of your information to the United States.


    For EEA residents, we rely on Standard Contractual Clauses and other approved transfer mechanisms where required to ensure adequate protection of your data during international transfers.

    10. Do Not Track Signals

    Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. We currently honor DNT signals by disabling non-essential analytics tracking when DNT is detected.


    Additionally, you can manage your tracking preferences through our cookie consent banner (displayed to EEA users) or by adjusting your browser settings.

    11. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:


  • Updating the "Last Updated" date at the top of this policy
  • Displaying a notice within the Service
  • Sending an email notification (for material changes affecting your rights)

    • Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

    12. Contact Us

    If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at contact@catholicconnect.care.


    We will respond to all requests within 30 days or the period required by applicable law.