Privacy Policy

Last updated: 19 April 2026

This page explains what data be.lievi.ng collects, how it's used, and the choices you have. be.lievi.ng is an outreach & missions project of Mercy Court.

1. What we collect

Account data: email, hashed password (via bcrypt — we never see your plaintext password), optional display name, optional public handle, optional profile picture.
Content you create: notes (titles, body, verse references), verse likes (hearts), and the connection edges you form with other users.
Reading state: the last chapter you opened in the reader, so you can resume where you left off.
Session cookies: a signed cookie that identifies you while you're logged in. HttpOnly and SameSite=Lax. We do not use third-party tracking cookies.
Server logs: basic access logs (IP, URL, timestamp, user-agent, response code) retained for a short rolling window for operational debugging and abuse response.

2. What we don't collect

No advertising identifiers.
No cross-site tracking pixels.
No sale of personal data — ever.
No analytics beyond what server logs naturally capture.

3. Third parties that process your data

To provide AI features, some of your input is sent to external services. Today that includes:

Google Gemini 2.5 Flash — for daily-verse curation, note-import title generation, AI rewrite, and Scribe (when configured as the Scribe provider). The relevant note body, chapter context, and chat history are sent over HTTPS. Google's terms apply to their processing.
Ollama cloud inference (kimi-k2.5:cloud) — used as a fallback when Gemini is unavailable, or as an explicit alternative chosen at /admin/ai-settings. Similar scope of data crosses to Ollama's infrastructure.

Do not submit confidential or sensitive personal data to AI features. Anything you send to Scribe or the rewriter leaves our servers.

4. Who sees your content

Your notes are hidden by default. Only you can read them.
When you toggle a note to visible, anyone with the note's share URL can read it. When you give someone your connection code, they can read your visible notes and liked verses from your profile, even if your profile is marked private.
Inherited notes are copies — once another user has "inherited" one of your published notes, that copy lives in their library and persists even if you later hide the original.

5. Your rights

Delete your account: request deletion via the Mercy Court team. A permanent delete removes your account row, your notes, your likes, and your connections; notes others have already inherited survive as their own copies. Your email and handle become available for re-registration.
Export your notes: each note page has a Download button (Markdown / Word / PDF).
Remove your avatar image: settings → Profile image → Remove image.

6. Security

Passwords are hashed with bcrypt. Session cookies are HttpOnly + SameSite=Lax + Secure in production. CSRF protection is enforced on every state-changing endpoint. Database backups, where retained, are encrypted at rest. No system is perfectly secure; please use a strong, unique password.

7. Children

The Service is intended for general audiences interested in Bible study. We do not knowingly collect data from children under 13. If you believe a child has registered without consent, please contact us and we'll remove the account.

8. Changes to this policy

When this policy changes, the "Last updated" date above is updated. For material changes, logged-in users are notified at their next visit.

9. Contact

Privacy questions? Reach out to the Mercy Court team.