Privacy Policy

Last updated: April 2026

1. What we collect

When you sign in with Google, we store:

• Your Google account ID, email address, name, and profile picture URL
• Your role (user / admin) and approval status
• The time of your account creation and your most recent login

While you use the app, we store:

• Your passage excavations (the passage reference, AI-generated analysis, and verse text)
• Your preferences (translation, commentators, analysis mode)
• Per-request usage logs (endpoint, timestamp, which LLM provider served the request)
• Server error logs that include your user ID when an error occurs during a request

2. What we do NOT collect

• No third-party advertising or tracking cookies
• No Google Analytics or similar pixel trackers
• No payment information (the service is free)
• No location data

3. Third parties

When you excavate a passage, your query is sent to one of the following LLM providers:

• Cerebras — cerebras.ai/privacy
• Groq — groq.com/privacy-policy
• Google AI Studio (Gemini) — policies.google.com/privacy

Bible verse text is fetched from bible-api.com (public domain translations) or scripture.api.bible (if configured). These providers may log the passage reference.

We use Google OAuth to verify your identity. Google sees the OAuth request but receives no information about your activity within Palimpsest beyond that.

4. Where data is stored

All user data is stored in a SQLite database on a server we operate. We take nightly encrypted backups and retain them for 30 days.

5. How long we keep data

Your account and history are kept as long as you have an active account. If you delete your account, all associated data (preferences, history, usage logs, sessions) is removed from the database immediately. Backups from before deletion are purged within 30 days as part of normal rotation.

6. Your rights

You can export all your data as a JSON file or permanently delete your account and all associated data at any time from the Account section of the settings panel.

7. Security

Traffic is encrypted via HTTPS (Let's Encrypt). Your session token is stored in your browser's localStorage and sent with each request. We never share your data with third parties except the LLM and Bible API providers listed above, and only as needed to serve your requests.

8. Children

Palimpsest is not directed at children under 13. If you are a parent and believe your child has created an account, contact us to have it removed.

9. Changes

We may update this policy. Material changes will be announced in-app.

Terms of Service · Back to app