Privacy
Policy

This is a quiet, low-data space. We've built it that way on purpose.

The short version

We don't run advertising. We don't sell your data. We don't track you across the web. The only data we hold is what you give us directly — your email if you sign in, your reactions and posts if you take part in the community, your transaction record if you donate, and — if you're signed in — which stages and community discussions you've opened, so we can send the occasional gentle, optional note (you can turn these off anytime).

Cookies and local storage

A few preferences stay in your browser so the experience remembers itself between visits. None of this is sent to our servers:

• The language you chose
• Your reader preferences (theme, font, size, line spacing, width)
• Your audio choices (selected voice, ambient on/off)
• Whether you've seen the opening welcome ritual on the reader
• Whether you've dismissed the cookie banner or the PWA install prompt
• A short cache that remembers whether audio files are available, so the page doesn't re-check on every load
• Your bookmarks in the reader

These live in your browser's localStorage and sessionStorage. You can clear them at any time through your browser settings; the site will simply forget your preferences and start fresh.

When you sign in, we set a session cookie issued by Supabase (our auth provider, see below). It carries your authenticated session and nothing else. It's cleared when you sign out.

Analytics

We use Plausible for analytics. Plausible is privacy-first by design: no cookies, no cross-site tracking, no individual identifiers, no fingerprinting. It tells us aggregate things like "this page got 200 views from Germany this week" without ever telling us who you are. Because there are no cookies, no consent banner is legally required for it.

When you sign in

Sign-in is by magic link. You give us an email; we email you a one-time link; clicking it signs you in. We don't store passwords — there are none.

Auth and database are handled by Supabase on our behalf. They store:

• Your email address
• A display name (defaults to "Reader"; you can edit it on /account)
• An avatar seed (random characters that deterministically generate your dotted avatar — no photo upload)
• The timestamps of sign-in and last activity

That's everything connected to an account. We do not store your IP address, browser fingerprint, location, or any device identifier beyond what is technically required to deliver the page.

When you take part in the community

The community runs natively on our own infrastructure (Supabase Postgres). When you post a thread, reply, or react, we store:

• The content you wrote
• A pointer to your account
• The topic, timestamps, and a visibility choice (real name or anonymous)
• The emoji you reacted with on threads or replies

You can post under your display name or anonymously per-thread (we generate a stable, untraceable handle for that thread that nobody can link back to your account). You can delete your own posts at any time. Reactions can be removed by tapping again.

If you report a post or a user, we store the reported target and your reason. Reports are only visible to moderators.

If you're signed in, we also record which community discussions you've opened, with a timestamp — just enough to know what's new to you and, occasionally, to let you know when someone has replied to something you wrote and you haven't seen it yet. That's the whole of it: no record of how long you looked or what you read, and you can turn these notes off anytime (every email has a one-tap unsubscribe).

When you read while signed in

If you're signed in, we record which stage you've opened and roughly how far you scrolled, with a timestamp. That's the whole of it — no highlights, no per-paragraph dwell time, no profile of how you read. We use it for two quiet things, and nothing else: if you begin the book and then go quiet for a while, we may send you a single, gentle note that it's still there whenever you are; and when you finish a stage, we may send one short, warm note marking it and pointing at the next. No streaks, no scores, no nagging — at most these occasional notes, and you can turn them off anytime (every email has a one-tap unsubscribe).

It's tied to your account so the nudge can be personal and so you can switch it off — every such email has a one-tap unsubscribe, and turning it off changes nothing else. The book stays free regardless. Signed-out readers are never recorded; this exists only for people who chose to sign in.

When we send you email

When we send you email, our mail provider (Resend) tells us whether it was delivered, whether it was opened, and whether you clicked a link. We use this for one thing only: to tell whether a kind of email is wanted, and to stop sending a kind that isn't. We don't build a profile from it. You can choose which kinds of email you get — or turn them all off — at /account/email, and every email has a one-tap unsubscribe. The book stays free regardless.

When you support the work

If you donate, we use Stripe to process the payment. Stripe receives the data needed to charge your card (name, email, billing address, the amount). We receive a record of the transaction so we can send you a receipt — that record holds the amount, the date, the Stripe checkout id, your email, and an order status. We never see or store your card number, CVV, or full billing details — those stay with Stripe.

If you give us your email when you donate or otherwise opt in to messages from us, we use Resend to send transactional and announcement emails. We will never share your email with anyone outside the strict service providers required to deliver mail.

Audio narration

The voice narration you can play in the reader is pre-generated. We use ElevenLabs to synthesise the audio files in advance and ship them as static MP3s. At read-time you are streaming a static file from our hosting; ElevenLabs is not involved in playback and does not receive any data about you.

Where the data lives

We host on Vercel (USA) and use Supabase (EU region) for the database and auth. Stripe (USA, with EU subsidiary) and Resend (USA) operate as data processors for payments and email.

When your data leaves the EU/UK in the course of being processed by these providers, transfers rely on the European Commission's Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.

Your rights

You can:

• Request a copy of everything we hold about you
• Ask us to correct anything that's wrong
• Ask us to delete your account and your posts
• Withdraw consent for marketing email at any time (any email we send has an unsubscribe link)
• Object to processing on a legitimate-interest basis

Email blessed@thankgod.space and we'll reply within 30 days.

If you're in the EU, UK, or California, you have additional rights under GDPR / UK GDPR / CCPA. The same email handles those requests. EU/UK readers also have the right to lodge a complaint with your local data protection authority.

How long we keep things

• Reader preferences: in your browser only, until you clear them.
• Account data: kept while your account exists. Deleted within 30 days of an account-deletion request, except where we're legally required to retain (e.g., transaction records for tax purposes — typically up to 10 years depending on jurisdiction).
• Community posts: kept while they exist on the site. Deletion is immediate when you delete a post yourself; soft-deleted moderator actions may keep a copy for 90 days for appeal review.
• Reading progress: kept while your account exists, deleted with it. Ask us and we'll wipe it sooner.
• Email engagement (delivered/opened/clicked): kept while your account exists, deleted with it.
• Donation records: kept for the length required by tax and accounting law in the operator's jurisdiction.
• Analytics: aggregate counters only, no personal identifiers, kept indefinitely as numeric totals.

Children

This work is for adults walking a deliberate journey. We don't knowingly collect data from anyone under 16. If you believe a child has given us data, email us and we'll delete it.

Updates

We'll change this page if we change what we do. The "Last updated" date below tells you when. If a change is material, we'll mention it on the homepage for at least a month and email anyone with an account.

Who we are

Authorship of The Science of God is anonymous by design — see the Imprint for the legal entity that operates this site.

Contact

blessed@thankgod.space

Last updated: 17 May 2026.