1. Overview
Family Bible is a private archive for families. This policy describes what we collect, why we collect it, how we use it, with whom we share it, how long we keep it, and the choices and rights you have. It is written to comply with the EU GDPR, the UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), the Virginia CDPA, the Colorado CPA, and comparable state privacy laws.
We do not sell or share your personal information for cross-context behavioral advertising.
2. Who we are
The data controller is Family Bible (“we”, “us”). You can reach our privacy team at privacy@familybible.app or through our contact page.
3. Information we collect
We collect the following categories of personal information:
- Account data — email address, display name, hashed password, account status.
- Content you upload — photos, documents, captions, family-tree relationships, and messages you send within your circle.
- Device and log data — IP address, device type, browser, pages visited, and timestamps, collected through server logs and strictly-necessary cookies.
- Preferences — language, notification settings, and cookie/consent choices you have made.
- Support communications — any message you send us.
We do not knowingly collect personal information from children under 13. If you believe a child has created an account, please contact us and we will delete it.
4. How we use information
- Operating, maintaining, and securing the service.
- Authenticating you and protecting your account.
- Providing family-circle features you have explicitly opted into.
- Delivering, rotating, and measuring non-personalized advertising, and — only with your consent — personalized advertising.
- Complying with legal obligations, including responding to lawful requests.
- Preventing fraud, abuse, and violations of our Terms of Service.
Our legal bases under GDPR are: performance of our contract with you, your consent (for optional cookies and personalized ads), our legitimate interest in running a secure service, and compliance with legal obligations.
6. How long we keep information
We keep your account and content until you ask us to delete it. Deleting your account triggers a cascading erasure across every internal service within minutes. Backup copies expire within 30 days. Some records (billing, anti-fraud, legal-hold) may be retained as required by law, in minimized form.
7. Your rights and choices
Depending on your jurisdiction, you have the right to:
- Access a copy of your data (one-click export).
- Correct inaccurate data from your account page.
- Delete your account and data (delete account).
- Restrict or object to certain processing.
- Portability of your data in a structured, machine-readable format.
- Opt out of personalized advertising from privacy choices, and globally with the Do Not Sell or Share link. We honor Global Privacy Control (GPC) signals.
- Withdraw consent at any time without affecting the lawfulness of prior processing.
- Lodge a complaint with your data-protection authority.
We do not discriminate against you for exercising any of these rights.
8. How we protect information
We use TLS in transit, encryption at rest where supported by our storage provider, Argon2id password hashing, short-lived access tokens with asymmetric (RS256) signatures, rate limiting, and strict service-to-service authentication. No system is perfect; we will notify affected users and regulators of any material breach as required by law.
9. International data transfers
If we transfer your data outside your region, we rely on Standard Contractual Clauses or an equivalent safeguard and apply supplementary measures where required.
11. Changes to this policy
We will post changes here and update the effective date. Material changes will be announced via email or a prominent notice in the app.