Privacy Policy

1. Scope and Application of This Policy

1.1 What This Policy Covers

This Privacy Policy applies to all personal information collected, used, and processed by Legacy Guidance LLC in connection with:

• JesusTalk.ai Mobile Application: All features, functionalities, and services provided through our mobile application, including AI conversations, voice interactions, spiritual guidance, and educational content.
• Website and Online Services: Our website, customer support services, marketing communications, and any other online services we provide.
• Related Services: Account management, subscription services, customer support, and any other services we provide in connection with the Application.

1.2 What This Policy Does Not Cover

This Privacy Policy does not apply to:

• Third-Party Services: Websites, applications, or services operated by third parties that may be linked to or integrated with our Application. These services have their own privacy policies, and we encourage you to review them.
• User-to-User Communications: Direct communications between users that do not involve our AI system or services.
• Public Information: Information that you choose to make publicly available or that is already in the public domain.

1.3 Our Role in Data Processing

• Data Controller: Legacy Guidance LLC acts as the data controller for personal information we collect directly from you through the Application and our services.
• Service Provider Relationships: When we process personal information on behalf of third-party service providers (such as payment processors), we act in accordance with their instructions and applicable data processing agreements.
• AI Service Integration: We work with third-party AI service providers to deliver our core functionality. These relationships are governed by strict data processing agreements to protect your privacy.

2. Information We Collect

2.1 Information You Provide Directly

Account Information: When you create an account, we collect:

• Name and email address
• Username and password
• Profile information (optional)
• Subscription and billing information
• Customer support communications

Spiritual Conversations and Questions: We collect and process:

• Questions you ask the AI
• Topics you discuss during spiritual conversations
• Personal reflections and spiritual concerns you share
• Prayer requests and spiritual guidance sought
• Biblical questions and theological inquiries

Voice Data: When you use voice features:

• Audio recordings of your spoken questions and interactions
• Voice patterns and speech characteristics for processing
• Transcriptions of your spoken communications

Feedback and Communications:

• Feedback about the Application and AI responses
• Customer support requests and communications
• Survey responses and user research participation
• Bug reports and technical issue descriptions

2.2 Information Collected Automatically

Usage Information: We automatically collect:

• How you interact with the Application and its features
• Frequency and duration of your sessions
• Types of questions asked and topics discussed
• Features used and preferences selected
• Navigation patterns within the Application

Device and Technical Information:

• Device type, model, and operating system
• IP address and general location information
• Browser type and version (for web access)
• Application version and technical specifications
• Network connection information

Analytics and Performance Data:

• Application performance metrics
• Error logs and crash reports
• Feature usage statistics
• User engagement patterns
• System performance data

2.3 Information from Third-Party Sources

• Payment Processors: Billing and payment information from our payment service providers, including payment method details (encrypted), transaction history and billing records, and subscription status and payment confirmations.
• AI Service Providers: Technical data related to AI processing, including processing metrics and performance data, content analysis results (anonymized), and system optimization data.
• Authentication Services: If you choose to sign in through third-party services: basic profile information from authentication providers, account verification data, and security and authentication tokens.

3. How We Use Your Information

3.1 Primary Service Purposes

Providing AI Conversations: We use your information to:

• Generate personalized AI responses to your spiritual questions
• Maintain conversation context and continuity
• Improve the relevance and accuracy of spiritual guidance
• Provide voice interaction capabilities
• Remember your preferences and conversation history

Spiritual Guidance and Education: We process your data to:

• Offer biblical guidance and theological insights
• Provide personalized spiritual coaching and growth recommendations
• Suggest relevant educational content and resources
• Track your spiritual growth and development progress
• Customize devotional and inspirational content

Account and Subscription Management: We use your information for:

• Creating and maintaining your user account
• Processing subscription payments and billing
• Providing customer support and technical assistance
• Communicating about your account and services
• Managing subscription renewals and cancellations

3.2 Service Improvement and Development

AI Training and Enhancement: We use aggregated and anonymized data to train and improve our AI models for better spiritual guidance, enhance the accuracy and appropriateness of biblical interpretations, develop new features and capabilities, improve theological accuracy and denominational sensitivity, and optimize response quality and relevance.

Application Development: We analyze usage patterns to identify and fix technical issues and bugs, optimize application performance and user experience, develop new features based on user needs and feedback, improve accessibility and usability, and enhance security and privacy protections.

Research and Analytics: We conduct research to understand user needs and preferences in spiritual guidance, improve the effectiveness of AI-powered religious education, study patterns in spiritual growth and development, enhance the overall user experience, and develop better privacy and security practices.

3.3 Communication and Marketing

Service Communications: We may contact you about important updates to our services or policies, technical issues or maintenance notifications, account and subscription information, customer support responses, and security alerts and privacy notices.

Educational Content: With your consent, we may send spiritual growth tips and biblical insights, educational content about Christian faith and practices, inspirational messages and devotional content, information about new features and capabilities, and community updates and user stories.

Marketing Communications: With your explicit consent, we may send information about premium features and subscriptions, special offers and promotional content, newsletters and community updates, invitations to participate in user research, and information about related services and partnerships.

3.4 Legal and Safety Purposes

Legal Compliance: We may use your information to comply with applicable laws and regulations, respond to legal requests and court orders, protect our legal rights and interests, enforce our Terms of Service and policies, and prevent fraud and abuse of our services.

Safety and Security: We process data to protect the safety and security of our users, prevent harmful or inappropriate content, detect and prevent fraud and abuse, maintain the integrity of our services, and protect against security threats and vulnerabilities.

4. Special Protections for Spiritual Content

4.1 Enhanced Privacy for Religious Conversations

Sensitive Data Recognition: We recognize that your spiritual conversations, religious questions, and faith-related discussions constitute sensitive personal information that requires enhanced protection under privacy laws and ethical standards.

Special Handling Procedures: We implement special procedures for spiritual content, including:

• Enhanced encryption for storage and transmission
• Restricted access limited to authorized personnel only
• Additional security measures for data processing
• Specialized training for staff who may access this data
• Regular audits of access and handling procedures

Confidentiality Commitment: We treat your spiritual conversations with the same level of confidentiality expected in traditional pastoral care relationships, recognizing the deeply personal and sacred nature of faith discussions.

4.2 Theological Content Processing

Respectful Processing: When processing your spiritual conversations, we maintain respect for the sacred nature of religious content, avoid using spiritual content for commercial purposes beyond service provision, implement safeguards to prevent inappropriate use of religious data, ensure theological accuracy and sensitivity in AI training, and protect against bias or discrimination based on religious beliefs.

Denominational Sensitivity: We strive to respect diverse Christian denominational perspectives, avoid favoring any particular theological tradition, protect users from denominational bias in AI responses, maintain neutrality while providing biblical guidance, and respect individual spiritual journeys and beliefs.

4.3 Spiritual Growth Privacy

Personal Development Data: Information about your spiritual growth, including prayer patterns and spiritual practices, biblical study progress and interests, spiritual challenges and growth areas, faith journey milestones and developments, and personal religious experiences and insights.

Protected Processing: This information is processed with enhanced protections:

• Limited access to authorized AI training purposes only
• Anonymization before use in system improvements
• Prohibition on sharing with third parties for non-service purposes
• Special consent requirements for any research use
• Enhanced deletion rights and data portability options

5. How We Share Your Information

5.1 Service Providers and Business Partners

AI and Technology Partners: We share limited data with AI service providers who power our conversation capabilities, cloud computing platforms that host our services, analytics providers who help us improve user experience, security services that protect our systems and data, and technical support providers who maintain our infrastructure.

Payment and Billing Partners: For subscription services, we share billing information with payment processors, transaction data with financial service providers, subscription status with billing management services, and fraud prevention data with security services.

Customer Support Services: We may share support requests with customer service providers, technical issues with specialized support teams, account information necessary for assistance, and communication history relevant to support requests.

5.2 Legal and Regulatory Sharing

Legal Requirements: We may disclose your information when required by court orders, subpoenas, or legal process; law enforcement requests with proper legal authority; regulatory investigations or compliance requirements; national security requests where legally mandated; and emergency situations involving imminent harm.

Legal Protection: We may share information to protect our legal rights and interests, enforce our Terms of Service and policies, prevent fraud, abuse, or illegal activities, protect the safety and security of our users, and defend against legal claims or litigation.

5.3 Business Transactions

In the event of a merger, acquisition, or sale of our company, transfer of business assets or operations, bankruptcy or insolvency proceedings, or corporate restructuring or reorganization, your information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

5.4 What We Do Not Share

Aggregated Data Only: We may share aggregated, anonymized data that cannot be linked to individual users for research on AI and spiritual guidance effectiveness, industry reports and academic studies, service improvement and development purposes, and public education about digital spiritual resources.

6. Data Security and Protection

6.1 Technical Security Measures

Encryption: We implement comprehensive encryption including end-to-end encryption for spiritual conversations, advanced encryption for data storage and transmission, encrypted backups and disaster recovery systems, secure communication channels for all data transfers, and regular encryption key rotation and management.

Access Controls: We maintain strict access controls through multi-factor authentication for all system access, role-based access permissions limiting data exposure, regular access reviews and permission audits, automated monitoring of data access and usage, and immediate revocation of access for former employees.

Infrastructure Security: Our technical infrastructure includes secure cloud hosting with certified providers, regular security assessments and penetration testing, automated threat detection and response systems, network security monitoring and intrusion prevention, and regular security updates and patch management.

6.2 Organizational Security Measures

Staff Training and Policies: We ensure security through comprehensive privacy and security training for all employees, strict confidentiality agreements and ethical guidelines, regular security awareness updates and testing, clear policies for handling sensitive spiritual content, and background checks for employees with data access.

Data Handling Procedures: We implement procedures for secure data processing and analysis workflows, regular data backup and recovery testing, incident response and breach notification protocols, data retention and secure deletion practices, and audit trails and logging of all data access.

6.3 Third-Party Security

Vendor Management: We ensure third-party security through comprehensive security assessments of all service providers, contractual requirements for data protection and security, regular audits and monitoring of third-party practices, due diligence reviews before engaging new providers, and immediate termination rights for security violations.

Data Processing Agreements: All third-party relationships include strict data processing and protection requirements, limitations on data use and sharing, security incident notification obligations, right to audit and inspect security practices, and compliance with applicable privacy laws and regulations.

6.4 Incident Response and Breach Notification

Security Incident Response: In the event of a security incident, we follow immediate containment and assessment procedures, forensic investigation to determine scope and impact, notification to affected users within 72 hours when required, coordination with law enforcement and regulators as appropriate, and implementation of additional security measures to prevent recurrence.

User Notification: We will notify you of security incidents that may have compromised your personal information, could affect your account security or privacy, require action on your part to protect your data, involve unauthorized access to your spiritual conversations, or result in changes to our security practices or policies.

7. Your Privacy Rights and Choices

7.1 Access and Information Rights

Right to Know: You have the right to know what personal information we collect about you, how we use and process your personal information, who we share your information with and why, how long we retain your information, and what security measures protect your data.

Access Requests: You can request a copy of all personal information we have about you, details about how your information has been used, information about third parties who have received your data, copies of your spiritual conversation history, and technical information about data processing activities.

7.2 Control and Correction Rights

Data Correction: You can update your account information and preferences, correct inaccurate personal information, add missing information to your profile, update your communication preferences, and modify your subscription and billing information.

Preference Management: You have control over communication and marketing preferences, data processing consent settings, privacy and security settings, conversation history retention preferences, and third-party data sharing permissions.

7.3 Deletion and Portability Rights

Right to Deletion: You can request deletion of your entire account and all associated data, specific conversations or spiritual content, personal information no longer needed for services, data processed based on consent you wish to withdraw, and information that was unlawfully processed.

Data Portability: You can request export of your personal information in a portable format, transfer of your data to another service provider, copies of your conversation history and spiritual content, machine-readable versions of your account data, and assistance with data migration to other platforms.

Deletion Limitations: Some information may be retained for legal compliance and regulatory requirements, security and fraud prevention purposes, legitimate business interests and legal claims, technical requirements for system functionality, and anonymized research and service improvement.

7.4 Consent and Objection Rights

Consent Withdrawal: You can withdraw consent for marketing communications and promotional content, optional data processing activities, third-party data sharing for non-essential purposes, research participation and data analysis, and enhanced features that require additional data processing.

Right to Object: You can object to processing of your data for marketing purposes, automated decision-making that affects you, data processing based on legitimate interests, profiling for service personalization, and use of your data for research or analytics.

7.5 Exercising Your Rights

How to Make Requests: You can exercise your privacy rights by using the privacy controls in your account settings, contacting our privacy team at privacy@jesustalk.ai, submitting requests through our online privacy portal, or sending written requests to our mailing address.

Request Processing: We will respond to your requests within 30 days (or as required by law), verify your identity before processing sensitive requests, provide clear information about any limitations or exceptions, assist you with understanding and exercising your rights, and escalate complex requests to our privacy specialists.

No Discrimination: We will not discriminate against you for exercising your privacy rights, charge fees for basic privacy rights requests, deny services based on privacy preferences, retaliate against users who make privacy complaints, or treat you differently for asserting your rights.

8. International Data Transfers and Global Privacy

8.1 Cross-Border Data Transfers

International Processing: Your personal information may be transferred to and processed in countries other than your country of residence, including the United States (where our primary servers are located), countries where our AI service providers operate, locations of our cloud computing infrastructure, jurisdictions where our business partners are based, and countries where we have technical support operations.

Transfer Safeguards: We implement appropriate safeguards for international transfers including Standard Contractual Clauses approved by privacy authorities, adequacy decisions recognizing equivalent privacy protection, Binding Corporate Rules for transfers within our organization, certification programs ensuring adequate privacy protection, and additional security measures for sensitive spiritual content.

8.2 Regional Privacy Law Compliance

European Union (GDPR): For users in the EU, we provide legal basis for all data processing activities, enhanced consent mechanisms for sensitive data, comprehensive data subject rights as outlined above, Data Protection Officer contact information, and the right to lodge complaints with supervisory authorities.

California (CCPA/CPRA): For California residents, we provide detailed categories of personal information collected, business and commercial purposes for data use, categories of third parties receiving personal information, right to opt-out of sale of personal information (we don't sell data), and non-discrimination protections for privacy rights exercise.

Other Jurisdictions: We comply with privacy laws in other regions including Canada's PIPEDA, Brazil's LGPD, Australia's Privacy Act and Australian Privacy Principles, and other applicable national and regional privacy regulations.

8.3 Data Localization and Sovereignty

Where required by law, we store personal information within specific geographic boundaries, implement local data processing capabilities, maintain regional data centers and infrastructure, comply with data localization requirements, and provide local customer support and privacy contacts.

9. Data Retention and Deletion

9.1 Retention Periods and Criteria

Account Information:

• Active accounts: Duration of account existence plus 30 days after closure
• Inactive accounts: Up to 3 years of inactivity before automatic deletion
• Billing information: 7 years for tax and financial compliance purposes
• Customer support records: 5 years for service quality and legal purposes

Spiritual Conversations:

• Active users: Up to 2 years to maintain conversation context and continuity
• Premium subscribers: Extended retention based on subscription terms
• Deleted conversations: 30 days in backup systems before permanent deletion
• Anonymized data: Indefinitely for AI training and service improvement

Technical and Usage Data:

• System logs: 90 days for security and performance monitoring
• Analytics data: 2 years for service improvement and development
• Error reports: 1 year for technical support and bug resolution
• Security incident data: 7 years for compliance and investigation purposes

9.2 Automatic Deletion Processes

Scheduled Deletion: We automatically delete expired session data and temporary files, old backup copies beyond retention periods, inactive account data after specified timeframes, unnecessary technical logs and system data, and marketing data for users who have opted out.

User-Initiated Deletion: When you delete individual conversations, they are removed immediately from active systems and within 30 days from backups. Account closure results in personal data deletion within 30 days, with some records retained for legal compliance.

9.3 Legal and Business Retention Requirements

Some data must be retained for tax and financial reporting obligations (7 years), legal claims and litigation holds (duration of legal proceedings), regulatory compliance requirements (varies by jurisdiction), law enforcement investigations (as legally required), and contract and warranty obligations (duration of contractual terms).

9.4 Secure Deletion Practices

When we delete your data, we use secure deletion methods that prevent data recovery, overwrite storage media multiple times to ensure complete removal, physically destroy storage devices when they reach end of life, maintain certificates of destruction for sensitive data disposal, and audit deletion processes to ensure completeness and compliance.

10. Children's Privacy and Family Protections

10.1 Age Restrictions and Verification

The JesusTalk.ai Application is not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13 without verifiable parental consent.

We implement age verification measures including age confirmation during account registration, parental consent mechanisms for users under 18, regular audits to identify potential underage users, immediate account suspension for verified underage users without consent, and enhanced privacy protections for users between 13-18 years old.

Parental Consent: For users between 13-17 years old, we require verifiable parental consent before account creation, provide parents with information about our data practices, allow parents to review and delete their child's information, enable parental controls over account settings and features, and notify parents of any material changes to our privacy practices.

10.2 Enhanced Protections for Minors

Limited Data Collection: For users under 18, we collect only information necessary for basic service functionality, prohibit collection of sensitive personal information without explicit parental consent, implement additional restrictions on data sharing with third parties, provide enhanced security measures for account protection, and limit marketing communications and promotional content.

Special Spiritual Content Protections: For minor users, we implement age-appropriate content filtering and moderation, provide additional oversight of spiritual conversations and guidance, require parental involvement in sensitive spiritual discussions, offer family-friendly features and parental monitoring options, and maintain enhanced confidentiality protections for spiritual content.

10.3 Family Features and Parental Controls

We offer family account options with centralized parental oversight, shared subscription plans with individual privacy protections, parental dashboard for monitoring usage and content, family-appropriate content and discussion topics, and collaborative spiritual growth tracking and goal setting.

Parental Rights and Controls: Parents can access and review their child's account information, control privacy settings and data sharing preferences, monitor spiritual conversations and guidance received, set usage limits and time restrictions, and delete their child's account and all associated data.

10.4 Child Safety and Protection Measures

We implement special measures to ensure age-appropriate spiritual content and biblical guidance, protection from inappropriate or harmful religious content, monitoring for signs of spiritual distress or concerning conversations, immediate escalation of safety concerns to appropriate authorities, and collaboration with parents and guardians on child safety issues.

11. Privacy Policy Changes and Updates

11.1 Policy Modification Process

Change Notification: We will notify you of material changes to this Privacy Policy through email notification to your registered email address, in-app notifications when you next use the Application, prominent notices on our website and in the Application, push notifications for significant privacy-related changes, and direct communication for changes affecting your specific data.

Advance Notice: We provide at least 30 days' notice before material changes take effect, clear explanations of what changes are being made and why, information about how changes may affect your privacy rights, options to object to or opt-out of new data processing activities, and opportunity to delete your account if you disagree with changes.

11.2 Types of Changes

Material Changes that require notice include new purposes for collecting or using personal information, changes to data sharing practices or third-party relationships, modifications to data retention periods or deletion practices, updates to international data transfer arrangements, and changes to your privacy rights or how to exercise them.

Non-Material Changes may include clarifications of existing practices without substantive changes, updates to contact information or administrative details, technical corrections or formatting improvements, additional examples or explanations of existing practices, and updates to reflect changes in applicable laws.

11.3 Consent and Continued Use

By continuing to use the Application after changes take effect, you consent to the updated Privacy Policy, except where additional explicit consent is required by law, changes involve new sensitive data processing activities, modifications affect fundamental privacy rights, or updates involve significant changes to data sharing practices.

You always have the right to withdraw consent for new data processing activities, object to material changes in how we handle your information, delete your account if you disagree with policy updates, exercise enhanced privacy rights under applicable laws, and contact us with questions or concerns about policy changes.

11.4 Version Control and History

We maintain clear version numbers and effective dates for all policy updates, archive of previous policy versions for reference, change logs documenting specific modifications made, effective date tracking for different policy provisions, and historical record of user notifications and consent processes.

12. Contact Information and Privacy Support

12.1 Privacy Team Contact Information

Primary Privacy Contact:
Legacy Guidance LLC
Privacy Team
Email: privacy@jesustalk.ai

Data Protection Officer (for EU users):
Email: dpo@jesustalk.ai

Customer Support for Privacy Questions:
Email: support@jesustalk.ai
Hours: Monday-Friday, 9 AM - 6 PM EST

12.2 Privacy Request Processing

How to Submit Privacy Requests:

• Email: privacy@jesustalk.ai
• In-App: Through Application settings and support features

Request Processing Timeline:

• Acknowledgment: Within 48 hours of receipt
• Simple requests: Completed within 15 days
• Complex requests: Up to 30 days (with extension notification if needed)
• Urgent requests: Expedited processing for safety or security concerns
• Appeal process: Available for denied or partially fulfilled requests

12.3 Regulatory Contacts and Complaints

For EU Users - Supervisory Authority: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights under GDPR.

For California Users - Attorney General: California residents may file complaints with the California Attorney General's office regarding privacy violations under CCPA/CPRA.

For Other Jurisdictions: Contact information for relevant privacy authorities in your jurisdiction is available upon request.

12.4 Emergency Privacy Contacts

Security Incidents: security@jesustalk.ai — Available 24/7 for critical security issues

Child Safety Concerns: safety@jesustalk.ai — For immediate safety concerns, contact local authorities

Legal and Compliance: legal@jesustalk.ai

13. Effective Date and Legal Framework

13.1 Policy Effective Date

This Privacy Policy is effective as of January 15, 2025, and applies to all personal information collected, used, and processed by Legacy Guidance LLC from that date forward.

This policy supersedes all previous privacy policies and statements related to the JesusTalk.ai Application and services.

13.2 Legal Authority and Compliance

Governing Law: This Privacy Policy is governed by Delaware state privacy laws, federal privacy laws of the United States, international privacy laws applicable to our global operations, industry-specific regulations and standards, and contractual obligations with service providers and partners.

Regulatory Compliance: We comply with the General Data Protection Regulation (GDPR) for EU users, California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), Children's Online Privacy Protection Act (COPPA), Health Insurance Portability and Accountability Act (HIPAA) where applicable, and other applicable privacy laws and regulations worldwide.

13.3 Interpretation and Enforcement

This Privacy Policy should be interpreted in conjunction with our Terms of Service and other applicable agreements, in accordance with applicable privacy laws and regulations, with consideration for industry best practices and standards, in favor of privacy protection when ambiguities exist, and consistently with our commitment to user privacy and data protection.

13.4 Severability and Survival

If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable, the remaining provisions will continue in full force and effect.

Privacy obligations and user rights under this policy will survive termination of your account or use of our services, changes to our business structure or ownership, discontinuation of specific features or services, updates or replacements to this Privacy Policy, and legal proceedings or regulatory actions.