Privacy Notice

Last updated: 20 May 2026

This notice explains how Nathalie Refuge ("we") collects, uses, and shares personal data through Verse Smart ("the Service"). We act as the data controller for the personal data described below.

What we collect and why

• Account data (email, hashed password, OAuth identifiers if you sign in with Google) — to create and secure your account. Legal basis: performance of contract.
• Usage data (the verse references you look up, a random browser identifier, the date of each lookup) — to enforce the free 3-lookups-per-day limit and to operate the Service. Legal basis: legitimate interest in providing the Service.
• Subscription data (subscription status, plan, billing-period dates, Paddle customer & subscription IDs) — to grant access to paid features. Legal basis: performance of contract.
• Support communications if you contact us. Legal basis: legitimate interest in responding to you.
• Technical telemetry (IP address, browser type, error logs) collected by our hosting and error-reporting providers — for security, abuse prevention, and reliability. Legal basis: legitimate interest.

We do not collect or store your payment card details — those are handled directly by Paddle.

Who we share data with

• Hosting & backend — Lovable Cloud (which uses Supabase) to host the application, database, and authentication.
• Payments — Paddle.com, our Merchant of Record, who processes payments, manages subscriptions, calculates and remits tax, and issues invoices. Paddle's privacy notice is available on their website.
• AI provider — Lovable AI gateway forwards your Bible reference (not your account data) to a large-language-model provider to generate the commentary summary.
• Authorities where required by law.
• Professional advisers (e.g. legal, accounting) when necessary.

We do not sell your personal data.

International transfers

Some of these providers operate outside your country (including the EEA, UK, and the US). Where transfers occur we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

How long we keep data

• Account data: while your account exists, plus a short retention period for backups and legal obligations.
• Daily usage rows: cleaned up regularly (within a few days) — they exist only to enforce the daily limit.
• Subscription records: retained as long as needed for tax and accounting obligations (typically up to 7 years).

Your rights

Depending on your country, you may have rights to access, correct, delete, restrict, port, or object to processing of your personal data, and to withdraw consent. You may also complain to your local data-protection authority. To exercise any of these rights, contact us through the email on your Paddle receipt or our support page. We aim to respond within one month.

Security

We use industry-standard technical and organisational measures (encryption in transit, access controls, hashed passwords) to protect your data. No system is perfectly secure — please use a strong, unique password.

Cookies

We use only essential storage: a small browser identifier (in localStorage) for the daily-lookup limit, and an authentication session cookie/token when you sign in. We do not currently use third-party analytics or marketing cookies.

Children

The Service is not directed at children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.

Changes

We may update this notice from time to time. The "last updated" date above reflects the most recent change.