Privacy
Privacy is a sacrament.
Last updated 2026-05-27
We treat your spiritual life as the most private thing we hold for you. This page tells you, in plain language, what we collect, what we do with it, and how to take it back. If anything here is unclear, write us at privacy@delighting.ai.
Our commitments
- We do not train models on your conversations or journal entries.Not ours, not anyone else’s.
- We encrypt your data per-user with keys we cannot read for you.Journal entries are sealed with a key bound to your account so even an attacker who exfiltrated our database could not read them without also breaking Google Cloud’s key management service.
- We never sell your data,and we don’t share it with third parties except as needed to run the service (described below) or as required by law.
- You can delete or export everything any time from Settings, with no friction.
What we collect
When you create an account through our identity partner (WorkOS): your email address, your display name if you provide one, and identifiers from the social sign-in provider you choose (e.g., Google, Apple).
When you use the product: your chat messages, the Pastor agent’s responses, your daily-word reads and streak, your journal drafts and sealed entries, your tradition and delivery-time preferences, and which Daily Word passages you’ve seen.
Technical signals: a session cookie that identifies you to our server, an anonymous device identifier when you use the product without an account, and the standard request metadata your browser sends. We SHA-256 hash IP and user-agent before logging them — we keep the hash for security forensics, not the originals.
If you opt in to browser push notifications, we store the push endpoint your browser issues so we can deliver the Daily Word. You can turn this off from Settings or your browser at any time.
How we use what we collect
To deliver the product: render your Daily Word, hold conversation state within a session, track your streak, surface your journal back to you, and send notifications you’ve asked for.
For safety: every conversation runs in parallel through a separate safety classifier whose only job is to detect signs of suicidality, self-harm, abuse, or acute mental-health crisis and surface the right hotline in time. Safety classification data is never used for training, never sent to error trackers, and never linked to a third party.
For service operation: a small set of operational vendors process data on our behalf under written agreements — Google Cloud (hosting, databases, AI inference, key management); WorkOS (identity); Sentry (error tracking, with strict PII scrubbing and crisis-data blocking); Cloudflare (CDN and edge proxy). We do not let any of them use your data for their own purposes.
Encryption and storage
Account and conversation data is stored on Google Cloud (Firestore, Cloud SQL Postgres) encrypted at rest with customer-managed keys (CMEK). Journal entries get a second layer: per-entry envelope encryption with a Cloud KMS key bound to your account ID via additional authenticated data, so a sealed entry cannot be re-attributed to another user even by us.
All traffic between you and our servers is encrypted in transit (HTTPS, HSTS).
Retention and deletion
We keep your data as long as your account is active. When you delete your account from Settings, we delete your profile, conversations, journal entries, daily-word history, push subscriptions, and preferences from our active stores within 30 days. Encrypted backups roll out of retention within 90 days.
Hashed security logs (without raw IPs or user agents) may persist longer for fraud and abuse prevention.
Your rights
You can access, export, or delete your data at any time from Settings. Depending on where you live, you may have additional rights under local law (GDPR in the EU/UK, CCPA in California, others). Write us at privacy@delighting.ai and we’ll honor any request the law gives you, and most requests it doesn’t.
Children
Delighting is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us information, write us and we will delete it.
Changes
If we change this policy in a way that materially reduces your protections, we will notify you by email (if we have one) and update the date at the top of this page. Older versions are kept in our git history.
Contact
Questions, requests, or anything that doesn’t feel right: privacy@delighting.ai. A human reads it.