Privacy at Sermonwright

The short version

• We collect the minimum we need to run your account, bill you, and generate the sermon prep you ask for.
• We do not sell your data. We do not run advertising on the service and we do not share your data with advertisers.
• Your sermon prompts and outputs go through Anthropic’s API to generate the response. Anthropic’s API policy is that inputs and outputs from API customers are not used to train their models.
• You can export or delete your account data at any time by emailing support@sermonwright.com.
• Our subprocessors are Anthropic (model inference), Clerk (authentication), Stripe (payments), and Netlify (hosting). The list is detailed below and we’ll update it if it changes.

The full policy follows. The plain-English summary above does not replace it.

What we collect

We collect three categories of data: account data, billing data, and service data.

Account data. When you sign up, our authentication provider (Clerk) collects your name, email address, and an OAuth identifier from the provider you sign in with (currently Google or Apple). We do not store passwords ourselves; authentication runs through Clerk.

Billing data. When you subscribe, our billing provider (Stripe) collects your payment method, billing address, and transaction history. We do not store full card numbers; Stripe handles that. We retain a record of subscription status (which plan you’re on, when it renews, whether it’s active) so the service knows what features to unlock.

Service data. When you use the workspace, we receive the passages you submit, the prompts and configuration you supply, the generated output, and the validator’s flags on that output. We also log technical information necessary to operate a web service: IP address, browser and device type, request timestamps, and error events. These are retained as described under “How long we keep it.”

How we use it

The data above is used for a small set of specific purposes:

• Providing the service. Generating exegesis, angles, cross-references, and illustrations from the passages you submit; running the validator on output; saving and exporting your prep.
• Billing and accounts. Processing payments, sending receipts, managing subscription status, and recovering from failed payments.
• Operating reliably. Monitoring performance, debugging errors, preventing abuse, enforcing rate limits, and protecting the service from attack.
• Customer support. Responding to your messages and reproducing issues you report.
• Improving Sermonwright. Studying aggregate usage patterns and validator behavior to make the product better. This work uses aggregated and de-identified data wherever practical and never produces output to other users from your sermon content.

We do not use your data for advertising, do not share it with advertising networks, and do not sell it to third parties.

Who else handles your data

Sermonwright is a small product that runs on top of a small number of trusted infrastructure providers. The current subprocessors are:

• Anthropic — the provider of the Claude model used to generate sermon prep. Your prompts and the generated responses pass through Anthropic’s API.
• Clerk — authentication and identity. Holds your name, email, and OAuth identifiers.
• Stripe — payments and subscription billing. Holds your payment method and billing history.
• Netlify — hosting and content delivery for the website and application.

Each of these providers has its own privacy policy that governs how they handle your data on our behalf. We update this list when it changes. If a new subprocessor is added, the change appears here before any data is routed through them.

Your sermon content and AI training

A specific commitment, because ministers have asked: the prompts and outputs that move through our generation pipeline are not used by us to train any model. Per Anthropic’s commercial API policy in effect as of this update, Anthropic does not use API inputs or outputs to train its models either. If that changes on Anthropic’s side, we will update this policy and notify customers before any change takes effect on our integration.

We may use aggregated, de-identified data about how the tool is used — which features ministers reach for, where the validator catches issues, where the workflow breaks — to improve the product. This is metadata about the service’s behavior, not the content of your sermons.

How long we keep it

Account data is retained for as long as your account is active. After you delete your account, account data is removed within 30 days, except where retention is required by law (for example, billing records that must be retained for tax purposes).

Sermon prep content you have saved in the workspace is retained for as long as your account is active and is removed when you delete it or delete your account. Some saved prep is held in backups for up to 30 days after deletion before it is fully purged.

Operational logs (request metadata, error events, security logs) are retained for up to 90 days, except where a longer retention is needed for security investigation or required by law.

Your rights

You have rights over the data we hold about you. Some of these rights come from laws like the EU GDPR, the UK GDPR, and the California Consumer Privacy Act; we extend the same rights to all customers regardless of where you live.

• Access. You can ask for a copy of the personal data we hold about you.
• Correction. You can ask us to correct inaccurate data.
• Deletion. You can ask us to delete your account and the data associated with it.
• Export. You can ask for a portable copy of your sermon prep content.
• Objection and restriction. You can ask us to limit certain uses of your data, where the law provides for it.

To exercise any of these, email support@sermonwright.com. We respond within 30 days. We may need to verify your identity before acting on a request.

Cookies

We use cookies for two purposes: keeping you signed in and completing checkout. Both are essential to operating the service and cannot be disabled while still using Sermonwright. We do not use third-party advertising cookies, marketing pixels, or cross-site tracking.

Children

Sermonwright is built for ministers and is not directed at children. You must be at least 16 years old to create an account. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact support@sermonwright.com and we will delete it.

International users

Sermonwright is operated from the United States. If you use the service from outside the United States, your data is transferred to and processed in the United States and other countries where our subprocessors operate. By using the service, you consent to that transfer. Where required by law, we rely on standard contractual clauses or equivalent transfer mechanisms with our subprocessors.

Security

We use industry-standard practices to protect your data: TLS for all traffic, encrypted storage at rest, scoped access for the small team that operates the service, and regular review of our subprocessors’ security posture. No system is perfectly secure. If we ever discover a breach affecting your data, we will notify you without undue delay and within the time frames required by applicable law.

Changes to this policy

When we change this policy, we update the “Last updated” date at the top of the page. For material changes — anything that affects how we collect, use, or share your data — we will give notice in the product and by email at least 14 days before the change takes effect, so you have time to review and, if you choose, close your account before it applies.

Contact us

For privacy questions, data requests, or anything else covered by this policy:

support@sermonwright.com

Our terms are available at sermonwright.com/terms. Our editorial policy on AI generation and verification lives at sermonwright.com/policy.