Effective Date: July 1, 2026 · Last Updated: July 1, 2026
1. Who We Are
RhemaVerse is a cinematic Bible app developed and operated by Metamorphos Studio ("we," "us," or "our"). We build immersive, theologically grounded scripture experiences for iOS and Android.
This Privacy Policy explains what information we collect when you use the RhemaVerse mobile application and related services (collectively, the "Service"), how we use it, and the choices you have.
By using RhemaVerse, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Information You Provide
Account information — When you register, we collect your name and email address. If you sign in with Apple or Google, we receive only what those services share (typically name and email).
Prayer journal content — Prayer entries, reflections, testimonies, and milestones you write within the app. This content is private to your account and is never shared publicly without your explicit action.
Profile preferences — Your selected Bible translation (ASV/KJV), narration voice, theme, notification settings, and reading preferences.
2.2 Information Collected Automatically
Usage data — Screens viewed, episodes played, verses read, bookmarks created, reading streaks, and feature interactions.
Device information — Device type, operating system version, unique device identifiers (for push notifications), and app version.
Crash and error data — Technical error reports collected via Sentry to help us diagnose and fix bugs. These include stack traces and device context but not personal content.
Subscription status — Whether your subscription is active, your plan tier, and purchase timestamps. Payment card details are never stored by us.
2.3 Information We Do Not Collect
We do not collect your precise GPS location.
We do not access your contacts, camera, or microphone.
We do not sell your personal information to third parties.
We do not use your prayer journal content to train AI models.
3. How We Use Your Information
We use the information we collect to:
Provide the Service — Authenticate your account, sync your reading progress and bookmarks, and deliver episodes, narration, and devotionals.
Power AI features — Your scripture questions are sent to the Anthropic Claude API to generate contextual answers. Your question text is processed to produce a response and is not stored by us long-term beyond what session caching requires.
Personalize your experience — Recommend relevant episodes, generate your daily devotional, and surface verses aligned with your reading history.
Send notifications — Deliver daily devotional reminders, streak updates, and app announcements (only if you've granted notification permission).
Process subscriptions — Verify your subscription tier to unlock Cinematic content and manage billing through RevenueCat.
Improve the Service — Analyze aggregated, anonymized usage patterns to understand which features are most valuable and fix technical issues.
Comply with the law — Respond to lawful requests, enforce our Terms of Service, and protect the rights of our users.
4. Third-Party Services
RhemaVerse integrates with the following third-party services. Each has its own privacy policy governing their data practices.
Anthropic (Claude)
Powers the Scripture Companion Q&A and daily devotional. Your scripture questions are sent to Anthropic's API. Anthropic's Privacy Policy applies to their processing.
ElevenLabs
Generates narration audio for cinematic episodes. No personal user data is sent to ElevenLabs — only our pre-written script text.
RevenueCat
Manages in-app subscription purchases and entitlements. RevenueCat receives your device ID and purchase receipts to verify subscription status. See RevenueCat Privacy Policy.
Stripe
Processes payment transactions. Stripe handles all card data directly and Metamorphos Studio never receives or stores your card number. See Stripe Privacy Policy.
Apple / Google
If you use Sign in with Apple or Google Sign-In, those providers authenticate your identity and share a name and email with us. Their respective privacy policies govern that exchange.
Sentry
Collects crash reports and error logs to help us diagnose bugs. Reports include technical device context but not personal content such as prayer entries. See Sentry Privacy Policy.
5. AI-Generated Content
RhemaVerse uses artificial intelligence to generate visual imagery (Midjourney), narration audio (ElevenLabs), and scripture companion responses (Anthropic Claude). The following data practices apply:
Cinematic imagery and narration audio are pre-generated by us before delivery to users. Your device data is not used as input to generate these assets.
Scripture Companion queries — the text of your question — are transmitted to Anthropic's API in real time to generate a response. We do not log these queries tied to your identity beyond the current session.
Daily devotional content is generated using general thematic inputs, not your personal prayer journal content.
Note on AI accuracy: AI-generated content, including scripture companion responses, is provided for devotional enrichment and should not be treated as authoritative theological counsel. Always verify important interpretations against trusted scripture translations and your local faith community.
6. Children's Privacy (COPPA)
RhemaVerse includes a Kids Mode feature designed for use by children under parental supervision. We take children's privacy seriously.
We do not knowingly collect personal information from children under 13 without verifiable parental consent, in accordance with the Children's Online Privacy Protection Act (COPPA).
Kids Mode is PIN-gated and intended to be set up and supervised by a parent or guardian. The parent's account governs the session.
Kids Mode content does not include subscription prompts, social features, or Scripture Companion AI queries.
If you believe a child under 13 has provided us personal information without parental consent, contact us immediately at support@metamorphosstudio.com and we will delete that information promptly.
If you are between 13 and 18, a parent or guardian must review and agree to this policy on your behalf before you use the Service.
7. Data Retention
Active accounts — We retain your account data, reading history, bookmarks, and prayer journal content for as long as your account is active.
Deleted accounts — When you delete your account, we remove your personal data within 30 days, except where we are required to retain certain records for legal or financial compliance purposes (typically up to 7 years for transaction records).
Crash logs — Sentry error reports are retained for 90 days and then automatically purged.
Backups — Encrypted database backups may retain data for up to 30 additional days following deletion before being overwritten.
Access — Request a copy of the personal data we hold about you.
Correction — Ask us to correct inaccurate personal data.
Deletion — Request deletion of your personal data ("right to be forgotten").
Portability — Request your data in a portable format.
Opt-out of notifications — Disable push notifications at any time in your device settings or within the app under Settings → Notifications.
California Residents (CCPA)
Under the California Consumer Privacy Act, California residents have additional rights:
Right to know — The categories and specific pieces of personal information we have collected about you.
Right to delete — Deletion of personal information we have collected, subject to certain exceptions.
Right to opt out of sale — We do not sell your personal information. There is nothing to opt out of.
Right to non-discrimination — We will not discriminate against you for exercising your CCPA rights.
To exercise any of these rights, email support@metamorphosstudio.com with "Privacy Request" in the subject line. We will respond within 45 days.
No data sales, ever. Metamorphos Studio does not and will never sell your personal information, browsing history, or prayer content to advertisers or data brokers. Our business model is subscriptions — not advertising.
9. Data Security
We implement industry-standard technical and organizational measures to protect your information:
All data in transit is encrypted using TLS 1.2 or higher.
Passwords are hashed using bcrypt before storage — we never store plaintext passwords.
Database access is restricted to authenticated backend services with least-privilege roles.
JWT authentication tokens have limited expiry windows and are verified on every request.
Rate limiting and input validation are enforced on all API endpoints to prevent abuse.
No security system is impenetrable. In the event of a data breach affecting your personal information, we will notify you in accordance with applicable law.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
Post the updated policy at this URL with a new "Last Updated" date.
Notify you via in-app notification or email (for changes that materially affect your rights).
Continued use of the Service after an updated policy takes effect constitutes your acceptance of the revised policy.
11. Contact Us
Questions, requests, or concerns about this Privacy Policy or your data should be sent to: