VerseUp logo VerseUp
Privacy

Privacy Policy

Plain English first, legal precision underneath. Effective May 13, 2026.

The short version

VerseUp stores the data needed to give you your own memorization progress — your account, the verses you've mastered, your streak, and your friends list. We don't sell that data, we don't run ad networks, and we don't track you across other apps or websites. The full detail is below.

1. Who we are

VerseUp is operated by Benlottejnr Apps, a sole-proprietor software studio. For privacy questions or to exercise your rights, write to verseup-privacy@benlottejnr.org.

Mailing address: Benlottejnr Apps · East Legon, Accra · Ghana. Servers and data storage are in the United States (see Section 5).

2. What we collect

2.1 Account data

  • Email address — used to sign in, recover your account, and send service emails (password resets, account-deletion confirmations).
  • Display name — what other users see on the leaderboard and in your profile.
  • Username — a unique handle you pick (or that we generate).
  • Authentication identifiers from Google or Apple if you sign in with either. We receive the standard OAuth fields (name, email, a Google/Apple-issued user ID); we never receive your Google or Apple password.
  • Hashed password if you create an account with email/password. We never store plaintext passwords.

2.2 Learning data

  • The collections you create or enrol in.
  • The verses you've learned, the tier of each one (Iron through Ruby), retention scores, and review schedules.
  • Exercise attempts, XP earned, current streak.
  • Your preferences: notification style, primary collection, leaderboard visibility, voice-over preferences.
  • If you create your own collection: the name, code, and any verses or lessons you add.
  • Friend connections, friend requests sent and received.

2.3 Voice data (only when you use voice features)

  • Short audio clips of you reciting a verse, captured while a speaking exercise or the Freestyle feature is active.
  • Audio is sent to our speech-to-text provider (Groq, Section 4), transcribed, used to grade your recitation, and then deleted. We do not retain raw audio.
  • The resulting text is used only for grading and is not stored beyond the duration of the exercise.

2.4 Device data

  • Push notification token — issued by Apple or Google so we can send reminders.
  • Device type, OS version, app version, locale, time zone — used to send notifications at your local time and to render the UI correctly.
  • IP address — seen by our backend server for routine traffic logging and abuse prevention. IPs are not linked to your account in any persistent log we keep.

2.5 What we don't collect

  • We do not run analytics SDKs. We do not use Firebase Analytics, Google Analytics, Mixpanel, or any similar event-tracking service.
  • We do not collect location, contacts, photos, camera, calendar, or health data.
  • We do not use any advertising SDK and we do not show ads.
  • We do not collect crash-report data via Sentry, Bugsnag, Firebase Crashlytics, or similar tools.

3. How we use it

We use the data above for, and only for:

  • Running your account and showing you your own progress.
  • Grading exercises and updating your tier / streak / XP.
  • Sending the notifications you've opted into.
  • Showing public leaderboards (only if your visibility toggle is on — it's on by default and you can flip it off any time in Profile).
  • Powering the friends feature you've chosen to use.
  • Routine operations: account recovery, fraud prevention, debugging errors that affect a specific account.

We do not sell, rent, or trade your personal data to anyone. We do not share data with advertisers. We do not build profiles for ad targeting.

4. Third parties that process user data

The following services process some portion of your data on our behalf. Each is listed by name, what we send, and a link to their own privacy policy.

  • Google LLC — Google Sign-In (auth, optional), Firebase Cloud Messaging (push tokens), Google Gemini API (the short text reference you speak in Freestyle, e.g. "John 3:16", parsed and discarded).
    Policy: policies.google.com/privacy.
  • Apple Inc. — Sign in with Apple (auth, optional), Apple Push Notification service (push delivery on iOS).
    Policy: apple.com/legal/privacy.
  • Amazon Web Services, Inc. — primary data store. Your account row, learning progress, and verse mastery records live in an AWS-hosted Postgres database in the United States.
    Policy: aws.amazon.com/privacy.
  • Resend, Inc. — sends transactional email (account verification, password reset, deletion confirmations). Receives your email address and the email body.
    Policy: resend.com/legal/privacy-policy.
  • Groq, Inc. — speech-to-text. Receives short audio clips when you use a speaking exercise or Freestyle; clips are transcribed, the transcript is returned to us, and the audio is discarded by Groq per their data-retention policy.
    Policy: groq.com/privacy-policy.

We only list services that actually process your personal data. Other infrastructure we use — for static website hosting, DNS routing, container images, or fonts — never sees account info, learning data, or voice data, so it's not listed above.

5. Where your data lives

All servers, databases, container images, and operational tooling are hosted in the United States. If you use VerseUp from outside the United States, your data is transferred to and stored in the United States. We rely on standard contractual clauses where required by your local law (UK GDPR, EU GDPR) and the data-protection commitments of our US-based vendors.

6. How long we keep it

  • Account data: as long as your account is active.
  • Learning progress: as long as your account is active.
  • Audio clips for voice features: discarded after the transcription cycle (seconds, not stored).
  • Server logs: rolling 30 days; used for debugging and abuse prevention.
  • Deletion requests: actioned within 30 days. See Delete account.

7. Your rights

You can ask us to:

  • Access a copy of the data tied to your account.
  • Correct anything that's wrong.
  • Delete your account and the data attached to it.
  • Restrict or object to some uses of your data.
  • Withdraw consent for notifications or leaderboard visibility (one toggle each in the app).
  • Receive your data in a portable format on request.

To exercise any of these rights, email verseup-privacy@benlottejnr.org from the address tied to your account, or use the form on the delete-account page. We aim to respond within 7 days and complete the action within 30 days.

8. Children

VerseUp is for users 13 years and older. We do not knowingly collect personal information from children under 13 and we do not market VerseUp to under-13 audiences. If you believe a child under 13 has created an account, email verseup-privacy@benlottejnr.org and we will delete the account and any data we hold for it.

9. Security

We follow standard industry practice:

  • All traffic between the app and our servers is encrypted with TLS 1.2 or higher.
  • Passwords are stored as bcrypt hashes (never plain text).
  • Authentication tokens (Laravel Sanctum) are scoped per-device and revocable.
  • Our backend runs in a hardened Linux container with restricted network access; only the API entry-points are publicly reachable.
  • Production database backups are encrypted at rest.

No system is 100% secure. If we ever discover a breach that affects your data, we'll notify you within 72 hours where required by law.

10. Cookies and tracking on this website

This website (verseup.benlottejnr.org) is a static marketing site. It does not set tracking cookies, run analytics scripts, or include any advertising pixels. The only third-party request the site makes is to Google Fonts for the typefaces.

11. Changes to this policy

If we change this policy in a way that affects what we collect or how we use it, we will:

  • Update the "Effective" date at the top.
  • Post a short summary in the app's What's New screen.
  • For material changes, send an email to the address on your account.

12. Contact

Privacy questions: verseup-privacy@benlottejnr.org
General support: verseup-support@benlottejnr.org
Postal: Benlottejnr Apps · East Legon, Accra · Ghana

Effective: May 13, 2026 · Last updated: May 13, 2026