Privacy Policy

Last updated: April 6, 2026

1. Introduction

OpenLumin (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Bible learning platform at openlumin.com (the “Service”).

2. Information We Collect

We collect the following types of information:

  • Account Information: When you create an account, we collect your name, email address, and password (stored securely as a hash).
  • Learning Data: Courses you create, lessons completed, flashcard review history, daily verse interactions, and learning preferences (mode, level, translation).
  • Organization Data: If you join or create an organization through the Church Plan, we collect the organization name, denomination, member list (names and emails of invited members), shared course selections, and announcements posted by administrators.
  • Payment Data: If you subscribe to a paid plan, payment is processed by Polar.sh. We receive your email and subscription status but do not store credit card numbers or payment details.
  • Referral Data:If you sign up via a referral link, we store the referral source (e.g. “church” or “twitter”) to understand how users find us. This is not linked to any third-party tracking system.
  • Usage Data: Pages visited, features used, and general interaction patterns to improve the Service.

3. How We Use Your Information

  • To provide and personalize the Service, including generating courses tailored to your level and preferences.
  • To track your learning progress and power spaced repetition scheduling.
  • To cache and serve courses efficiently: When you generate a course, it may be cached and served to other users who ask a similar question at the same learner level. Cached courses contain no personal information — only the topic, scholarly content, and lesson structure. Your name, email, and learning progress are never shared through caching.
  • To facilitate organization features (Church Plan), including sharing courses and announcements within your organization.
  • To process payments and manage subscriptions through our payment provider (Polar.sh).
  • To send transactional emails (account verification, password reset, organization invites, and important Service updates) through our email provider (Resend).
  • To improve the Service based on usage patterns.

4. Data Storage and Security

Your data is stored securely using Turso (libSQL) with encrypted connections. Passwords are hashed using bcrypt and are never stored in plain text. Session tokens are stored in HTTP-only cookies. We implement industry-standard security measures to protect your data, but no method of transmission over the Internet is 100% secure.

5. Third-Party Services

We use the following third-party services:

  • Bible MCP API: To retrieve Bible text, commentaries, cross-references, and scholarly data. No personally identifiable information is sent to this service.
  • AI Model Providers (OpenRouter/Google/Anthropic): To generate course structures and lesson content. Your personal data is not included in AI prompts — only the topic, passage, learning mode, and learner level you selected. Your denomination and statement of faith may be included to personalize content but are not stored by the AI provider.
  • Polar.sh: To process subscription payments for the Church Plan and supporter tiers. Polar receives your email address for payment processing. We do not store credit card information.
  • Resend: To send transactional emails (verification, password reset, organization invites). Only your name and email are shared with this service.
  • Voyage AI: To generate text embeddings for semantic search of scholarly sources. No personal data is sent — only Bible topics and terms.
  • Amazon Web Services (S3): To store course cover images. Images contain no personal data.

6. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We will disclose information if required by law or to protect our rights.

Course Caching: Generated courses may be cached and served to other users who request the same topic at the same learner level. Cached content includes only the course topic, lesson text, and scholarly citations — never your name, email, study progress, or any personal data.

Organization Sharing: If you are a member of an organization (Church Plan), courses shared by your administrator will be visible to all members of that organization. Your individual progress on shared courses is visible only to you. Announcements posted by administrators are visible to all organization members.

7. Your Rights

You have the right to:

  • Access, update, or delete your account information at any time through Settings.
  • Export your learning data.
  • Request deletion of your account and all associated data by contacting us.

8. Cookies

We use a single essential session cookie to keep you signed in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at kalib@openlumin.com.