Privacy Policy
Last updated: July 10, 2026
Glow ("we", "our", or "us") respects your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use the Glow Bible App.
Controller
The controller responsible for processing personal data in connection with Glow is:
Onur Cirag
Am alten Bahnhof 2B
56203 Höhr-Grenzhausen
Rhineland-Palatinate, Germany
Email: legal@noto-labs.com
Information We Collect
Account Information
If you create an account (Sign in with Apple, Google, email/password, or magic link), we collect:
- Email address (or Apple/Google identifier)
- User ID for authentication and synchronization
- For Google sign-in, basic profile scopes such as email, profile, and OpenID identifier
- Username, including public usernames where you choose to use public features
- Faith tradition, denomination, and similar profile preferences you provide
Content You Create
When you use the app, we store:
- Bible highlights (book, chapter, verse, color)
- Notes on Bible verses, including text, visibility setting, tags, and note images you attach; note images are stored in a private Supabase Storage bucket
- Reading plans, reading progress, last reading position, and daily devotional completions
- Reminder preferences and times, reader settings, app preferences, and app review prompt status
- Feedback, votes, and similar product feedback you submit
- Public or semi-public data you choose to create, such as public usernames, public notes, or feedback board activity
- Chat threads and messages with the AI assistant ("Biblica")
AI & Search Data
When you use AI chat or semantic search, we may process and store the text you enter, optional images you provide to the AI chat, generated responses, embeddings used for search, and related usage logs such as timestamps, model information, token counts, and service limit data. Semantic search service logs may include the search query text.
Usage & Analytics Data
We collect usage analytics to understand how the app is used and to improve the experience. This includes feature interactions, session duration, device type, OS version, app version, platform, authentication provider, and whether your account has an email address. In release builds, analytics collected via PostHog EU may be associated with your internal Supabase user ID and may include session replay. We do not send the content of your notes, highlights, Bible verses, prompts, search queries, or AI conversations to PostHog as event properties.
We also collect diagnostics and error information generated by the app or backend services to fix bugs, improve performance, and maintain security. We do not currently list a separate third-party crash reporting provider in this policy.
Notifications, Maps & Media
Notification permissions and local notification delivery are handled on your device by the operating system. Reminder preferences and times may sync through Supabase. The Bible map uses external map technology and tile providers such as MapTiler, OpenStreetMap data, MapLibre, and, when you choose to open directions, Apple Maps or platform map URLs. We have not identified active location collection by Glow for the map feature, but external map and tile services may receive technical access data such as IP address and request metadata. Audio Bible delivery may use Cloudflare R2 signed URLs for supported audio content.
Purchase & Subscription Data
If you purchase Glow Pro or another paid feature, purchases, restores, subscription status, and entitlement information are processed through RevenueCat and Apple App Store billing. We do not receive your full payment card details.
We do not sell your personal data.
Purposes & Legal Bases
We process personal data only where we have a legal basis under the GDPR. In particular, we use your information for the following purposes:
- Providing the app, accounts, sync, notes, highlights, reading features, and AI-assisted features - Article 6(1)(b) GDPR
- Managing purchases, restores, subscription status, and Pro entitlements - Article 6(1)(b) GDPR
- Maintaining security, preventing abuse, fixing bugs, and keeping service logs - Article 6(1)(f) GDPR
- Understanding feature usage and improving the app through analytics - Article 6(1)(f) GDPR, unless consent is required by applicable law
- Complying with legal, tax, accounting, and app store obligations - Article 6(1)(c) GDPR
AI Chat & Semantic Search
Glow includes AI-assisted features. When you use AI chat, semantic search, or related features, your prompts, search queries, selected context, optional image input, generated responses, and technical usage data may be processed through our Supabase backend and Supabase Edge Functions before being sent to OpenAI to generate responses or embeddings.
AI chat threads and messages are stored in Supabase so you can continue conversations. AI chat requests may include your current prompt, optional image input, and recent chat history for context. Semantic search sends your search query to OpenAI to generate embeddings, and backend service logs may include the search query text.
Do not include sensitive personal information in AI prompts unless you want it processed for the requested AI feature. We do not describe Glow as training its own model on your content, and we do not send notes, prompts, verses, or AI conversations to PostHog as analytics event properties.
Analytics
We use PostHog EU to understand how release versions of the app are used and to improve product quality. Analytics may include feature interactions, session information, device type, operating system, app version, platform, authentication provider, whether an account has an email address, and session replay.
In release builds, PostHog analytics may be associated with your internal Supabase user ID. We do not send the content of your notes, highlights, Bible verses, prompts, search queries, or AI conversations as PostHog event properties.
Purchases & Subscriptions
Purchases and subscriptions for the iPhone app are handled by Apple App Store billing. Glow uses RevenueCat to manage purchase state, subscription status, restores, and Pro entitlements.
We receive subscription and entitlement information needed to provide paid features. We do not receive your full payment card details.
RevenueCat receives the app user ID used to connect purchases and entitlements to your Glow account. RevenueCat webhook payloads related to purchases and subscriptions may be stored in Supabase for entitlement management and auditing.
Processors & Third-Party Services
We use the following processors and third-party services to provide Glow:
| Service | Purpose |
|---|---|
| Supabase | Authentication, database, storage, backend services, and Edge Functions |
| OpenAI | AI-assisted responses, image input processing where used, semantic search, and embeddings |
| PostHog EU | Usage analytics and session replay in release builds, associated with an internal user ID |
| RevenueCat | Purchase, restore, subscription status, entitlement management, and purchase webhook data |
| Apple | Sign in with Apple and Apple App Store billing |
| Google sign-in, where used, with basic email, profile, and OpenID scopes | |
| Cloudflare R2 | Signed URL delivery for supported media and Bible audio content, where used |
| MapTiler / OpenStreetMap / MapLibre | Map tile and map display technology for Bible map features, where used |
| Apple Maps / platform map URLs | Opening map or directions links when you choose to use them |
Where these providers process personal data on our behalf, we use appropriate data processing agreements or equivalent safeguards where required. Some providers may process data outside the European Economic Area. In those cases, we rely on appropriate safeguards such as Standard Contractual Clauses where applicable.
Retention & Deletion
We keep account and app data for as long as needed to provide Glow, maintain your account, comply with legal obligations, resolve disputes, and enforce our agreements.
You can delete your account directly in the app under Profile → Settings → Delete Account. Upon deletion, your personal data will be permanently removed, including account profile data, highlights, notes, tags, note images, AI chat data, reading plans, feedback, daily devotional completions, AI/search logs, and settings.
Some records may remain for a limited period where required for security, backups, billing, fraud prevention, tax, accounting, or legal compliance. Purchase records may also remain with Apple or RevenueCat according to their own retention rules. You can also request deletion by contacting legal@noto-labs.com.
Your Rights
If the GDPR applies to you, you may have the right to request access, correction, deletion, restriction, portability, or objection to certain processing. Where processing is based on consent, you may withdraw consent at any time with effect for the future.
You also have the right to lodge a complaint with a data protection supervisory authority. To exercise your rights, contact legal@noto-labs.com.
Children's Privacy
Glow is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13.
Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised "Last updated" date.
Contact
If you have any questions about this Privacy Policy or our data processing, contact us at: legal@noto-labs.com