Privacy Policy
Effective: May 6, 2026. AnchoredTime™, operated by Anchorful, LLC.
1. Introduction
AnchoredTime™ (“we,” “us,” or “our”) is a Christ-centered life operating system built to help believers align their daily rhythms around Jesus. We take your privacy seriously. This Privacy Policy explains what personal data we collect, how we use it, and the rights you have over it.
This Policy applies to the AnchoredTime web application available at https://anchoredtime.com and any associated mobile or progressive web app experiences (collectively, the “Service”).
2. What Data We Collect
2.1 Account and Profile Data
When you create an account we collect:
- Email address (used for authentication and transactional emails)
- Display name (optional - used in greetings and coaching output)
- Timezone (used to correctly schedule daily anchors and roll-over logic)
- Life season selection (used to personalize AI recommendations)
2.2 Spiritual Practice Content
The Service is built around practices you record intentionally. This content belongs to you. We store it on your behalf:
- Prayer entries - title, content, prayer type, tags, Scripture references, and any AI-generated summary you accept
- Journal entries - title, content, mood, tags, Grounded Response™ data, Scripture references, and any AI-generated summary you accept
- Daily Anchors - title, pillar/sub-domain mapping, recurrence, completion history
- Scripture interactions - reference, text, translation, and your Grounded Response™ notes
- Anchored Reset sessions - session metadata (duration, sound type, pattern); no audio is stored
2.3 Voice Recordings and Transcripts
If you use the voice-to-text feature for prayer or journal entry, we temporarily store the audio file in Supabase Storage solely to generate a transcript. Once the transcript is delivered to you, the raw audio file is deleted from storage. Transcript text is stored as part of your entry and is subject to the same controls as all other entry content.
2.4 AI Usage Data
When you request AI-powered features (Minimum Faithful Dose™ recommendations, entry summaries, Grounded Response™ coaching), we pass your content to an AI provider. We log a usage ledger record (model, token counts, cost) linked to your account for billing and quota purposes. We do not log the full prompt or response in our systems beyond what you explicitly save.
If you provide your own API key (BYOK), your key is encrypted at the application layer before storage. See Section 4 for details.
2.5 Subscription and Payment Data
Subscription payments are processed by Stripe. We store your Stripe customer ID and subscription tier in our database. We do not store full payment card numbers or bank account details - that data is held by Stripe under their own Privacy Policy and PCI-DSS compliance program.
2.6 Technical and Usage Data
We collect limited technical data to operate the Service:
- IP address and approximate location (country/region) - for abuse prevention and region-aware features
- Browser type, OS, and device category - for compatibility and performance monitoring
- Page views and feature interaction events - for product improvement (no ad targeting)
- Error and performance logs - via Sentry (see Section 3 for third parties)
3. Third-Party Services
We share limited data with the following third-party processors to operate the Service. Each processor is subject to a Data Processing Agreement (DPA) or equivalent contractual obligations:
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Database, authentication, and file storage | All user data at rest; encrypted at rest (AES-256) |
| Anthropic (Claude) | AI features - Grounded Response™, coaching, summaries | Entry content you choose to process; no persistent storage on Anthropic's side |
| OpenAI | AI features (fallback / optional user-selected model) | Same as Anthropic above when OpenAI is selected |
| Voyage AI | Backend semantic embeddings for Smart Recall (infrastructure subprocessor - not user-selectable BYOK) | Text content of journal and prayer entries you choose to index for Smart Recall; processed for embeddings only and not retained beyond the request |
| Stripe | Subscription billing and payment processing | Email, subscription tier, payment method (held by Stripe - we see only customer ID) |
| Vercel | Web application hosting and edge delivery | HTTP request headers including IP; no body content |
| Sentry | Error monitoring and performance tracing | Stack traces, anonymized request context; PII scrubbed before transmission |
| Resend | Transactional email (welcome, export links, confirmations) | Your email address and the email body |
| Upstash | Rate limiting and ephemeral caching | Anonymous request identifiers; no content |
We do not sell your personal data to third parties. We do not share your spiritual content with advertisers.
4. How We Store and Protect Your Data
- All data is stored in Supabase (PostgreSQL) hosted in us-east-1. Data is encrypted at rest using AES-256.
- Data is encrypted in transit using TLS 1.2+.
- BYOK (Bring Your Own Key) API keys are encrypted at the application layer before writing to the database. They are decrypted only in memory during an active AI request.
- Row-level security (RLS) policies ensure that users can only access their own data, even if the application layer were somehow bypassed.
- Access to production infrastructure is restricted to named administrators via multi-factor authentication.
5. How We Use Your Data
We use your data only for the following purposes:
- Providing the Service - authenticating you, displaying your content, scheduling your anchors
- AI features - passing content you explicitly invoke to an AI provider to generate responses
- Subscription management - tracking your plan, processing payments via Stripe
- Transactional communication - welcome emails, password resets, data export delivery
- Product improvement - anonymized, aggregated analytics to understand feature usage
- Safety and fraud prevention - detecting abuse patterns, enforcing acceptable use
We do not use your prayer entries, journal entries, or Scripture interactions for AI model training. We do not sell or broker access to your personal data.
5b. Lawful Basis for Processing (GDPR)
If you are in the European Economic Area, the United Kingdom, or another jurisdiction that requires a lawful basis under the GDPR or an equivalent framework, the following table maps each processing purpose to its corresponding lawful basis under GDPR Article 6 and, where relevant, Article 9.
| Processing purpose | Lawful basis | Notes |
|---|---|---|
| Account creation + authentication | Contract (Art. 6(1)(b)) | Necessary to provide the Service you signed up for |
| Storing your spiritual practice content (prayer, journal, anchors, Scripture interactions) | Contract (Art. 6(1)(b)) + Explicit consent for special-category data (Art. 9(2)(a)) | Content you record may reveal religious beliefs; we treat it as special-category data and process only on the basis of your explicit consent given when you sign up and create entries |
| AI features (Grounded Response, summaries, coaching, MFD recommendations) | Explicit consent (Art. 6(1)(a) + Art. 9(2)(a)) | AI processing is opt-in. You initiate each AI call. You can stop using AI features at any time without losing access to your data |
| Subscription billing + payment processing via Stripe | Contract (Art. 6(1)(b)) + Legal obligation (Art. 6(1)(c)) | Necessary to deliver paid features and to meet tax / financial-records obligations |
| Transactional email (welcome, export, password reset, deletion confirmation) | Contract (Art. 6(1)(b)) | Required to operate your account; not marketing |
| Product analytics + funnel measurement (Vercel Analytics) | Legitimate interests (Art. 6(1)(f)) | No PII attached to events; Supabase user ID only. You can opt out by declining the cookie banner |
| Safety, fraud prevention, abuse detection (rate limits, ledger anomaly detection) | Legitimate interests (Art. 6(1)(f)) | Necessary to protect the Service and other users from abuse |
| Error monitoring (Sentry) | Legitimate interests (Art. 6(1)(f)) | PII is scrubbed before transmission; we retain stack traces only as long as needed to diagnose issues |
| Marketing email (only if you separately opt in) | Consent (Art. 6(1)(a)) | Always opt-in. You can unsubscribe at any time from the link in every marketing email; doing so does not affect your account |
| Responding to your GDPR / CCPA rights requests | Legal obligation (Art. 6(1)(c)) | We are required to respond to access, deletion, portability, and rectification requests within 30 days |
You may withdraw any consent at any time by emailing privacy@anchoredtime.com. Withdrawal does not affect processing already completed and does not affect processing based on contract, legal obligation, or legitimate interests where applicable. AnchoredTime is not the appropriate venue for spiritual direction from a pastor, counselor, or licensed professional - if you withdraw consent for AI processing, the Service continues to work, just without AI features.
6. Data Retention
We retain your personal data for as long as your account is active. If you delete your account:
- Your prayer entries, journal entries, anchors, and Scripture interactions are deleted within 30 days.
- BYOK API keys are deleted immediately.
- AI usage ledger rows are anonymized (user_id is nulled) rather than deleted to preserve financial accuracy.
- Backups may retain deleted data for up to 90 days before being overwritten.
7. Your Rights (GDPR / CCPA)
If you are located in the European Economic Area, the United Kingdom, or California, you have the following rights regarding your personal data:
- Right to Access - request a copy of all personal data we hold about you
- Right to Rectification - correct inaccurate data via the Settings page
- Right to Erasure / Right to Delete - request deletion of your account and personal data
- Right to Portability - receive your data in a structured, machine-readable format
- Right to Restrict Processing - limit how we use your data in certain circumstances
- Right to Object - object to processing based on legitimate interests
- Right to Opt-Out of Sale - we do not sell your data; this right is inherently satisfied
To exercise any of these rights, use the Data Export page within Settings, or email us at privacy@anchoredtime.com. We will respond within 30 days.
California residents: under CCPA, you may also submit requests via the email above. We do not discriminate against users who exercise their privacy rights.
9. Children's Privacy
The Service is not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal data from children. If you believe a child has created an account, contact us at privacy@anchoredtime.com and we will delete it promptly.
10. Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and, where required by law, the relevant supervisory authority within 72 hours of becoming aware of the breach.
11. International Data Transfers
Your data is stored and processed in the United States (Supabase us-east-1). If you are accessing the Service from outside the United States, your data is transferred to the US. Where required by law (e.g., GDPR), we rely on Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms to ensure adequate protection.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and display a notice in the app. The “Effective” date at the top of this page will be updated. Continued use of the Service after notice constitutes acceptance of the revised Policy.
13. Contact Us
Questions, concerns, or requests about this Privacy Policy or your data:
Anchorful, LLC
Email: privacy@anchoredtime.com
Website: https://anchoredtime.com
If you are in the EEA or UK and believe we have not addressed your concern, you have the right to lodge a complaint with your local data protection authority.
“The Lord is faithful, and he will strengthen you and protect you from the evil one.” - 2 Thessalonians 3:3