Privacy Policy

1. Introduction

MMC Media LLC ("Company," "we," "us," or "our"), a Utah limited liability company, operates the Scripture Power mobile application (the "App") available on the Apple App Store. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you download, install, or use the App, and when you visit our website at https://scripturepower.app (the "Website").

Please read this Privacy Policy carefully. By using the App or Website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of the App and Website immediately.

This Privacy Policy is incorporated by reference into our Terms of Service. Capitalized terms not defined herein have the meanings ascribed to them in the Terms of Service.

2. Tracking, Analytics & Advertising — Full Disclosure

We are committed to being transparent about our use (and non-use) of tracking and analytics technologies. Our practices differ between the Scripture Power iOS App and the scripturepower.app Website. Please read both subsections carefully.

2.1 In the Scripture Power App

• No advertising trackers: We do not use Meta Pixel (Facebook Pixel), TikTok Pixel, Pinterest Tag, Snapchat Pixel, or any other third-party advertising pixel or tracking beacon inside the App.
• No behavioral profiling: We do not engage in behavioral advertising, interest-based advertising, or cross-app tracking within the App.
• No in-app advertising: The App does not display third-party ads. We do not collect advertising identifiers (IDFA or equivalent) for advertising purposes.
• No sale of app user data: We do not sell personal information collected through the App to any third party for any purpose.
• No behavioral advertising to children: We do not engage in behavioral advertising, targeted advertising, or interest-based advertising directed at children under 13 — or any user of the App.
• Apple's platform analytics (App Store Connect / SKAdNetwork): Apple collects aggregate, non-personally-identifiable analytics data about app installs, crashes, and usage trends through App Store Connect and SKAdNetwork as part of the iOS platform. This data is governed by Apple's Privacy Policy and is not linked to individual user accounts or sold to advertisers. We use this aggregate data solely to understand broad app performance.
• Future privacy-compliant app analytics: We may in the future use privacy-compliant analytics tools such as Mixpanel or PostHog to understand how users interact with app features — solely for the purpose of improving the App. If implemented, any such tools will: (a) collect only the minimum data necessary for product improvement; (b) not be used for advertising or behavioral profiling; (c) not sell your data to third parties; and (d) be disclosed with an update to this Privacy Policy.

2.2 On the scripturepower.app Website

• Cookies and tracking technologies: The Website may use cookies, web beacons, pixels, and similar technologies — including Google Analytics, Meta Pixel (Facebook Pixel), and comparable tools — to measure website traffic, understand how visitors find and use our site, and evaluate the effectiveness of our marketing campaigns.
• Advertising pixels: We may use advertising measurement pixels (such as Meta Pixel) to measure the effectiveness of our ad campaigns and to reach people who have previously visited our website through retargeting. These pixels operate under the cookie consent preferences you set when you visit our site.
• Cookie consent: When you visit the Website, you will be presented with a cookie consent banner. You may choose to accept all cookies, or manage your preferences — selecting from Essential Cookies (always on), Analytics Cookies, and Marketing Cookies. You may withdraw or change your consent at any time by clearing your browser cookies and revisiting the site.
• Website data not linked to app accounts: Data collected through website cookies and pixels is not connected to your Scripture Power app account, your in-app usage data, or any personal information you provide within the App.
• No sale of website visitor data: We do not sell personal information collected through the Website to third parties for their own marketing purposes.
• No behavioral advertising to children: We do not knowingly deliver behavioral or targeted advertising to children under 13 on the Website or anywhere else.

2.3 Shared Privacy Commitments (App & Website)

• We do not sell personal information to any third party for any purpose.
• We do not share personal information with advertising networks or data brokers for the purpose of targeting you with ads on other platforms, except as described in the website advertising pixel disclosure above (which is subject to your consent).
• We do not track your precise geolocation.
• We do not access your contacts, photos, camera, or microphone unless explicitly required for a feature you choose to use, and any such access will be disclosed separately.
• We do not use session replay tools or heat-mapping software in the App.

2.4 Do Not Track

Some browsers transmit a "Do Not Track" (DNT) signal. The App does not engage in behavioral cross-app tracking, so DNT signals have no material effect on App data practices. For the Website, we honor DNT signals where technically feasible and required by applicable law. We will continue to monitor evolving DNT standards and update our practices accordingly.

3. Information We Collect

We collect only the minimum information necessary to operate the App. The categories of personal information we collect are:

3.1 Information You Provide Directly

• Email Address: If you create an account, we collect your email address solely for account authentication and to send you service-related communications (e.g., password resets, account notices). We do not use your email address for third-party marketing.
• Display Name: An optional display name used within the App (not required; you may use the App without a real name).

3.2 Game Progress and Usage Data

• Game Progress: Your memorization progress, scripture completion records, streaks, scores, and selected scripture packs are stored to provide continuity across sessions and devices.
• In-App Activity: Which game modes you launch and how long sessions last, used solely for improving App functionality — not for advertising profiling.

3.3 Subscription and Purchase Information

• Subscription Status: Whether you have an active free or premium subscription, your subscription tier (monthly, annual, or lifetime), and renewal dates.
• Transaction Identifiers: Non-financial transaction identifiers provided by Apple and RevenueCat to verify and manage your subscription. We never receive, store, or process raw payment card data, bank account information, or Apple Pay credentials. All payment processing is handled exclusively by Apple's App Store infrastructure.
• Device Identifiers (RevenueCat): RevenueCat assigns an anonymous customer identifier to link your subscription to your device/account. See Section 8.2 for RevenueCat's privacy practices.

3.4 Technical and Diagnostic Data

• Crash Reports: If the App crashes, diagnostic information (crash logs, device model, OS version, App version) may be collected to identify and fix bugs. This information does not include personally identifiable information.
• Device Metadata: Device type, operating system version, and App version, used solely for compatibility and support purposes.

3.5 Data We Do NOT Collect

For complete clarity, we do not collect any of the following:

• Precise or approximate GPS location
• Contacts or address book data
• Photos, videos, or camera data
• Microphone recordings or voice data
• Browsing history, search history, or internet activity outside the App
• Advertising identifiers (IDFA or equivalent) for advertising purposes
• Health or fitness data
• Financial account information or credit card numbers
• Social security numbers or government-issued ID numbers
• Biometric data
• Cookies (advertising or tracking)
• Any data from children under 13 beyond what is strictly necessary (see Section 9 — COPPA)

4. How We Use Your Information

We use the personal information we collect for the following purposes only:

• To provide and maintain the App: Authenticating your account, storing your game progress, and enabling cross-device sync.
• To manage subscriptions: Verifying your subscription status, granting premium access, and processing renewals via RevenueCat and Apple.
• To communicate with you: Sending transactional and service-related messages such as account confirmations, password resets, and service announcements. We do not send marketing emails without your explicit opt-in consent.
• To improve the App: Reviewing aggregate (non-identifiable) usage patterns and crash reports to fix bugs and improve features.
• To comply with legal obligations: Responding to lawful requests from courts or government authorities, complying with applicable law, enforcing our Terms of Service, and protecting the rights and safety of our users.
• To prevent fraud and abuse: Detecting and preventing unauthorized access, subscription fraud, or misuse of the App.

We do not use your personal information for any purpose not listed above without first obtaining your consent or providing you with notice and an opportunity to opt out.

5. Legal Basis for Processing (GDPR and International Users)

If you are located in the European Economic Area (EEA), the United Kingdom, or other jurisdictions that require a lawful basis for processing personal data, we process your information under the following legal bases:

• Performance of a Contract: Processing your account information and game progress is necessary to provide the App services you have requested.
• Legitimate Interests: Improving the App through aggregate analytics, preventing fraud, and ensuring security, where our interests are not overridden by your privacy rights.
• Legal Obligation: Complying with applicable law, court orders, and regulatory requirements.
• Consent: For any processing activity not covered above (e.g., optional marketing communications), we will obtain your explicit consent, which you may withdraw at any time.

6. Data Storage and Security

6.1 Where Your Data is Stored

• Local Device Storage: Game progress and preferences are stored locally on your device in the App's private, sandboxed storage, which is not accessible to other apps or third parties.
• Cloud Storage (Supabase): If you create an account, your profile information and game progress are synchronized to our cloud database hosted on Supabase (Supabase, Inc.), a cloud-based PostgreSQL database platform. Supabase stores data on servers located in the United States. Supabase is bound by a Data Processing Agreement with us and implements industry-standard security controls. For more information, visit supabase.com/privacy.

6.2 Security Measures

• All data transmitted between the App and our servers is encrypted via HTTPS/TLS.
• Supabase implements row-level security (RLS), ensuring users can only access their own data.
• Passwords are never stored in plaintext; authentication is handled via Supabase Auth with industry-standard hashing.
• We implement access controls limiting internal access to personal data on a need-to-know basis.

6.3 No Security Guarantee

While we use commercially reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

7. Data Retention and Deletion

7.1 Retention Periods

• Account Data (email, display name): Retained for as long as your account remains active, or as needed to provide the App services.
• Game Progress: Retained for the duration of your account. If you delete your account, game progress stored in our cloud is deleted within 30 days.
• Subscription Records: Transaction identifiers and subscription history may be retained for up to 7 years as required for tax, accounting, and legal compliance purposes.
• Crash and Diagnostic Logs: Retained for up to 90 days and then automatically purged.
• Local Device Data: Stored on your device until you delete the App or clear App data through your device settings.

7.2 How to Delete Your Data

You may request deletion of your account and all associated personal data at any time by:

• Emailing support@scripturepower.app with the subject line "Account Deletion Request" and your registered email address.
• We will process verified deletion requests within 30 days and confirm completion by email.
• Note: Data retained for legal, tax, or accounting compliance (e.g., transaction records) may be retained for the legally required period even after account deletion, but will not be used for any other purpose.

7.3 California Residents — Deletion Rights

California residents have additional deletion rights under the California Consumer Privacy Act (CCPA/CPRA). See Section 11 for the complete California privacy rights disclosure and the specific process for submitting a deletion request.

8. Third-Party Service Providers

We share limited personal information only with the following trusted service providers, strictly for the purpose of operating the App. We do not share personal information with any other third parties, including advertisers, data brokers, analytics companies, or social media platforms.

8.1 Supabase (Database and Authentication)

What they receive: Your email address (for authentication), display name, and game progress data.

Purpose: Hosting our cloud database, user authentication (login/signup), and cross-device data sync.

Privacy Policy: https://supabase.com/privacy

Data Location: United States

8.2 RevenueCat (Subscription Management)

What they receive: An anonymous customer identifier, subscription product identifiers, and purchase transaction data from Apple (no payment card data).

Purpose: Managing subscription entitlements, verifying purchase receipts, and handling cross-platform subscription status.

Privacy Policy: https://www.revenuecat.com/privacy

Data Location: United States

8.3 Apple Inc. (App Store and In-App Purchases)

What they receive: Purchase and subscription information processed through the App Store.

Purpose: Processing in-app purchases, managing App Store subscriptions, and distributing the App.

Privacy Policy: https://www.apple.com/privacy/

8.4 Expo / EAS (Development Platform)

What they receive: Anonymous crash reports and diagnostic data (no personally identifiable information).

Purpose: App building, deployment, and crash diagnostics to improve App stability.

Privacy Policy: https://expo.dev/privacy

8.5 Service Provider Data Processing Obligations

All service providers listed above are:

• Bound by contractual data processing agreements limiting their use of personal information solely to the services they provide us;
• Prohibited from using your personal information for their own marketing or advertising purposes;
• Required to maintain appropriate security standards for the data they process on our behalf.

9. Children's Privacy (COPPA Compliance)

9.1 COPPA Compliance Statement

We comply with the Children's Online Privacy Protection Act of 1998, as amended ("COPPA"), and the COPPA Rule (16 C.F.R. Part 312). We do not knowingly collect personal information from children under the age of 13 without first obtaining verifiable parental consent.

9.2 How Children Use the App

Scripture Power requires an account to use the App. Users must confirm they are 13 years of age or older during account registration. Children under 13 should not create their own accounts.

If a parent or guardian wishes to allow a child under 13 to use Scripture Power, the parent or guardian must:

1. Review this Privacy Policy;
2. Create the account themselves using the parent's own email address;
3. Set up a Family Profile for the child within their parent account;
4. Provide affirmative consent by completing account registration and confirming they are 13 or older, which constitutes verifiable parental consent under COPPA.

Children under 13 access the App only through Family Profiles managed by their parent or guardian's account. They do not have independent accounts or provide personal information directly.

9.3 Data Collected from or About Children Under 13

When a child's account is managed by a parent/guardian, the following data may be collected:

• Parent's email address (used for account authentication — not the child's email);
• Display name (optional; may be set to a first name or nickname);
• Game progress data (scripture completion, scores, streaks).

We do not collect from children under 13:

• Full name, physical address, phone number;
• Social security number or government ID;
• Location data;
• Photos, audio recordings, or video;
• Contacts or social network information;
• Advertising identifiers;
• Any information not necessary to provide the App's core educational functionality.

9.4 No Behavioral Advertising to Children

We do not engage in behavioral advertising, targeted advertising, or interest-based advertising directed at children under 13 — or any user of the App. We have no advertising ecosystem within the App. We do not profile children, sell children's data, or share children's data with advertising networks.

9.5 Parental Rights

Parents or guardians of children under 13 may exercise the following rights at any time by contacting us at support@scripturepower.app:

• Review: Request a copy of the personal information collected about their child.
• Correct: Request correction of inaccurate information about their child.
• Delete: Request deletion of their child's account and all associated personal information. We will process verified requests within 30 days.
• Refuse Further Collection: Withdraw consent and request we stop collecting or using their child's personal information. Note that withdrawal of consent may prevent use of account-based features.

To verify parental identity, we may request that you respond from the email address associated with the account, or provide other reasonable verification.

9.6 Notice of Discovered Collection

If we discover that we have inadvertently collected personal information from a child under 13 without parental consent, we will delete that information as promptly as possible. If you believe we may have information from a child under 13 collected without parental consent, please contact us immediately at support@scripturepower.app.

10. International Users and GDPR Rights

While Scripture Power is primarily directed to users in the United States, we respect the rights of users in the European Economic Area (EEA), the United Kingdom, and other jurisdictions with comprehensive privacy laws.

10.1 Data Subject Rights

If you are located in the EEA, UK, or a jurisdiction with equivalent rights, you may have the following rights regarding your personal data:

• Right of Access: The right to obtain a copy of your personal data and information about how we process it.
• Right to Rectification: The right to have inaccurate personal data corrected.
• Right to Erasure ("Right to Be Forgotten"): The right to have your personal data deleted in certain circumstances.
• Right to Restriction of Processing: The right to restrict how we process your data in certain circumstances.
• Right to Data Portability: The right to receive your personal data in a structured, commonly used format.
• Right to Object: The right to object to processing of your personal data based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, the right to withdraw consent at any time without affecting lawfulness of prior processing.

To exercise any of these rights, contact us at support@scripturepower.app. We will respond within 30 days (or the period required by applicable law).

10.2 International Data Transfers

Your personal data is stored and processed in the United States. If you are located outside the United States, your personal data will be transferred to and processed in the United States, where data protection laws may differ from those in your country. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy, including use of service providers who comply with applicable data transfer requirements.

10.3 Data Protection Authority

EEA and UK residents have the right to lodge a complaint with their local data protection authority if they believe we have violated applicable data protection law.

11. California Privacy Rights (CCPA/CPRA)

11.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information from California consumers:

• Identifiers: Email address, display name, and account identifiers.
• Commercial Information: Subscription status and transaction identifiers (no payment card data).
• Internet or Other Electronic Network Activity: In-app usage data and crash diagnostic data, for the limited purposes described in this Policy.

We have not collected: precise geolocation, biometric data, health data, financial account information, contents of communications, or characteristics of protected classifications.

11.2 Sources of Personal Information

We collect personal information directly from you (when you create an account or use the App) and indirectly from our service providers (RevenueCat, Supabase, Apple) in the course of providing App services.

11.3 Business or Commercial Purpose for Collection

Personal information is collected for the purposes described in Section 4 of this Privacy Policy — solely to operate and improve the App, manage subscriptions, and comply with legal obligations.

11.4 Do Not Sell or Share My Personal Information

Because we do not sell or share personal information for cross-context behavioral advertising, there is no opt-out link required. However, if you believe your information is being used in a way that constitutes a "sale" or "share" under the CCPA, please contact us at support@scripturepower.app and we will investigate and respond within 15 business days.

11.5 Your California Rights

California residents have the right to:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
• Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: Because we do not sell or share personal information for advertising, there is no opt-out required. You may still contact us to confirm.
• Right to Limit Use of Sensitive Personal Information: We do not collect or use sensitive personal information (as defined by CPRA) for purposes beyond those permitted without opt-out rights.
• Right to Non-Discrimination: We will not discriminate against you for exercising your California privacy rights. We will not deny you services, charge you different prices, or provide you a different level of service because you exercised your rights.

11.6 How to Submit a California Privacy Request

To submit a request to know, delete, or correct your personal information:

• Email: support@scripturepower.app — subject line: "California Privacy Request"
• Include: Your full name, the email address associated with your account, and the specific request you are making.

We will verify your identity before processing your request (typically by confirming the email address on file). We will respond within 45 days of receipt of a verifiable consumer request. We may extend by an additional 45 days when necessary, with prior notice.

11.7 Authorized Agent

You may designate an authorized agent to submit a California privacy request on your behalf. The agent must provide written authorization signed by you, and we may verify your identity directly before processing the request.

11.8 California "Shine the Light" Law

California Civil Code Section 1798.83 (the "Shine the Light" law) permits California residents to request information about third parties to whom we have disclosed personal information for direct marketing purposes in the prior calendar year. We do not disclose personal information to third parties for direct marketing purposes, so no such disclosure list exists. You may still contact us at support@scripturepower.app to confirm.

12. Apple App Store Privacy Disclosures

In accordance with Apple's App Store privacy requirements, the following summarizes the App's data practices as disclosed in the App Store listing:

Data Used to Track You

None. Scripture Power does not track users across apps or websites owned by other companies for advertising purposes.

Data Linked to You

• Contact Info: Email address (used for account authentication and service communications only).
• Purchases: Subscription transaction identifiers (for managing your subscription).
• User Content: Game progress, scripture completion records, and scores.

Data Not Linked to You

• Diagnostics: Anonymous crash logs and App stability data.

Data Not Collected

We do not collect location data, health & fitness data, financial info (beyond transaction IDs), contacts, messages, photos or videos, audio data, browsing or search history, sensitive info, identifiers used for tracking/advertising, or usage data for advertising purposes.

13. Links to Third-Party Websites

The App or Website may contain links to third-party websites or services not operated by us (for example, links to scripture study resources). We have no control over and assume no responsibility for the privacy practices of those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies solely to information collected by MMC Media LLC through the App and Website.

14. Your Choices and Controls

• Account Deletion: You may delete your account at any time by contacting support@scripturepower.app. Deletion removes your account data from our servers within 30 days.
• Email Communications: You may opt out of non-transactional email communications at any time by replying to any email with "unsubscribe" or by contacting support@scripturepower.app. Note: transactional emails necessary to provide the service (e.g., account security alerts) cannot be opted out of while your account is active.
• Account Deletion: You may delete your account at any time, which removes your data from our cloud systems (see Section 7).
• Subscription Management: You may manage, pause, or cancel your subscription at any time through your Apple ID account settings in the App Store.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or App functionality. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page;
• Post a notice within the App or send an email notification for significant changes;
• Obtain renewed consent where required by law (e.g., for material changes affecting children's data under COPPA).

Your continued use of the App after we post changes to the Privacy Policy constitutes your acceptance of those changes. If you do not agree to the revised Privacy Policy, you must stop using the App and may request account deletion as described in Section 7.

We encourage you to review this Privacy Policy periodically. The most current version will always be available at https://scripturepower.app/privacy.html.

16. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our privacy practices — including requests to access, correct, or delete your data, COPPA parental consent requests, or CCPA/GDPR data subject requests — please contact us:

• Email: support@scripturepower.app
• Company: MMC Media LLC
• State: Utah, United States
• Website: https://scripturepower.app

For California privacy requests, use subject line: "California Privacy Request"
For COPPA parental requests, use subject line: "COPPA Parental Request"
For data deletion requests, use subject line: "Account Deletion Request"
For GDPR data subject requests, use subject line: "GDPR Data Subject Request"

This Privacy Policy was last updated on February 18, 2026. MMC Media LLC reserves the right to update this Privacy Policy at any time consistent with the terms described herein.