Effective Date: May 28, 2026
This Privacy Policy describes how Solanthos ("Solanthos," "we," "us," or "our") collects, uses, and protects information when you use Derekh through our website at derekh.app or any Derekh mobile app (together, "the Service").
We have written this policy to be readable. If anything is unclear, please contact us at the address at the end.
When you create an account, we collect your email address and a securely hashed version of your password. We do not store passwords in plain text.
We store the messages you send to Derekh and the AI-generated responses you receive — the actual text of your questions, the passages and topics you discuss, and Derekh's replies. We refer to this throughout as conversation content.
Because Derekh is a Bible study companion, your conversation content may reveal your religious or spiritual beliefs. Some privacy laws, including the EU and UK GDPR, treat information about religious beliefs as a special (sensitive) category that calls for a higher standard of protection. By choosing to use the Service and send this content to Derekh, you explicitly consent to our processing it for the sole purpose of providing the Service to you, as described in this policy. You can withdraw this consent at any time by deleting the relevant conversations or your account (see Sections 6 and 7).
We collect operational metadata about your use of the Service that does not include the content of your conversations. This includes:
We refer to this throughout as usage metadata.
If you subscribe to occasional updates from us through the form on derekh.app, we collect your email address separately from any account information. You may unsubscribe at any time using the link included in every email.
We do not read your conversation content as a matter of routine practice. We access conversation content only when:
We do not use your conversation content for analytics, product research, or any purpose other than those listed above.
We will not use your conversation content for marketing, promotional, or example purposes (including testimonials, case studies, or sample exchanges shown publicly) without your explicit permission.
We use usage metadata to:
We use email subscriber addresses solely to send the occasional updates you signed up to receive. We do not use this list for any other purpose.
If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases to process your personal information:
Your conversation content is not used to train AI models.
When you use Derekh, your messages are sent to Anthropic's API to generate responses. Under Anthropic's Commercial Terms of Service applicable to API customers, your inputs and outputs are not used to train Anthropic's models.
Solanthos does not use your conversation content to train any models of our own, including for analytics or product development.
We use the following third-party services to operate the Service. Each is a "processor" of your data — meaning they process data on our behalf, under their own privacy commitments and security practices.
Anthropic — generates AI responses through the Anthropic API. Your conversation messages are transmitted to Anthropic to generate Derekh's replies. Anthropic's data handling for API customers is governed by their Commercial Terms and Privacy Policy.
Supabase — handles user authentication and database hosting. Your account information and conversation data are stored in a Supabase-hosted PostgreSQL database. See Supabase's Privacy Policy.
Vercel — hosts the Derekh application. Vercel may collect technical request data (IP address, request paths, response codes) for the purpose of serving the application. See Vercel's Privacy Policy.
Stripe — processes payments and manages subscriptions. We do not store your full payment card details on our systems; card data is handled by Stripe in accordance with PCI-DSS. Stripe may set its own cookies during checkout. See Stripe's Privacy Policy.
Resend — sends transactional emails (account-related notifications) and email subscriber updates. See Resend's Privacy Policy.
Sentry — captures errors and exceptions in the application to help us identify and fix technical issues. We have configured Sentry to avoid capturing conversation content in error reports; in rare cases, conversation content may appear incidentally in stack traces, and is accessed only for the purpose of diagnosing the related error. See Sentry's Privacy Policy.
If we add or change processors in the future, we will update this policy.
We implement security measures to protect your information, including:
No method of electronic storage or transmission is fully secure. While we strive to protect your information, we cannot guarantee absolute security. If we become aware of a security incident affecting your personal information, we will notify affected users without undue delay, consistent with applicable law.
Your account information and conversation history are retained as long as your account is active.
Usage metadata and technical logs (such as the error reports and request logs handled by the processors in Section 4) are retained only as long as needed for the operational purposes described in this policy. This information does not include the content of your conversations.
If you delete an individual conversation through the Service, that conversation is removed from active storage immediately and from our backups within 7 days.
If you delete your account, your account information and all associated conversations are removed from active storage immediately, and from our backups within 7 days.
You can delete individual conversations or your entire account at any time from within the Service. You can also request account and data deletion without using the app by emailing support@derekh.app from the address associated with your account. We will complete the deletion and confirm by reply, normally within 30 days.
After account deletion, we may retain limited information for legal, tax, or fraud-prevention purposes (such as billing records required by tax law) for the period required by applicable law.
You have the right to:
To exercise these rights, contact us at support@derekh.app. We will respond within 30 days.
If you are in the European Union, United Kingdom, California, or another jurisdiction with specific data protection laws, you have additional rights under those laws. We honor those rights regardless of your location.
California residents. We do not sell or share your personal information, and we have not done so in the preceding twelve months. We do not use your information for cross-context behavioral advertising. You have the right to know what personal information we collect, to request its deletion, and not to be treated differently for exercising your privacy rights. You can exercise these rights using the contact details above.
The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and become aware that your child has provided us with personal information, please contact us at support@derekh.app and we will take steps to delete that information promptly.
We use browser cookies and local storage for authentication purposes — to maintain your login session and recognize your account between visits. We do not use cookies or local storage for advertising, behavioral tracking, or third-party analytics.
Stripe sets its own cookies during checkout for fraud prevention and session management; these are managed by Stripe under their privacy policy.
The Service is hosted and operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and other locations where our processors operate.
Where we transfer personal information out of the European Economic Area or the United Kingdom, that transfer is protected by appropriate safeguards. The processors listed in Section 4 provide Standard Contractual Clauses or equivalent data protection terms under their data processing agreements. You can request more information about these safeguards using the contact details below.
We may update this Privacy Policy from time to time. Routine updates — including clarifications, changes to the third-party processors listed in Section 4, or other changes that do not materially affect your rights — take effect when we post the updated policy on this page with a new effective date.
For material changes that affect how we use your conversation content or that reduce your rights as a user (such as a new use of your data, a reduction in your deletion or export rights, or a change in legal basis for processing), we will notify active users by email to your account address at least thirty (30) days before the change takes effect.
Changes required by law, regulation, or binding order, or needed to address a security or safety risk, may take effect with less notice or immediately. We will notify affected users as soon as reasonably practicable in those cases.
Your continued use of the Service after changes are posted and the effective date has passed constitutes your acceptance of the revised policy.
If you have questions about this Privacy Policy, please contact us:
Solanthos
1405 Earl L Core Rd RMB 1089
Morgantown, WV 26505
Email: support@derekh.app
Phone: (304) 971-4575