1. Summary
Midvash is a Bible reader available on the web, on mobile (iOS, Android), and as a browser extension. We are committed to keeping the reading experience free of advertising trackers, third-party analytics, and data brokerage. The data we handle is the minimum necessary to make the product work.
2. Who we are
"Midvash" refers to the project published at midvash.com and midvash.app, including the iOS and Android applications, and the Chrome extension. The project is operated by an independent developer. For data-related questions, contact contact@midvash.com.
3. What we collect
On the web (midvash.com). The reader does not require an account and does not use cookies for personalization or advertising. Server-side request logs (URL accessed, IP address, user-agent, timestamp) are kept by our hosting provider for a limited period for operational and security purposes. Aggregate, non-personal usage statistics may be collected to improve the product.
On the mobile apps (iOS, Android). Reading preferences (default translation, theme, font size) and personal library data (bookmarks, highlights, notes) are stored locally on your device. If you create an optional Midvash account to sync across devices, that data is transmitted to our servers and stored associated with your account.
On the Chrome extension. Detection of Bible references happens entirely on your device. No page content leaves your browser. Detailed policy at midvash.app/privacy/chrome-extension.
4. What we do NOT collect
We do not use third-party analytics platforms (Google Analytics, Facebook Pixel, etc.). We do not embed advertising trackers. We do not sell or rent personal data to anyone. We do not require an account to read the Bible.
5. Optional account
Creating a Midvash account is optional and only required for cross-device sync and account-only features (bookmarks sync, notes, reading plans, higher AI chat limits). When you create an account, we collect:
- Email address — to identify your account and enable sign-in via magic link
- Display name — pre-populated from your Apple or Google profile, editable later
- Profile picture — pre-populated from your Apple or Google profile, optional
- Preferred locale and Bible translation — to sync your reading preferences across devices
- Synced personal library — bookmarks, highlights, notes, reading position
We do not store passwords. Authentication uses Sign in with Apple, Sign in with Google, or a one-time sign-in link sent to your email ("magic link").
6. Authentication providers
You can sign in to Midvash using:
- Sign in with Apple — Apple authenticates you and shares your name and email with Midvash on first sign-in. If you choose Apple's "Hide my email" feature, you'll get a relay address (something like abc123@privaterelay.appleid.com); we'll only ever see that relay. We do not see your Apple ID password or have any further access to your Apple account.
- Sign in with Google — Google authenticates you and shares your name, email, and profile picture with Midvash. We request only basic profile scopes (no access to your Gmail, Drive, contacts, or calendar). We do not see your Google password.
- Magic link — you enter your email and we send a one-time sign-in link valid for 15 minutes. No third party involved.
You can revoke Midvash's access to your Apple or Google account at any time:
7. Data we share with operational providers
We share data only when strictly necessary to operate the service:
- Cloudflare — our hosting and CDN provider. Handles request routing, caching, DDoS protection, and stores your account data in a database hosted on their edge infrastructure. Standard server logs apply.
- Email delivery — when you receive transactional email (magic link, welcome, account deletion confirmation), the email is sent through our Cloudflare-based email service.
- Apple and Google — when you choose to sign in via Apple or Google, we exchange a short-lived authorization code with their servers to verify your identity. We do not share your reading data, bookmarks, notes, or any usage information with them.
- Legal requirements — we comply with valid legal requests (subpoenas, court orders) when required by applicable law.
We do not share data with advertisers, data brokers, social networks, or analytics platforms.
8. Account deletion
You can delete your account at any time from Settings → Account → Delete account in the mobile app, or by emailing contact@midvash.com.
When you delete your account, we immediately mark it as deleted and revoke all active sessions. Your personal data (profile, bookmarks, notes, reading position) remains in a recoverable state for 30 days — during this grace period you can restore your account by contacting us. After 30 days, all associated data is permanently and irreversibly purged from our servers.
9. Children
Midvash is suitable for general audiences. We do not knowingly collect personal information from children under 13. Account creation is restricted to users aged 13 and over. If you believe we have inadvertently collected data from a child under 13, contact us and we will delete it.
10. Your rights
Subject to applicable law (LGPD in Brazil, GDPR in the EU, CCPA in California, and similar regulations elsewhere), you have the right to access, correct, export, and delete the personal data we hold about you. To exercise these rights, write to contact@midvash.com.
11. Security
We use industry-standard practices to protect data in transit (HTTPS) and at rest (encrypted databases). On mobile devices, authentication tokens are stored in the operating system's secure storage (iOS Keychain, Android Keystore) — encrypted at rest by the OS. No system is perfectly secure; in the event of a breach affecting personal data, we will notify affected users as required by applicable law.
12. Changes to this policy
If we change this policy materially, we will publish the updated version at the same URL with a new Last updated date. For changes that affect how we handle data, we will notify users through the app or by email when applicable.
13. Contact
For questions, requests, or concerns related to this policy, write to contact@midvash.com.