Privacy Policy

1. Overview

This Privacy Policy explains what information Feason (“we,” “us”) collects, how we use it, and the choices you have. It applies to your use of feason.com and related features (the “Service”). By using the Service, you agree to the practices described here. This policy should be read together with our Terms of Service.

The Service is offered to residents of the United States. We operate the Service from the United States and direct it to U.S. users. We do not target users in the European Economic Area, the United Kingdom, or other regions, and our practices are designed around U.S. federal and state law (including the California Consumer Privacy Act / California Privacy Rights Act).

2. Information We Collect

Information you provide to us:

• Account information: name, email, password hash (for email sign-in), and profile details (display name, username, bio, profile photo).
• Content you post: gleams, articles, replies, comments, journal entries, acts of faith, scripture notes and tags, fellowship comments on verses, and curated images.
• AI conversation data: the messages you send to the Intelligence, Razon, and Lexicon chat features, and the responses generated for you, along with the thread they belong to. For Razon answers we additionally store the scripture passages and cross-references used as the basis of the answer, plus the verifier's per-claim verdict, so we can re-render those when you revisit the conversation without re-running the model.
• Communications: anything you send us through the contact form, DMCA notices, or support requests.
• Reports: if you flag another user's content, we record the post you reported, the reason you provided (if any), the time of the report, and your account id. Reports are used for moderation and abuse prevention.

Information we collect automatically:

• Usage data: reading progress, streaks, interactions with writings, and scripture engagement tied to your account.
• Technical data: IP address, browser type, device type, and timestamps, used for abuse prevention, rate limiting, and security logging.
• Link-preview fetches: when you post content that contains a URL, our server fetches publicly available metadata from that URL once (title, description, and the domain it resolves to) and stores a short cached summary with your post. The outbound fetch is logged with your account id, IP, the target host, and timestamp for abuse prevention. We do not re-host or proxy images from the destination site.
• Cookies: a session cookie to keep you signed in and a small number of functional cookies (e.g., to remember your cookie-consent choice). We do not use advertising or cross-site tracking cookies.

Information from third parties: if you sign in with Google, we receive your name, email, and profile picture as permitted by your Google account settings.

3. How We Use Your Information

We use your information to:

• Provide, maintain, secure, and improve the Service;
• Create and authenticate your account;
• Display your profile, activity, and public content to other users;
• Deliver notifications about interactions with your content or streaks;
• Generate AI responses in the Intelligence, Razon, and Lexicon chats;
• Detect, investigate, and prevent abuse, fraud, and security incidents;
• Comply with legal obligations and enforce our Terms.

We do not sell your personal information, and we do not use your content to train third-party AI models.

4. Users Outside the United States

The Service is intended for U.S. residents and is not directed at users in the European Economic Area, the United Kingdom, or other jurisdictions. If you choose to access the Service from outside the United States, you do so on your own initiative and are responsible for compliance with your local laws. To the extent any non-U.S. data-protection law nonetheless applies, we rely on the following legal bases where relevant: (a) performance of a contract, to provide the Service you request; (b) our legitimate interests, for securing the Service, preventing abuse, and improving features; (c) your consent, for any processing that requires it (which you may withdraw at any time); and (d) compliance with legal obligations.

5. AI Features & Sub-Processors

Our Intelligence, Razon, and Lexicon chats send your prompts, conversation history, and limited contextual information (such as which in-app page you are viewing) to Anthropic's API for inference. Under Anthropic's commercial terms, API inputs and outputs are not used to train their models and are retained only for a limited period (up to 30 days) for trust-and-safety purposes, unless longer retention is required by law.

Razon additionally sends each question to Voyage AI for embedding (a numerical representation used to find related scripture passages in our database). Voyage receives the question text only; it does not receive your account identifier. Voyage's standard terms apply.

We store the resulting conversation transcripts in our database so you can revisit and manage them. For Razon we additionally store the scripture passages and cross-references used to ground each answer and the verifier's per-claim verdict. You can rename and delete any AI conversation from the chats list, and you can export or delete all of your data from your account settings; deletion removes it from our database.

Razon answers are AI-generated. The verifier is a separate model that checks each theological claim against the scripture passages used; it reduces but does not eliminate the possibility of error. Razon is a study tool, not a substitute for pastoral guidance, theological education, or the teaching authority of your church.

Please do not send sensitive personal information, confessions, medical or legal details, passwords, or payment data through the AI Features. If your question to Razon indicates a possible personal crisis (suicidal ideation, abuse, self-harm), the Razon interface will surface crisis-line resources alongside any answer. These detections are non-blocking and best-effort; please reach out to a trusted person or one of the listed resources directly.

Other sub-processors we rely on:

• Supabase — database and file storage.
• Vercel — application hosting.
• Google — optional authentication provider.
• Anthropic — AI model inference (Intelligence, Razon, Lexicon).
• Voyage AI — query embeddings used by Razon to retrieve related scripture passages.
• Upstash — Redis-backed rate limiting, used when configured to enforce abuse thresholds across multiple server instances. Stores only counter values keyed by opaque identifiers (user id and endpoint name); no user content.
• bolls.life and dictionaryapi.dev — Scripture text and word definitions. These are accessed for content and do not receive your account identifiers.

Reference data attribution. Razon's scripture corpus is the World English Bible (public domain). Cross-references are sourced from openbible.info under the Creative Commons Attribution 4.0 License.

6. Sharing of Information

We share information only as needed to run the Service:

• With the sub-processors listed above, under contractual confidentiality;
• With other users, for your public profile and the content you choose to post publicly (gleams, threads, replies, fellowship comments, and public profile fields);
• With authorities or other parties if required by law, to enforce our Terms, or to protect the rights, property, or safety of Feason, our users, or the public;
• In connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

Journal entries, scripture notes, saved lexicon words, and private AI conversations are visible only to you.

7. Data Retention

We retain your information for as long as your account is active, and for a limited period afterwards as needed to comply with legal obligations, resolve disputes, and enforce our agreements. When you delete content, we remove it from the active Service promptly; residual copies may remain in encrypted backups for up to 30 days before being purged on a rolling basis.

When you delete your account, we delete your personal data within 30 days, except for the limited information we are required or permitted by law to keep.

8. Security

We use industry-standard technical and organizational measures to protect your information, including encryption in transit (TLS), encryption at rest for sensitive fields (such as journal entries), scoped database access, rate limiting on abuse-prone endpoints, and audit logging. No system is perfectly secure; if we become aware of a data breach that materially affects you, we will notify you as required by applicable law.

9. International Transfers

The Service is operated from the United States and is intended for U.S. residents. Our sub-processors may process your data in the United States and, in limited cases, in other countries. Where required by applicable non-U.S. law, we rely on appropriate transfer mechanisms (such as the EU Standard Contractual Clauses) to protect your information when it is transferred outside your home jurisdiction.

10. Your Rights & Choices

All users of the Service may:

• Access a copy of the personal data we hold about you;
• Correct inaccurate personal data;
• Delete your personal data (through your profile, or by contacting us);
• Export your content in a portable format (by request);
• Withdraw consent where processing is based on consent.

California residents (CCPA / CPRA). You have the right to know, delete, correct, and limit the use and disclosure of sensitive personal information, and to opt out of any sale or sharing of personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA. The Service collects information that may reveal religious or philosophical beliefs (including any tradition or denomination you choose to provide and the content you post), which is treated as “sensitive personal information” under the CPRA. We use this information solely to provide the Service you requested and do not use or disclose it for any purpose that would require an additional opt-out under §7027 of the CPRA regulations.

Other U.S. state privacy laws. Residents of states with comparable privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, and similar jurisdictions) may have analogous rights to access, correct, delete, and obtain a copy of their data, and to appeal a denial of a request.

You can exercise most rights directly in your profile. For other requests, contact us through the Contact page. We may need to verify your identity before acting on a request. We will not discriminate against you for exercising your rights.

11. Children's Privacy

The Service is not intended for children under 13, and we do not knowingly collect personal information from them. If we learn that we have collected information from a child under 13, we will delete it. Parents and guardians who believe their child has provided us with information should contact us.

12. Cookies & Similar Technologies

We use a small number of first-party cookies that are strictly necessary to sign you in, remember your preferences (for example, your cookie-consent choice and sidebar width), and protect against abuse. We do not use advertising cookies, cross-site trackers, or session-replay tools. You can clear cookies in your browser at any time; doing so will sign you out.

13. Affiliate Links

Feason participates in the Amazon Services LLC Associates Program. When you click affiliate links and make a purchase, Amazon may collect information under its own privacy policy. We receive aggregate commission reports only; we do not receive personal details about your purchases.

14. Changes to This Policy

We may update this Policy from time to time. We will post the updated version and, if changes are material, notify you within the Service before they take effect. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

15. Contact

For privacy questions or to exercise your rights, reach us via the Contact page and mark your message “Privacy Request.”