Last updated: 2026-04-25 (placeholder draft).
Commontide is a digital Daily Office — a tool for praying the hours, the calendar, and the saints in the ACNA Book of Common Prayer 2019 tradition. This policy explains what data we collect, why, and what control you have over it.
Commontide is usable without an account. If you choose to sign in, we collect the following.
Your prayer context and prayer intentions are religious affiliation data under GDPR Art. 9. We treat this as special-category data:
We use these third-party processors. Each has its own privacy policy.
| Processor | Role | What they see |
|---|---|---|
| Supabase | Database + authentication | All of your profile data, server-side |
| Vercel | Hosting + serverless | Request metadata, server logs, anonymous analytics |
| Crossway / ESV | Scripture API | Bible passage citations only — never your identity or prayer data |
| Sentry (when configured) | Error monitoring | Stack traces, request URLs, server-side error context. Never the contents of prayer context or prayer intentions. Session replay disabled. |
| OAuth provider (optional) | Your email, name, profile picture URL |
The full subprocessor inventory — including data location, links to each provider's privacy policy and Data Processing Agreement, and a change history — lives in docs/SUBPROCESSORS.md.
We do not:
| Data | Legal basis |
|---|---|
| Account creation, sign-in | Contract (Art. 6(1)(b)) |
| Prayer context, prayer intentions | Explicit consent (Art. 9(2)(a)) |
| Anonymous analytics, security logs | Legitimate interest (Art. 6(1)(f)) |
You can withdraw consent for the religious-data category at any time by clearing your prayer context and prayer intentions, or by deleting your account (§5).
You can exercise all of the GDPR / CCPA rights below at any time:
| Right | How |
|---|---|
| Access | GET /api/me/export returns a JSON dump of all your data |
| Portability | Same export endpoint — machine-readable JSON |
| Rectification | Edit any field on /settings |
| Erasure | Delete your account from /settings → Household & Profiles (in-app), or via POST /api/me/delete-confirm then DELETE /api/me — either path cascades all your data |
| Withdraw consent | Either clear the relevant fields on /settings, or delete your account |
| Restrict processing | Sign out — we stop processing on your behalf |
| Object to processing | Email us; see §8 |
| Data | Retention |
|---|---|
| Profile + preferences + prayer_context | Until you delete your account |
| Prayer intentions | Until you delete them, or your account |
| Authentication cookies | Until expiry / sign-out |
| Server logs | ~30 days (Vercel default) |
| ESV scripture cache | 24 hours rolling — no user data |
| Sentry error reports | 90 days (Sentry default) when configured |
Commontide is intended for users 16 and older. We don't knowingly collect data from anyone under 16. If you believe a child has signed up, contact us and we'll delete the account.
For questions, requests, or to exercise a right that requires a human:
For EU/UK users: you also have the right to lodge a complaint with your national data-protection authority.
When the policy changes materially, we'll notify signed-in users in-app and update the Last updated date at the top.
Commontide sets a small number of cookies. None are used for advertising or cross-site tracking.
| Cookie | Purpose | Lifetime |
|---|---|---|
| sb-* (Supabase Auth) | Keeps you signed in across requests; refreshed by the auth middleware | ~1 year (refreshed on use); cleared on sign-out |
| commontide-delete-confirm | Short-lived token gating the destructive DELETE /api/me call against accidental or forged requests | 10 minutes; HTTP-only; SameSite=Strict; scoped to /api/me |
Vercel may also set anonymous analytics cookies on its hosted infrastructure; see Vercel's privacy policy for details.
We do not currently display a cookie consent banner because every cookie we set is in the "strictly necessary" category under ePrivacy guidance (no analytics, marketing, or session-replay cookies). If that changes, we will surface a banner before the new cookies are set.