Privacy Policy

(As of: May 21, 2025 · Version 2)

This Privacy Policy complies with the requirements of the EU General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG) and the Telecommunications Act 2021 (TKG 2021) and applies to the following services:

vectorbible.com
app.vectorbible.com
Vector Bible App (iOS / Android)

1. Controller

Franz Josef Drexler
Address: see Imprint
E-Mail: [email protected]
Phone: +43 681 208 87 501

2. Automated server log files

Purpose	Data categories	Legal basis	Storage duration
Operation, delivery, IT security	- Date / time - public IP - HTTP headers (browser/app version, OS, provider, device) - location (country, city from Geo-IP)	Art. 6 (1) lit. f GDPR (legitimate interest: functionality & defense against attacks)	30 days

3. Data you provide

Purpose	Typical data	Legal basis	Storage duration
User account, bookmarks, notes	E-mail address, notes you enter, device name	Art. 6 (1) lit. b GDPR	until account deletion + 30 days
Sending login codes	E-mail address	Art. 6 (1) lit. b GDPR	30 days
Support communication	Content of your message, sender address	Art. 6 (1) lit. a GDPR	until completion + 6 months

We do not send newsletters, advertising or push notifications.

4. Statistics & license reporting

4.1 Plausible Analytics

We use Plausible Analytics (EU hosting at Hetzner). Plausible is cookie-free, does not store persistent identifiers and keeps only aggregated reports (page/chapter views, daily unique visitors, top countries).
Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in reach measurement and product improvement).

4.2 Monthly Active Users (MAU) per translation

Some Bible publishers require aggregated usage statistics to fulfill contracts.

Implementation: IP address → immediate SHA-256 hash with salt → deletion of raw IP. The hash is kept for max. 30 days for deduplication.
No cookies, no transfer to third parties.
Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest: fulfilling license contracts).

Opt-out

You can object via email to [email protected]; your IP / hash will be blocked and no longer counted.

Service	Location & hosting	Purpose	Safeguards for third-country transfers
Supabase	Frankfurt (eu-central-1) · possible US backups	Database & Auth	Data Processing Agreement incl. EU SCC
Plausible Cloud	Germany (Hetzner)	Cookie-free analytics	Data Processing Agreement (no third-country transfer)
Cloudflare Pages / Workers	Global CDN · USA HQ	CDN, DDoS protection, proxy for Plausible	Data Processing Agreement · EU-US DPF certification
Resend	USA	Transactional emails	Data Processing Agreement + EU SCC
Google Cloud	USA	Semantic search	Data Processing Agreement · EU-US DPF certification
Apple iCloud Mail	EU servers, possible US backup	Receiving support emails	Data Processing Agreement + EU SCC

DPF = EU-US Data Privacy Framework (adequacy decision under Art. 45 GDPR)
SCC = EU Standard Contractual Clauses (Art. 46 GDPR)

6. Data security

TLS 1.2+ in transit
Encryption at rest according to Supabase standard
Access logging & role concepts
IP hashing for MAU counting (SHA-256 + salt)
Planned annual salt rotation

7. Data subject rights

You have the right to access, rectification, erasure, restriction, data portability and to object to processing under Art. 6 (1) lit. f GDPR.
Contact us as per § 1.

You may lodge a complaint with the Austrian Data Protection Authority (www.dsb.gv.at) or any other EU supervisory authority (Art. 77 GDPR).

8. Changes

This notice is updated as needed. The change date above shows the current version. Please check this page regularly.