Legal

Privacy Policy

Last updated: 9 July 2026

We have one rule for ourselves when writing this page: say what is true, not what sounds reassuring. The Living Vine is a small product run by a small team, and we would rather tell you plainly what we do than hide behind vague language.

Who is responsible for your data

BD Media AB, the Swedish company that operates The Living Vine, is the data controller. We can be reached at support@livingvinesanctuary.com for any privacy question or request.

What we collect, and why

Here is the full list, and why each exists:

  • What you tell us during the intake. Your first name, your email, your Christian tradition, what you are seeking, your season of life, the people you carry in prayer, what is on your heart, the voice you prefer, and your delivery preference. We collect this so we can write prayers that are actually for you rather than for everyone.
  • Sign-in credentials.So you can return to your account, you sign in with an email and password or with Google. Your password is stored only as a secure one-way hash by our authentication provider — we never see it. If you use “Continue with Google”, Google confirms your identity and shares your name and email with us; we do not receive your Google password.
  • Your prayer history. The prayers we have written for you, with their dates and the Scripture used. So you can read them back later, and so we do not write the same prayer twice.
  • What you write in the Confessional. If you save a reflection, we store it together with the word of comfort we drafted in reply, so it stays in your private library until you delete it.
  • What you post to the community. Prayer intentions, encouragement, and responses you post to the members-only wall, along with whether you chose to post under your name or anonymously.
  • Gifts you send.When you gift a prayer, we collect the recipient’s first name and email address for the single purpose of delivering that gift.
  • Your Manna and activity. A record of the devotional Manna you earn, add, or spend, your check-ins and streaks, and who invited you (if you joined through an invite or partner link), so the devotion features and referral rewards work.
  • Anonymous usage analytics.A first-party anonymous session identifier and a record of which steps of the flow you reached, so we can see where the experience is confusing and improve it. This is our own data — it is never sold and never sent to an advertising network.
  • Payment information, indirectly. Billing runs through PayPal. We never see your card or bank details. PayPal handles the payment itself and gives us back only what we need to identify the transaction (subscription ID, payer ID, payment status) for receipts and renewals.

Who has access to your data

We will not pretend this is a sealed vault that no human ever touches. The truth is:

  • A small trusted team. The two or three people who run The Living Vine can read your intake answers and your prayers, for two specific reasons: to write or review a prayer for you, and to act on safety concerns (see below).
  • Other members, for what you post.Anything you share on the community wall is visible to other signed-in members (under your first name, or anonymously if you choose). Nothing else — your intake, prayers, reflections, or email — is ever shown to other members.
  • Anthropic, our AI provider.When we draft written content for you — your prayer, a word of comfort in the Confessional, or a gift prayer — the relevant details are sent to Anthropic’s API so that Claude can write it, and the text is returned to us. Anthropic does not use data from commercial API calls to train its models.
  • Supabase, our database and sign-in host. Your account information is stored in a Supabase database, and Supabase also handles email/password and Google sign-in on our behalf.
  • Google, if you use it to sign in.If you choose “Continue with Google”, Google verifies your identity and returns your name and email. This is covered by Google’s own privacy policy.
  • PayPal, our payments processor.When you subscribe, you complete payment on PayPal’s own site. PayPal handles your card or bank details under their own privacy policy — we only receive back the transaction status and a payer ID for our records.
  • Email delivery provider (e.g. Resend), so that we can email you your prayer, account emails such as a password reset, and any gift you choose to send.
  • Meta, for advertising measurement.We advertise The Living Vine on Facebook and Instagram, and we use Meta’s measurement tools (the Meta pixel and its server-side equivalent) to know whether those ads work. Meta receives events — that a page was visited, that a membership was purchased and its price — along with standard identifiers: a cookie, your IP address, and where you enter contact details (such as your email at sign-up or purchase), a one-way hashed version of them — the hashing happens before anything is shared, so Meta never sees the address itself. Meta never receives what you write: not your intake answers, not your prayers, not your reflections, not your community posts.

That is the full list. We do not have any other categories of recipient.

Safety review

If something you write into the intake suggests a crisis — for example, language that could signal self-harm or abuse — our system flags it and a member of our small team reads it personally to make sure you are pointed to real help. This is the most important reason we do not pretend the system is anonymous. Pretending would risk missing someone who needed reaching.

What we do not do with your data

  • We show no advertising inside the sanctuary — ever.
  • We do not sell your data, ever, to anyone, for any purpose.
  • We never share the contentyou entrust to us — your intake answers, prayers, reflections, or posts — with any advertiser, marketing partner, or “data enrichment” service. The only advertising-related sharing we do is the measurement events described above (Meta), so we can tell whether our own ads work.
  • We do not use your intake answers or your prayers to train AI models for sale.

Cookies

We use a small number of first-partycookies — set by us, for the service to function — plus one third-party cookie for advertising measurement:

  • A sign-in cookie that keeps you logged in to your account (and, when you sign in with Google or reset a password, a short-lived cookie from our authentication provider to complete that).
  • An anonymous analytics cookie that lets us count how far people get through the flow, without identifying you.
  • A referral cookie, only if you arrive through an invite or partner link, so we can credit the person who referred you.
  • The Meta pixel cookie, used solely to measure whether our Facebook and Instagram ads work (see “Meta, for advertising measurement” above). It never carries anything you write.

Children

The Living Vine is not for anyone under 18. We do not knowingly collect personal information from children. If you believe a child has signed up, write to us and we will delete the account.

Your rights

Wherever you live, you can:

  • Ask for a copy of the data we hold about you.
  • Ask us to correct anything that is wrong.
  • Ask us to delete your account and the data attached to it.
  • Withdraw any consent you have given us.

If you are in California, you have the rights set out in the CCPA/CPRA, including the rights above and the right to know what categories of data we share (which is the list above). California law treats advertising measurement like our Meta events as “sharing” — you may opt out of it at any time by writing to us with “Do not share” in the subject line, and we will exclude your account from advertising measurement. If you are in the EU/EEA, UK, or Switzerland, you have the rights set out in the GDPR (and equivalents), including the right to lodge a complaint with your local data-protection authority. To exercise any of these rights, write to support@livingvinesanctuary.com. We answer within a few business days.

How long we keep things

We keep your account and prayer history for as long as you remain a member. When you delete your account, we delete your intake answers, your prayer history, your custom requests, your saved reflections, and your community posts. We keep a minimal record of the fact that an account existed and was deleted (account id, date, the email it was tied to) for our audit log, because that record is what proves we honoured your request. Billing records may be retained longer where tax law requires.

Where your data lives

Your data is stored on infrastructure operated by Supabase and accessed from servers operated on Vercel. Both providers operate globally and your data may be transferred outside your country for technical reasons. We use providers that publish standard contractual protections for international transfers.

Security

Connections to and from The Living Vine are encrypted in transit with HTTPS. Card and bank details are handled by PayPal and never touch our servers. Database access requires authentication. We do not claim “military-grade” anything — we use standard, current industry practice and we keep an eye on it.

Changes to this policy

If we materially change how we handle your data, we will email the address we have on file before the change takes effect, and we will update the date at the top of this page.

Contact

Privacy questions and requests: support@livingvinesanctuary.com. If you write to that address with “Privacy request” in the subject line, we will treat it as a formal request and respond within a few business days.

Questions about any of this? Write to us at support@livingvinesanctuary.com.