Privacy Policy

DeepWell (“we,” “us,” or “our”) operates the website deepwell.faith and provides a Bible study platform for the Apostolic Pentecostal community. This Privacy Policy explains what personal information we collect, how we use it, and what rights you have regarding your data.

By creating an account or using DeepWell, you agree to the practices described in this policy. If you do not agree, please do not use the service.

1. Information We Collect

Information you provide directly

• Full name — used as your display name within the platform
• Email address — used for account authentication and transactional communication
• Password — stored as a secure hash; we never see or store your plain-text password
• Zip code — collected at signup as a lightweight regional signal; used for internal analytics only
• Account type — one of: Minister, Teacher, Student, or Layperson; used to understand our audience

Information generated by your use of the service

• Reading position — the last book and chapter you read, stored so you can pick up where you left off
• Devotion progress — which series you’ve started, your current day, and whether you’ve completed a series
• Monthly devotion token usage — a record of which series a free user activated in a given calendar month
• Subscription status — whether your account is on the free tier, active premium, or canceled

Payment information

DeepWell uses Stripe to process payments. We do not collect or store your credit card number, CVV, or bank details. When you subscribe, Stripe handles the transaction and returns a customer identifier that we store to manage your subscription status. Stripe’s privacy policy is available at stripe.com/privacy.

2. How We Use Your Information

• To create and manage your account
• To provide the features of the DeepWell platform (Bible reader, word study, commentary, devotions)
• To enforce subscription access controls (free vs. premium content)
• To send transactional emails — account confirmation, password reset, and subscription receipts. We do not send marketing emails without your opt-in.
• To understand how our audience uses the platform and improve the product over time
• To comply with our legal obligations

We do not sell, rent, or trade your personal information to third parties. We do not use your data to serve third-party advertising.

3. How We Store Your Information

Your account data is stored in Supabase, a hosted Postgres database provider. Supabase stores data on AWS infrastructure. All data is encrypted at rest and in transit (TLS). Row-level security policies ensure that users can only access their own data.

We retain your data for as long as your account is active. If you delete your account, your personal data is removed from our database within 30 days, except where we are required to retain it for legal or financial compliance purposes (e.g., subscription records).

4. Cookies and Tracking

DeepWell uses session cookies to keep you logged in between visits. These are essential for the platform to function. We do not use third-party tracking cookies, advertising pixels, or behavioral analytics tools.

5. Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

• Access — You can request a copy of the personal data we hold about you.
• Correction — You can update your display name and other profile information from your account settings.
• Deletion — You can request that we delete your account and all associated data by contacting us at the email below. We will process deletion requests within 30 days.
• Portability — You can request an export of your personal data in a structured, machine-readable format.
• Opt-out of marketing — You can unsubscribe from any non-essential emails at any time.

Residents of California (CCPA) and the European Union (GDPR) have additional rights, including the right to know what data we collect, the right to opt out of any sale of data (we do not sell data), and the right to non-discrimination for exercising your rights. To exercise any of these rights, contact us at jackson@deepwell.faith.

6. Children’s Privacy

DeepWell is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with their personal information, please contact us and we will delete it.

7. Third-Party Services

DeepWell uses the following third-party services that may process your data:

• Supabase — database, authentication, and storage (supabase.com/privacy)
• Stripe — payment processing (stripe.com/privacy)
• Vercel — web hosting and deployment (vercel.com/legal/privacy-policy)

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For significant changes, we will notify you by email or by a notice within the platform. Your continued use of DeepWell after changes are posted constitutes your acceptance of the revised policy.

9. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us at: