Privacy Policy
Last updated: May 8, 2026
Marrow is a Bible reading app that runs primarily on your device. This policy describes what data we collect, why, who else sees it, and the rights you have. It is intended to satisfy the General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA / CPRA).
1. Summary
- The Bible text and your notes are stored on your device by default. We never sell your data.
- We only contact our server when you sign in or sync notes.
- We only contact an AI provider when you tap an explanation, prayer, or topic feature. The provider you pick (OpenAI, Groq, or Marrow AI) determines who sees that request.
- The mobile apps report crashes through Firebase Crashlytics so we can fix bugs.
2. Who we are
For the purposes of GDPR and UK GDPR, the data controller is:
[Marrow controller name — TBD]
[Postal address — TBD]
Privacy contact: privacy@marrowbible.com
If you are in the EEA or UK, this is the entity responsible for your personal data and the entity to which you can address requests under Sections 12 and 13. We are not currently required to appoint a Data Protection Officer; if that changes, this section will name them.
3. What stays on your device
- Bible database — the full Berean Standard Bible text and pre-computed embeddings, downloaded once from GitHub Releases on first launch (~670 MB).
- Notes — verse notes and daily notes you create, stored in a local database. Notes are never uploaded automatically.
- Settings — your theme, font preferences, AI provider choice, and (if applicable) your own API keys for OpenAI or Groq.
- Authentication token — if you sign in, a session token is stored locally so you don't have to log in repeatedly.
4. What we send to our server
Our server (the "Marrow Server") is contacted only when you take one of these actions:
| Action | What is sent | What we store |
|---|---|---|
| Sign in | Google OAuth identity, or your email and password | Your account record (UUID, email, subscription entitlements, last login). Passwords are hashed. |
| Sync notes | Note text, the verse or date it's attached to, timestamps | The note contents in our database, associated with your account UUID. |
| AI request via Marrow AI | The verse text and surrounding context for the question you asked | Anonymized usage metrics (endpoint name and an estimated token count) tied to your account UUID. We do not store the prompt or the response. |
Standard HTTP server logs (timestamp, request path, response status, source IP) are recorded for operational and security purposes. Sensitive headers, including authentication tokens, are redacted.
5. AI providers
Marrow lets you pick which AI provider answers explanation, prayer, and topic requests:
- OpenAI — your request is sent to OpenAI's API using the API key you supply. Their privacy policy applies.
- Groq — your request is sent to Groq's API using the API key you supply. Their privacy policy applies.
- Marrow AI — your request is sent to our server, which forwards it to a third-party model on your behalf. We do not retain prompts or responses.
In every case, the request includes the verse text you're asking about and a small window of surrounding context. It does not include your notes, your name, or your email.
To keep the app responsive and avoid unnecessary calls, the app keeps AI responses in memory for the duration of your current session — so tapping "explain" on the same verse a second time returns the cached answer without contacting the model. This in-memory cache is not written to disk, is not shared between devices, and is cleared when you close the app.
6. Analytics and crash reporting
- Crash reports (mobile) — the Android app sends crash reports to Firebase Crashlytics, which captures the stack trace, app version, device model, and a small set of breadcrumb events leading up to the crash. Crashlytics is provided by Google Ireland Limited and is used to fix bugs.
- Crash logs (desktop) — the desktop app writes crash logs to a file on your machine. They are not transmitted anywhere unless you attach them to a bug report.
- Product analytics — we don't currently send product analytics events anywhere. If we add them in the future, we'll update this policy first and respect your operating system's tracking preferences.
You can disable crash reporting in the app's settings. We're working toward an opt-in (rather than opt-out) flow before the first crash report is sent on EEA/UK devices.
7. Subscriptions and payments
Paid features (such as note sync and Marrow AI) are managed through RevenueCat, which talks to Apple, Google, or Stripe depending on the platform. We see your subscription status (active / inactive / expired); we do not see your payment card.
8. This website
This site is static and does not set tracking cookies, run analytics scripts, or build a profile on you. To render the page, your browser:
- Loads fonts from Google Fonts — exposes your IP address to Google. (We're considering self-hosting the fonts to remove this dependency.)
- Queries the public GitHub Releases API to show the latest download — exposes your IP address to GitHub.
IP addresses are personal data under GDPR. We do not log them ourselves on this site, but the third parties above may log them under their own policies.
9. International transfers
Marrow is operated from outside the EEA. When you use the service, personal data may be transferred to and processed in countries (including the United States) whose data-protection laws differ from those in your country.
The third parties involved — Google (Firebase / Crashlytics / Fonts), GitHub, RevenueCat, Apple, Stripe, OpenAI, and Groq — rely on the EU-US Data Privacy Framework, Standard Contractual Clauses, or equivalent mechanisms approved under Article 46 of the GDPR. Transfers happen only to the extent necessary to provide the feature you requested.
10. How long we keep your data
| Data | Retention |
|---|---|
| Account record (UUID, email, hashed password) | Until you delete your account. |
| Synced notes | Until you delete the note or your account. |
| AI usage metrics (endpoint, token count, account UUID) | [TBD — proposed: 12 months, then aggregated anonymously.] |
| HTTP server logs (including IP) | [TBD — proposed: 30 days.] |
| Crashlytics crash reports | 90 days (Firebase default). |
| Subscription status | For the lifetime of your subscription, plus the period the platform requires for billing reconciliation. |
11. Legal bases for processing (EEA / UK)
Under Article 6 of the GDPR, we process personal data on the following bases:
| Purpose | Legal basis |
|---|---|
| Creating and authenticating your account | Performance of a contract (Art. 6(1)(b)) |
| Syncing your notes | Performance of a contract (Art. 6(1)(b)) |
| Forwarding AI requests via Marrow AI | Performance of a contract (Art. 6(1)(b)) |
| Forwarding AI requests via OpenAI / Groq with your own key | Your consent (Art. 6(1)(a)) |
| Crash reporting | Your consent (Art. 6(1)(a)) on EEA/UK devices once the opt-in flow ships; otherwise legitimate interests (Art. 6(1)(f)) in stability and bug-fixing |
| HTTP server logs / abuse prevention | Legitimate interests (Art. 6(1)(f)) |
| Subscription billing | Performance of a contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)) for tax/accounting |
Where we rely on legitimate interests, you can object — see Section 13.
12. Your rights
If you are in the EEA, UK, or California, you have the rights below. We extend these rights to all users where it's practical to do so.
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your account, synced notes, and usage records.
- Portability — receive your notes in a structured, machine-readable format (JSON).
- Restriction — ask us to limit how we process your data while a request is being resolved.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — withdraw consent for processing that relies on it (such as crash reporting), without affecting the lawfulness of processing before withdrawal.
- Complain to a supervisory authority — if you are in the EEA or UK, you can lodge a complaint with your local data-protection authority (in the UK, the ICO).
- CCPA/CPRA — California residents have the rights to know, delete, correct, and opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under CCPA.
To exercise any of these rights, email privacy@marrowbible.com from the address on your account. We respond within 30 days. We won't discriminate against you for exercising a right.
13. Children
Marrow is suitable for general audiences but is not directed at children. We do not knowingly collect personal data from children under 13 (or under 16 in jurisdictions, including parts of the EEA, where the local age of digital consent is higher). If you believe a child has created an account, contact us and we will delete it.
14. Skipping the cloud entirely
You can use Marrow without sharing any personal data with us:
- Don't sign in.
- Don't enable note sync.
- Pick "OpenAI" or "Groq" with your own key (or skip AI features altogether).
- Disable crash reporting in settings.
The reading experience remains fully functional.
15. Contact
For privacy questions or to exercise your rights: privacy@marrowbible.com.
For general questions: hello@marrowbible.com or open an issue at github.com/clajtayl/Marrow/issues.
16. Changes
We'll update this page when our practices change and bump the "Last updated" date above. Material changes will be announced in-app and, if you have an account, by email.