Is this a religious app?

No. There's no liturgy, no devotionals, no theology. The texts are treated as primary sources — like reading Marcus Aurelius or Seneca.

Do I need to believe anything?

No. Ancient Source is for people who want the wisdom without the doctrine. Atheists, agnostics, deconstructing believers, curious seekers — the app reads the same way for all of you.

How is this different from a Bible app like YouVersion?

Different frame. We don't highlight promises, we highlight psychological mechanisms. We use the word "poet" where devotional apps use "prophet." Every passage is paired with a CBT / ACT / Stoic parallel and a modern research citation.

What traditions are covered?

Hebrew and Christian texts at launch (Solomon). Islamic texts follow next (Mizan). A cross-tradition synthesis — Stoic, Buddhist, Abrahamic — is threaded throughout (Lantern).

Yes. Journal entries are encrypted at rest with a device-held key. If you request an AI reflection, that active entry is sent for processing. We never use your writing to train AI models. Full export and delete are available from settings at any time.

Privacy Policy

Effective date: 24 March 2026

Ancient Source (“we”, “our”, “us”) is committed to protecting your personal data. This policy explains what we collect, why we collect it, how we use it, and your rights under UK GDPR, EU GDPR, and equivalent laws including CCPA (California) and LGPD (Brazil).

If you have questions, contact us at privacy@ancientsource.app.

1. Who we are

Ancient Source is the data controller for personal data collected through this website and application. Our registered address and data protection contact are available at privacy@ancientsource.app.

2. Data we collect

Account data

Email address (required for authentication)
Password (hashed; we never store plaintext passwords)
Display name and avatar URL (optional, provided by you)
OAuth profile data if you sign in via Google (email, profile name, avatar)

Usage and content data

Journal entries you write (encrypted at application layer before storage)
Solomon AI conversation messages you send
Passages you save and any personal notes attached
Your preferred wisdom tradition (Bible, Quran, cross-tradition)
Feature usage counts (e.g., number of Solomon conversations this month)

Payment data

Stripe customer ID and subscription status — Stripe processes all payment card data directly and we never see or store your card details
Billing cycle and plan tier

Technical data

IP address and approximate geolocation (processed by Supabase Auth for security)
Browser type and device type (collected by our hosting provider, Vercel)
Session tokens stored in cookies (necessary for authentication)

Data we do NOT collect

We do not run advertising trackers or third-party analytics pixels
We do not sell, rent, or share your personal data with advertisers
We do not collect data from children under 16 (see Section 10)

3. Why we process your data (legal bases)

Purpose	Legal basis
Providing the service (auth, daily cards, Solomon, journal)	Performance of a contract
Processing subscription payments via Stripe	Performance of a contract
Sending transactional emails (password reset, receipts)	Performance of a contract
Preventing fraud and securing accounts	Legitimate interests
Improving app features and fixing bugs (aggregated, anonymised)	Legitimate interests
Complying with legal obligations (e.g. tax records)	Legal obligation
Sending marketing or newsletter emails (if you opt in)	Consent (you can withdraw at any time)

4. Third-party processors (sub-processors)

We share data only with the following processors, each under a Data Processing Agreement (DPA):

Processor	Purpose	Data sent
Supabase (US/EU)	Database, authentication, file storage	All personal data
Vercel (US/EU)	Hosting, edge functions, CDN	IP addresses, request logs
Anthropic (US)	AI responses (Solomon chat, journal reflections)	Your messages to Solomon
OpenAI (US)	Passage embeddings (not user messages)	Ancient text passages only
Qdrant (EU)	Vector search for passage retrieval	Anonymised query embeddings
Stripe (US/EU)	Payment processing, subscription management	Email, billing info
Google (US/EU)	OAuth sign-in (if you choose to use it)	OAuth tokens only

Important: When you send a message to Solomon, that message is transmitted to Anthropic’s API to generate a response. Anthropic’s own privacy policy governs how they handle API inputs. Journal entries are encrypted at rest, but when you explicitly request a journal reflection, that active entry is sent to Anthropic so Solomon can generate the reflection.

5. International data transfers

Some of our processors (Anthropic, OpenAI, Stripe, Vercel) are based in the United States. Where data is transferred outside the UK or EEA, we rely on Standard Contractual Clauses (SCCs) as the transfer mechanism, or on adequacy decisions where applicable.

6. Data retention

Data type	Retention period
Account / profile data	Until account deletion; then anonymised immediately
Journal entries	Until account deletion or until you delete them
Solomon conversations	Ephemeral by default; saved conversations until deletion
Stripe billing records	7 years (required by tax/accounting law)
Authentication logs	90 days (Supabase default, for security)
Backup snapshots	Up to 30 days (Supabase managed backups)

7. Your rights

Under UK GDPR, EU GDPR, and equivalent laws, you have the following rights. You can exercise any of them by emailing privacy@ancientsource.app or using the in-app controls in Settings.

Access — Request a copy of all personal data we hold about you
Rectification — Correct inaccurate data in your profile or account
Erasure — Delete your account and all associated data (except records we are legally required to keep)
Portability — Receive your data in a machine-readable format (JSON)
Object — Object to processing based on legitimate interests
Restriction — Ask us to limit processing while a dispute is resolved
Withdraw consent — Unsubscribe from marketing emails at any time

We will respond to your request within 30 days. For complex requests we may extend by a further two months, in which case we will notify you. There is no charge for exercising your rights.

CCPA rights (California residents)

California residents have the right to know what personal information we collect and sell (we do not sell personal information), the right to delete, and the right to opt out of sale. To exercise these rights, email privacy@ancientsource.app.

8. Cookies

We use only essential cookies required for authentication. We do not use advertising or tracking cookies. See our Cookie Policy for details.

9. Security

We protect your data using industry-standard measures: TLS in transit, AES-256-GCM encryption for journal entries at the application layer using a device-held key, row-level security on all database tables, and regular security reviews. Despite these measures, no system is 100% secure. If you discover a security vulnerability, please report it to security@ancientsource.app.

10. Children’s privacy

Ancient Source is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or by displaying a prominent notice in the app at least 14 days before the change takes effect. The effective date at the top of this page will always reflect the latest version.

12. Contact and complaints

For any privacy questions, contact us at privacy@ancientsource.app. If you are in the UK or EU and are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK: ico.org.uk).