Privacy Policy

1. Information We Collect

We collect the following categories of information:

Account Information

We collect: name, email, phone number, and school/organization affiliation. This information is provided by you during account registration and profile management.

Usage Data

We automatically collect information about your use of the Service, including book evaluation requests, evaluation history, feature usage, and general interaction patterns. This data helps us improve the Service and understand how it is used.

Technical Data

We may collect standard technical information such as browser type, device type, IP address, and access timestamps for security, analytics, and service operation purposes.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing and maintaining the Service
• Processing your account registration and managing your subscription
• Generating and delivering book evaluation reports
• Communicating with you about your account, updates, and support requests
• Improving the Service based on usage patterns and feedback
• Ensuring the security and integrity of the Service
• Complying with legal obligations

3. AI Processing

We use AI language models hosted in the US and EU to analyze publicly available book information. No personal user data is sent to AI systems.

When you request a book evaluation, the Service sends the book title, author, and relevant search results to AI language model providers for analysis. The data sent to AI models consists solely of book metadata and publicly available review content. Your personal information (name, email, account details) is never included in AI processing requests.

API keys for AI services are stored encrypted in our database and are managed exclusively by authorized administrators.

4. Data Sharing

We do not sell your personal information. We may share your data only in the following limited circumstances:

• Payment Processing: Payment processing is handled exclusively by Stripe. We never store credit card information. Stripe processes your payment data in accordance with their own privacy policy and PCI-DSS compliance standards.
• AI Service Providers: Book metadata (title, author) and publicly available review data are shared with AI language model providers solely for the purpose of generating evaluations. No personal user data is shared.
• Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy protections.

5. Data Storage & Security

Your data is stored on secure servers hosted in the United States. We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (TLS/SSL)
• Encrypted storage of sensitive credentials and API keys
• Password hashing using bcrypt with strong salt rounds
• Role-based access controls for administrative functions
• Regular security reviews and updates

While we take reasonable steps to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

General Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate personal information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Data Portability: Request your data in a structured, commonly used format
• Opt-Out: Opt out of marketing communications at any time

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your data, and the right to opt out of the sale of your personal information. We do not sell personal information.

European Residents (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to restrict processing, the right to object to processing, and the right to lodge a complaint with a supervisory authority. Our legal basis for processing your data is your consent (provided at registration) and the performance of our contract with you.

7. Children's Privacy

Christian Story Steward is designed for use by adult educators, librarians, and parents. The Service is not directed at children under the age of 13, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child under 13, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us immediately.

8. Cookies & Tracking

We use essential cookies required for authentication and session management. We do not use third-party advertising or tracking cookies. We may use privacy-respecting analytics tools to understand general usage patterns and improve the Service.

9. Data Retention

We retain your account information and evaluation history for as long as your account is active. If you delete your account, we will remove your personal information within 30 days, except where retention is required by law or necessary for legitimate business purposes (such as resolving disputes or enforcing our Terms of Service). Cached evaluation data may be retained in anonymized form to improve service quality.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on the Service. Your continued use of the Service after changes are posted constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

For GDPR-related inquiries, you may also contact our Data Protection contact at the email above.