Interpretation and Definitions
Definitions
- Application: The software program Saintly provided by the Company.
- Company: Abenteuergeist, Widenmayerstraße 11, 80538 München, Germany.
- Country: Germany.
- Device: Any device that can access the Service such as a mobile phone or tablet.
- Personal Data: Any information that relates to an identified or identifiable individual.
- Service: The Application, the Saintly website (besaintly.app) and all related services provided by the Company.
- You: The individual accessing or using the Service.
Collecting and Using Your Personal Data
Personal Data
While using our Service, we may ask You to provide us with certain personally identifiable information that can be used to contact or identify You. This may include, but is not limited to:
- Email address
- First name and last name (optional)
- Usage Data
Usage Data
Usage Data is collected automatically when using the Service. For mobile applications, this may include information such as the type of mobile Device You use, the mobile operating system, unique Device identifiers and other diagnostic data.
Learning Data
Saintly stores the lessons you have completed, your quiz results, your streak, content you save, feedback you submit, and the conversations you have with the in-app AI features so that we can personalize your learning path and keep continuity across devices.
Faith Profile (Special-Category Data)
During onboarding you can answer optional questions about your relationship to the Catholic faith, such as how familiar you are with it, how connected you feel, your motivation and your age range. Because answers about religious belief are special-category data under Article 9 GDPR, we process them only with your explicit consent (Article 9(2)(a) GDPR), given by providing the answers. They are used solely to personalize your learning experience, are never used for advertising, and are deleted with your account.
Sharing of Your Personal Data
Your Personal Data may be shared in the following situations:
- With Service Providers: to run the app and website. These are: Convex (app backend and database), Clerk (authentication), RevenueCat (subscriptions), Sentry (crash reporting), PostHog (product analytics), Adjust (ad attribution, on consent), Expo (push notifications and app updates), Magisterium AI and OpenRouter/Anthropic (AI chat, see below), ElevenLabs and OpenAI (generation of app content, no personal data), Vercel (website hosting and Web Analytics, on consent) and Apple and Google (sign-in and App Store).
- For business transfers: if the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred.
- With Your consent: we may disclose Your personal information for any other purpose with Your consent.
We never sell Your Personal Data.
App Backend & Authentication — Convex and Clerk
Your account and learning data are stored on Convex, our backend and database provider. Sign-in is handled by Clerk using Sign in with Apple or Google Sign-In; Clerk receives your name and email address (or Apple relay address) and issues the account ID under which your data is stored. Data in transit is encrypted and access is restricted to your account.
AI Features — Magisterium AI and OpenRouter
Saintly offers AI chat features (the Glowy companion and conversations with saint personas). Before your first message, the app asks for your consent. When you use these features:
- Your chat messages are transmitted to Magisterium AI and/or OpenRouter (which routes to AI models such as Anthropic Claude) to generate the response.
- Messages are sent from our servers without your name, email or account identifiers attached.
- Your conversations are stored with your account so you can revisit them, and are deleted with your account.
- Do not include sensitive personal information about yourself or others in chat messages.
Product Analytics — PostHog
We use PostHog to understand how the app is used and to improve it. PostHog processes usage events (such as screens visited, taps and onboarding or subscription steps) linked to your account ID, along with device type and app version. This data is used only for product improvement, never for advertising, and is not shared with third parties.
Subscriptions — RevenueCat
Saintly Pro subscriptions are managed through RevenueCat. RevenueCat receives your app user ID, purchase history and device information needed to validate and restore purchases, plus the attribution data described below. All payments are processed by the Apple App Store; we never see your payment details.
Crash Reporting — Sentry
Crash and error reports are collected through Sentry (device type, OS and app version, stack traces). Session replay is disabled and reports do not include your chat content or personal details.
Advertising Attribution — Adjust, ATT & Apple Search Ads
We advertise Saintly (for example on Apple Search Ads) and measure which campaigns work using the attribution provider Adjust and Apple’s privacy-preserving frameworks (AdServices, SKAdNetwork). On first launch, iOS shows the App Tracking Transparency prompt: only if you allow tracking is your device’s advertising identifier (IDFA) used to attribute installs and purchases to campaigns; results are shared with the delivering ad network in aggregated or pseudonymous form. If you decline, the IDFA is not accessed. Legal basis: your consent (Article 6(1)(a) GDPR), changeable anytime in iOS Settings → Privacy & Security → Tracking. Saintly shows no third-party ads.
Push Notifications & Widgets
If you enable notifications, a push token is stored with your account and used to send your daily lesson and streak reminders through Expo’s and Apple’s push services; the token is removed when you sign out or disable notifications. Home-screen widgets (Daily Saint, verse, streak) work with data stored locally on your device and transmit nothing.
Website Analytics — Vercel Web Analytics
Subject to Your explicit consent given via the cookie banner, the Saintly website (besaintly.app) uses Vercel Web Analytics (Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA) to collect anonymous, aggregated traffic statistics — page views, approximate country-level location, device type, and referrer.
Vercel Web Analytics is cookieless. It does not set cookies, write to local storage, or otherwise persist data on Your device. IP addresses are hashed server-side and not retained. No cross-site profiles are built and no data is sold to third parties.
Data processed: URL visited, referrer, hashed IP, browser and OS, approximate location, timestamp.
Legal basis: Article 6(1)(a) GDPR (consent) and § 25(1) TTDSG.
International transfer: Processing partly occurs in the United States. Vercel adheres to the EU-U.S. Data Privacy Framework; standard contractual clauses under Article 46 GDPR are in place.
Retention: Aggregated statistics are kept for up to 12 months.
Withdrawing consent: Delete the saintly-consent entry in Your browser’s Local Storage to be re-prompted on the next page load.
Further information: Vercel Privacy Policy · Vercel Analytics Privacy
Cookies and Local Storage
The Saintly website does not use tracking cookies. It uses a single technically necessary Local Storage entry under the key saintly-consent to remember Your analytics preference (accept or decline). It contains no personal data and is never transmitted to Vercel or any third party.
Legal basis: § 25(2) No. 2 TTDSG (strictly necessary to provide a service explicitly requested by the user).
Legal Basis for Processing Personal Data Under GDPR
If You are from the European Union (EU), the legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it:
- The Company needs to perform a contract with You (Article 6(1)(b) GDPR)
- You have given the Company permission to do so (Article 6(1)(a) GDPR), for example via the App Tracking Transparency prompt or the AI chat consent
- You have given explicit consent to the processing of Your optional faith profile answers (Article 9(2)(a) GDPR)
- Processing is in the Company’s legitimate interests (Article 6(1)(f) GDPR)
- The Company needs to comply with the law (Article 6(1)(c) GDPR)
Retention of Your Personal Data
The Company will retain Your Personal Data only for as long as necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations.
Transfer of Your Personal Data
Your information may be transferred to, and maintained on, computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ. For residents of the European Economic Area, the Company relies on standard contractual clauses as the legal mechanism for transferring data internationally.
Your Rights Under GDPR
If You are a resident of the European Union, You have the following rights regarding Your Personal Data:
- Right of access (Article 15 GDPR): You can request a copy of Your personal data.
- Right to rectification (Article 16 GDPR): You can correct inaccurate data.
- Right to erasure (Article 17 GDPR): You can request deletion of Your data.
- Right to restrict processing (Article 18 GDPR): You can limit how we process Your data.
- Right to data portability (Article 20 GDPR): You can export Your data in a standard format.
- Right to object (Article 21 GDPR): You can object to certain processing.
- Right to withdraw consent: You can withdraw any consent You have given.
- Right to lodge a complaint: with the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).
Delete Your Personal Data
You may delete Your Account and associated Personal Data at any time from within the app (Settings → Account → Delete account), or by emailing us. In some cases, we may retain your information when required by law or for legitimate business purposes.
Security of Your Personal Data
The security of Your Personal Data is important to us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect Your Personal Data, we cannot guarantee its absolute security.
Children’s Privacy
Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If You are a parent or guardian and You are aware that Your child has provided us with Personal Data, please contact us.
Links to Other Websites
Our Service may contain links to other websites that are not operated by us. This Privacy Policy applies only to information we collect through the Service, and we are not responsible for the privacy practices of third-party websites.
Changes to this Privacy Policy
We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date.
Contact Us
If You have any questions about this Privacy Policy, You can contact us at:
Abenteuergeist
Widenmayerstraße 11
80538 München
Germany
info@abenteuergeist.com