Privacy & Data Security

How we protect your information

At Dsciplr, we believe your spiritual journey is deeply personal. We are committed to protecting your privacy and ensuring your data is handled with the utmost care and security. This page explains how we collect, use, store, and protect your information.

Our Commitment to You

We will never sell your personal data. Your prayers, reflections, and spiritual journey remain yours. We only use your data to provide and improve the Dsciplr experience.

What Data We Collect

We collect only what's necessary to provide your discipleship experience:

Account Information: Name, email address, and password (securely hashed)
Profile Data: Profile photo, bio, and church affiliation (optional)
Spiritual Formation Data: Scripture highlights, bookmarks, prayers, reflections, and learning progress
Community Interactions: Messages in Circles, accountability check-ins, and shared testimonies
AI Conversations: Your interactions with Ask D (our AI assistant) to provide personalized guidance
Usage Analytics: How you use the app (anonymized) to improve features

How We Use Your Data

Your data is used solely to enhance your discipleship journey:

Personalized Formation: Tailoring Scripture readings and learning paths based on your progress and interests
AI Assistance: Providing contextual, theologically-grounded responses through Ask D
Community Features: Enabling Circle discussions, prayer sharing, and accountability partnerships
Leader Insights: Helping your leaders understand engagement patterns (aggregated metrics only — leaders see participation counts and trends, never the content of your prayers, reflections, or private conversations)
Service Improvement: Understanding how features are used to make Dsciplr better

We never: Sell your data to third parties, share your prayers or reflections without consent, or use your spiritual data for advertising.

Where Your Data is Stored

Your data is stored securely in enterprise-grade infrastructure:

Cloud Infrastructure: Hosted on secure, SOC 2 compliant cloud servers
Database: MongoDB with encryption at rest and in transit
Geographic Location: Data is stored in secure data centers with redundancy and backup systems
AI Processing: AI conversations are processed through OpenAI's standard API. OpenAI does not use API data to train models, but may retain data briefly for safety monitoring.

Security Measures

We implement multiple layers of security to protect your data:

Authentication

  • • Secure password hashing (bcrypt)
  • • JWT token-based sessions
  • • Session expiration & rotation
  • • Optional Google OAuth

Data Protection

  • • HTTPS/TLS encryption in transit
  • • Encryption at rest
  • • Database access controls
  • • Regular security audits

Threat Prevention

  • • Rate limiting on all APIs
  • • Brute force protection
  • • Input validation & sanitization
  • • Security event logging

Session Security

  • • Automatic session expiration
  • • Secure cookie handling
  • • Device tracking (optional)
  • • Logout from all devices

Your Rights

We comply with Australian Privacy Principles (APP) and extend GDPR-equivalent rights to all users globally, regardless of location. You have the right to:

Access Your Data (APP 12)

Download a complete copy of all your personal data in JSON format. Go to Profile → Data & Privacy → Export

Correct Your Data (APP 13)

Update or correct any personal information through your Profile settings or by contacting support.

Delete Your Data (Right to Erasure)

Request complete deletion of your account and all associated data. You choose: a 14-day grace period (to recover if changed mind) or immediate permanent deletion. Access at Profile → Data & Privacy → Delete Account

Data Retention

We retain your data only as long as you have an active account. Accounts inactive for 24 months may be flagged for review, but we will contact you before any action is taken. Data is never deleted without your explicit consent.

Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify you within 72 hours of becoming aware of the breach, in accordance with GDPR requirements and Australian Notifiable Data Breaches scheme.

AI Assistant (Ask D) & Your Data

Ask D is powered by advanced AI to provide theologically-grounded guidance. Here's how we handle AI interactions:

Conversation Privacy: Your conversations with Ask D are private and only visible to you
Context Window: Ask D uses your recent conversation history to provide relevant responses, but doesn't permanently learn from your data
Knowledge Base: Ask D references a curated theological knowledge base uploaded by your church leaders (if applicable)
No Training by Dsciplr: Your personal conversations are not used by Dsciplr to train any AI models. We do not build profiles or models from your spiritual data.
Deletion: When you delete your account, all AI conversation history is permanently removed from our systems
About Our AI Provider (OpenAI)

Ask D uses OpenAI's standard API. Under OpenAI's current data usage policy, API conversations are not used to train their models. However, OpenAI may retain API inputs for up to 30 days for safety monitoring and abuse prevention. For the most current information, see OpenAI's API Data Usage Policy.

Note: Ask D is an AI assistant designed to support your spiritual growth. It is not a replacement for pastoral care, professional counseling, or human spiritual direction.

Third-Party Services

We use trusted third-party services to provide certain features:

ServicePurposeData Shared
OpenAI (Standard API)AI Assistant (Ask D)Conversation messages*
API.BibleScripture textBible references only
Daily.coVideo calls (optional feature)Video/audio streams when using video
ResendEmail notificationsEmail address, name
StripePayment processingPayment details (not stored by us)
Firebase (Google)Push notificationsDevice tokens, notification content

*OpenAI retains API data for up to 30 days for safety monitoring. See their data usage policy for details.

All third-party services are vetted for security and privacy compliance. We only share the minimum data necessary for each service to function.

Community Safety

We maintain a safe community environment through:

Content Reporting: Members can report concerning content for leader review
Moderation Tools: Leaders have tools to address inappropriate behavior
Escalation Paths: Serious concerns are escalated to appropriate leadership
Audit Trails: Moderation actions are logged for accountability

Questions or Concerns?

If you have any questions about our privacy practices or would like to exercise your data rights, please contact us.

Last updated: June 2026

This policy may be updated periodically. We will notify you of significant changes.