Last updated 21 May 2026

Privacy policy

Sermon is a personal app for capturing and remembering sermons. This policy explains what data we collect, how it is used, and how you can delete it. It is written in plain English on purpose.

Who we are

Sermon is operated by Oluwaseyi David Adebayo as the data controller, based in the United Kingdom. You can reach us at hello@usesermon.app for any privacy-related question, including any of the data subject requests described below.

What we collect

  • Account information. Your email address and, if you sign in with Google, your name. These come from Supabase Auth.
  • Profile details. The answers you provide during onboarding: age range, gender, years walking with Christ, typical service day and time, preferred Bible translation, and how you heard about us. All of these are optional except the translation.
  • Sermon recordings. Audio you record in the app, the Deepgram transcript, notes you type alongside the recording, and the key points and verse references we extract using Claude.
  • Device push token. If you enable notifications, we store an Expo push token so we can tell you when a recording finishes processing.
  • Subscription state. If you subscribe to Sermon Pro, we store your subscription tier (free or pro), which product you bought, the period start and expiry dates, and a RevenueCat user identifier used to match purchases back to your account. We never store payment information - only Apple sees that.

One of the profile details above is sensitive - how long you've walked with Christ relates to your religious beliefs. Filling it in is entirely voluntary. You can finish onboarding without answering, and you can clear it at any time from the Account screen. We use this information only to tailor your in-app experience - never to share, sell, profile, or train models.

How we use it

  • To sign you in and keep your notes in sync across reinstalls.
  • On Sermon Pro, to transcribe your sermon audio (Deepgram) and extract key points and verse references (Anthropic Claude). Recordings are sent to those services only for processing. We ask for your explicit permission inside the app before sending anything to either service. You can withdraw that permission at any time by emailing hello@usesermon.app- we'll clear the consent record on your account within seven days, after which our transcription pipeline refuses to send anything further to Deepgram or Anthropic.
  • On the Free tier, neither Deepgram nor Claude is used - your notes stay in Supabase and never leave the database for AI processing.
  • To manage your subscription lifecycle: confirming purchases, recording renewals, tracking trial status, and surfacing the right entitlement in the app.
  • To send you processing-ready notifications, if you opt in.

Our legal basis for processing your data varies by purpose. We process your account information and sermon recordings under the performance of a contract - you signed up for the service, and we need that data to provide it. We process your push token and optional profile details under your consent, which you can withdraw at any time. The sensitive religious-belief detail listed above (faith years) is processed under your explicit consent, given when you choose to fill in that onboarding question, and you can withdraw that consent at any time from the Account screen.

How it is stored

Your data lives in Supabase (Postgres for profile and sermon rows, Storage for audio files). Row-level security ensures that only you can read or write your rows. Recordings are not shared between users.

All data is encrypted in transit using TLS and at rest in Supabase's database and storage layer. We follow standard practices for authentication, access control, and credential storage.

How long we keep it

Your data is retained for as long as your account exists. Sermon recordings, transcripts, summaries, and notes stay in your account until you delete the sermon or delete your account. When you delete your account, your data is removed from our active database and storage permanently within seven days. Encrypted backup snapshots are rotated within 30 days, after which any residual data is gone.

Third parties

Sermon relies on a small number of third-party services to deliver the core experience. Each is listed below with what we send, what they do with it, and how long they keep it.

Supabase (United Kingdom). Receives your account information, profile, sermon rows, and audio files. Stores them as the database, authentication provider, and audio storage layer. Data is retained for as long as your account exists.

Deepgram API(United States). Receives the raw audio of sermons you record, fetched directly from our private storage via a short-lived signed URL. Returns a text transcript. Per Deepgram's API terms, audio submitted to the API is not used to train their models and is not retained beyond the duration of the request.

Anthropic Claude API(United States). Receives the transcript text from Deepgram, plus any personal notes you typed during the sermon. Returns a summary, key points, and verse references. Per Anthropic's API terms, content submitted to the API is not used to train their models.

Expo (push delivery). Receives a push token if you opt in to notifications. Used solely to route processing-ready notifications back to your device.

Google (sign-in). When you sign in with Google, Google returns your name and email so we can create or open your account. We do not receive other information from Google.

Apple (App Store payments and Sign in with Apple). When you subscribe to Sermon Pro, Apple handles the payment entirely - we never see your card details or Apple ID password. Apple shares with us a transaction identifier and the subscription product you purchased so we can grant you access. If you sign in with Apple, Apple returns a stable identifier and optionally your email (which may be a private relay address if you chose to hide it).

RevenueCat (subscription management, United States). When you make a Sermon Pro purchase, RevenueCat receives the Apple-issued receipt, your subscription product, period dates, and an internal user identifier so it can manage renewal and cancellation events. RevenueCat does not receive your sermon content, audio, transcripts, or notes. They participate in the EU-US Data Privacy Framework.

We do not sell your data. We do not use it for advertising. None of the providers above use your content to train their AI models.

International transfers

Sermon is operated from the United Kingdom and your data is primarily stored on Supabase infrastructure in the United Kingdom. Some of our processing partners are based in the United States - specifically Deepgram, Anthropic, Expo, and Google. When your data is sent to these partners, it leaves the UK and EU.

These transfers are protected by the following safeguards. For partners that participate in the EU-US Data Privacy Framework and its UK extension(the UK-US Data Bridge), that designation provides an adequate level of protection under UK and EU law. For partners that don't, we rely on Standard Contractual Clauses and supplementary measures, including encryption in transit and at rest. Email hello@usesermon.appif you'd like more detail about a specific transfer.

Tracking

We do not track you across other apps or websites. We do not share your data with advertisers, analytics brokers, or any third party other than the service providers listed above. Sermon does not include any third-party SDK that profiles your behaviour for marketing purposes.

Children

Sermon is not directed at children under 13 and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, please contact us and we'll delete it.

Your rights

Wherever you live, you have the following rights over the data Sermon holds about you:

  • Access - ask for a copy of your data.
  • Rectification - ask us to correct inaccurate data.
  • Erasure - ask us to delete your data, or do it yourself from the Account screen.
  • Portability - ask for an export of your data in a machine-readable format.
  • Object or restrict - ask us to stop or limit specific uses of your data.
  • Withdraw consent - where processing is based on your consent (notifications, optional profile fields), you can withdraw it at any time without affecting earlier processing.
  • Complain- lodge a complaint with your local data protection authority. In the UK that's the Information Commissioner's Office (ICO) at ico.org.uk. In the EU it's the supervisory authority where you live.

To exercise any of these rights, email hello@usesermon.appand we'll respond within 30 days.

California residents. If you live in California, you have additional rights under the CCPA and CPRA. The rights above cover most of these. In addition: we do not sell your personal information, we do not share it for cross-context behavioural advertising, and where we hold sensitive personal information (your religious belief details), you have the right to limit our use of it. Email hello@usesermon.app to exercise these rights or to designate an authorised agent.

Deleting your data

You can delete your account from the Account screen inside the app. Deleting your account permanently removes your profile, sermons, transcripts, and audio files. This cannot be undone.

Changes to this policy

We may update this policy as Sermon evolves. Material changes will be surfaced in the app the next time you open it; minor wording updates won't be flagged, but the Last updated date at the top will always reflect the latest version. Continued use of Sermon after a change means you accept the updated policy.

Contact

Questions or requests? Email hello@usesermon.app.