Privacy
Theodia Privacy Policy
Last updated: 2026-06-04
Theodia is developed by Ecodia LLC ("we," "us," or "our"). This policy describes what data the app collects, stores, and transmits, and what choices you have. The app is designed to be local-first: most of your data never leaves your device.
If anything in this policy is unclear, or if a future version of the app changes something material here, the changelog and an in-app "what's new" notice will flag it.
1. The short version
- The app does not collect personal data on its own. No account system, no telemetry SDK, no analytics, no advertising ID, no crash reporter, no fingerprinting.
- All your reading data — bookmarks, highlights, notes, study notes, settings, downloaded Bible translations, and downloaded LLM models — lives on your device only.
- The app has two network endpoints you can configure yourself: the AI assistant endpoint, and a GitHub Personal Access Token for downloading resources and LLM models. We do not see, proxy, log, or store anything sent through those endpoints.
- We do not track you across other apps or websites. Apple's privacy manifest declares
NSPrivacyTracking: falseand an emptyNSPrivacyCollectedDataTypesarray.
2. Data we collect
2.1 The app collects nothing by itself
Theodia has no first-party telemetry. There is no analytics SDK, no
crash reporter, no A/B testing framework, no advertising network, and
no backend server operated by us that the app talks to. The iOS
Privacy Manifest (ios/Theodia/PrivacyInfo.xcprivacy)
declares NSPrivacyTracking: false and an empty
NSPrivacyCollectedDataTypes array, which is a binding
statement that this is true at the binary level, not just in this
document.
The only iOS-required API access declarations in the manifest are for APIs that any file-handling app must use and that don't involve collecting user data:
NSPrivacyAccessedAPICategoryUserDefaults(reasonCA92.1— access info that the user has explicitly provided)NSPrivacyAccessedAPICategorySystemBootTime(reason35F9.1— compute a time interval since the device booted)NSPrivacyAccessedAPICategoryFileTimestamp(reasons0A2A.1,3B52.1,C617.1— display file metadata to the user, manage files the app itself created, and identify the app's downloaded resources)NSPrivacyAccessedAPICategoryDiskSpace(reasonsE174.1,85F4.1— warn the user about insufficient disk space, and clean up app-managed files when storage is low)
2.2 What the app stores on your device
Everything below stays in the app's private storage on your device. It's never uploaded to us, and you can clear it at any time from Settings → Data.
| Data | Storage | Cleared by |
|---|---|---|
| Reading position, last opened chapter | AsyncStorage (settings DB) | "Reset built-in resources" + reinstall |
| Bookmarks, bookmark folders | AsyncStorage (settings DB) | Settings → Clear All Bookmarks |
| Highlights, highlights-enabled flag | AsyncStorage (settings DB) | Settings → Clear All Highlights |
| Search history | AsyncStorage (settings DB) | Settings → Clear Search History |
| Bible notes, study notes | SQLite (notes.sqlite) | Manual, per-note (no bulk delete today) |
| AI conversation history | SQLite (ai.sqlite) | Per-conversation, in the AI screen |
| Theme, language, font size, parallel-bible preferences | AsyncStorage (settings DB) | Reinstall |
| Feature-flag overrides (alpha/beta/dev opt-ins) | AsyncStorage (settings DB) | Reinstall |
| Bible translations you have installed | Files in app's document directory | Settings → Resources → Remove |
| LLM models you have downloaded | Files in app's document directory (/llms/) | Settings → AI → Manage Models → Remove |
| API keys: OpenAI-compatible AI key, GitHub Personal Access Token | expo-secure-store (iOS Keychain / Android Keystore) | Settings → Clear, or by removing the key entry |
The two API keys (AI key, GitHub PAT) are stored in the platform's secure enclave (iOS Keychain / Android Keystore) and are not included in standard device backups. Everything else rides along with the device's normal backup behavior — on iOS, AsyncStorage is included in iCloud backup; on Android, it's not, by default.
2.3 What the app does not store
- Your name, email, phone number, address, or any contact info.
- Your location (the app requests no location permission on either platform).
- Your advertising ID (IDFA on iOS, GAID on Android).
- Your device fingerprint, MAC address, or IP address (we don't collect it because we don't run servers that the app talks to).
- A list of the apps you have installed.
- Your contacts, calendar, photos, microphone, or camera. The app requests no permission for any of these.
3. Data the app sends
The app has two user-configured network paths. Both are off by default and both go to destinations you choose, not to us.
3.1 The AI assistant endpoint
What: A user-configured OpenAI-compatible HTTP endpoint. Theodia's AI assistant (named Theophilus) sends the conversation, tool calls, and your current verse context to whatever URL you put in Settings → AI Assistant → API Base URL.
What we see: Nothing. Theodia does not run any server. We are not a party to these requests. Your AI provider of choice sees the requests; their privacy policy applies to them.
What you should know:
- The default
Info.plistsettingNSAppTransportSecurity.NSAllowsArbitraryLoads = trueis set only so the app can talk to locally-hosted AI servers (e.g.http://localhost:4000) and to user-chosen self-hosted endpoints. We do not transmit any data to ourselves over this exception. - The
Authorization: Bearer <your-api-key>header is set from the key inexpo-secure-store. The key never leaves your device except inside the request to the endpoint you configured. - We do not log, mirror, cache, or otherwise see the AI request or response bodies. There is no app-side logging of prompts, replies, or tool calls (the in-app log viewer shows your own actions and framework errors; AI content is not logged).
- The AI screen has a "Stop generating" control that aborts the in-flight request via the standard
AbortSignalmechanism.
Local-mode note: If you turn on Use local model in Settings → AI Assistant, the AI assistant runs entirely on-device using a GGUF model you have downloaded. In that mode, the network is not used for the AI chat at all. The model file is downloaded once from a GitHub release (see §3.2) and stays in the app's private storage.
3.2 The resource and LLM download path
What: The app downloads additional Bible translations, commentaries, lexicons, and LLM models from a GitHub release host. The host is github.com (a public service operated by GitHub, Inc., not by us). The release repo and tag are listed in the in-app catalog.
What we see: Nothing. We do not run a server that mediates these downloads. GitHub sees the request; their privacy policy applies to them.
What you should know:
- If you provide a GitHub Personal Access Token in Settings → GitHub, the app attaches it as
Authorization: Bearer <your-pat>to download requests for private repos you own. The token stays inexpo-secure-storeand is never sent to us. - If you do not provide a PAT, downloads are limited to public releases and are subject to GitHub's unauthenticated rate limit (60 requests/hour/IP).
- Downloaded files (Bible translations, LLM models) are stored in the app's private document directory. They are not uploaded or shared with us.
3.3 App Store / Play Store metadata
When you install Theodia from the App Store or Play Store, the store operator (Apple or Google) collects the metadata their platform requires for distribution, billing, and crash diagnostics. This is governed by Apple's and Google's respective privacy policies, not by this one.
4. Children's privacy
Theodia is a Bible-reading app. It does not knowingly collect personal data from anyone, including children under 13 (COPPA) or under 16 (GDPR-K, UK Age-Appropriate Design Code). Because the app collects no data, there is nothing to delete on request.
If you are a parent or guardian and you believe your child has entered personal information into a Bible note, AI conversation, or bookmark, you can clear it from the app's Settings screens yourself. If you need help doing so, contact us at the address below and we will walk you through it.
5. Your rights and choices
Because the data is on your device, you have direct control:
- Export. Bookmarks, highlights, and notes can be exported to a file or to the clipboard from the Data section of Settings.
- Delete. Every data category listed in §2.2 can be deleted from inside the app. There is no account to close because there is no account.
- API keys. Removing the AI key or GitHub PAT from Settings immediately stops those network requests. Deleting the key from
expo-secure-storerequires tapping the "✕" next to the key field in Settings. - Uninstall. Uninstalling the app deletes everything in its private storage. On iOS this is immediate. On Android, depending on your device and Android version, residual files in the document directory may persist until you also clear the app's storage from Settings → Apps → Theodia → Storage → Clear Storage.
- Backup copies. iCloud backup (iOS) and Google Drive backup (Android) may include the data in §2.2 depending on your device settings. To exclude Theodia from iCloud backup, go to Settings → [your name] → iCloud → Manage Storage → Backups → [your device] → Show All Apps → Theodia → toggle off. On Android, Settings → System → Backup → App data → Theodia → off. Note: the API keys in
expo-secure-storeare not backed up by either platform by default.
If you are in the EEA, UK, or California and would like to exercise data-subject rights (access, deletion, portability) with respect to any data the app might hold about you, contact us at the address below. Because we collect nothing, the substantive answer to any such request is "there is nothing to return"; we will confirm that in writing within 30 days.
6. International transfers
Because the app does not run a server, there are no international transfers initiated by us. The two network paths in §3 each involve the operators of the endpoints you choose (your AI provider, GitHub) and are subject to their own data-transfer practices. If you choose an AI provider in a different country from where you live, that provider receives the request directly — we are not the importer or exporter of record.
The app uses expo-localization only to detect the device
language at first launch. The detected language is used to pick a UI
translation and is stored in your local settings; it is not
transmitted off the device.
7. Security
We use the platform-provided secure storage for secrets:
- The AI API key and the GitHub Personal Access Token are stored in
expo-secure-store, which uses the iOS Keychain and the Android Keystore. These are encrypted at rest, scoped to the app, and not included in standard device backups. - All other data is stored in the app's private sandbox, which is unreadable to other apps on the same device.
Things you can do to keep your data safe:
- Set a device passcode. Without one, the secure store is weaker.
- Don't paste your AI key or GitHub PAT into a shared device.
- Be cautious about which LLM models you download. Theodia's catalog is curated, but the catalog is an allow-list of release tags, not a content review. A SHA-256 checksum is verified against the catalog entry after a download finishes; if the check fails, the file is deleted and an error is shown.
7.1 Reporting a security issue
If you find a security issue in Theodia, please email security@ecodia.app with a description and a reproduction. We will respond within 5 business days. Please do not file the issue publicly until we have coordinated a fix.
8. Open-source and third-party components
Theodia is built on the Expo / React Native stack and includes a
number of open-source components. Their licenses are in the
node_modules/ directory and, for bundled native code,
in the app's open-source-licenses screen (if shipped). None of them
collect data outside of what their own privacy policies describe, and
Theodia configures them not to do so.
Components of note:
- OpenAI-compatible API client (our own code) — uses the standard React Native
fetchAPI. expo-file-system/expo-sqlite/expo-secure-store/expo-localization/expo-clipboard/expo-document-picker/expo-speech— Expo SDK 54 modules. None transmit user data to Expo or to us; they provide local-only APIs.- AI endpoint provider — your choice; the app does not bundle a provider. Popular options are OpenAI, Anthropic, and self-hosted servers running llama.cpp or Ollama. Each has its own privacy policy.
- GitHub Releases host — operated by GitHub, Inc. Used only for the resource / model download path.
9. Changes to this policy
If we make a material change to this policy, we will:
- Update the "Last updated" date at the top of this document.
- Note the change in the in-app changelog and on the app store release notes for the version that introduces it.
- For changes that affect data we collect (we currently collect none), prompt you to re-consent on the next app launch.
Non-material changes (typo fixes, clarifications, adding a section to clarify existing behavior) do not require re-consent.
10. Contact
Ecodia LLC
Email: privacy@ecodia.app
For security issues: security@ecodia.app (see §7.1)
If you are in the EEA, our representative for the purposes of GDPR Article 27 is the same address above.
Appendix A: Mapping to Apple's "Privacy Labels" and Google's "Data safety"
App Store Privacy Labels ask the developer to declare whether each data type is collected and whether it is linked to the user. The following is a faithful representation for the current version of Theodia.
| Data type | Collected? | Linked to user? | Used for tracking? |
|---|---|---|---|
| Contact info | No | — | — |
| Health & fitness | No | — | — |
| Financial info | No | — | — |
| Location | No | — | — |
| Sensitive info | No | — | — |
| Contacts | No | — | — |
| User content (notes, bookmarks) | Stored on device only | No | No |
| Browsing history | No | — | — |
| Search history | Stored on device only | No | No |
| Identifiers (User ID, Device ID) | No | — | — |
| Usage data | No | — | — |
| Diagnostics | No (we ship no crash reporter) | — | — |
| Purchases | No (we have no in-app purchases) | — | — |
Google Play's "Data safety" form has a similar shape and the answers are the same: Data is not collected, not shared, not processed. The two user-configured network endpoints in §3 are "data sent off device at the user's explicit request" — they fit Google's "data shared for a feature the user opted into" disclosure, which we will declare truthfully in the Play Console.
Appendix B: License notes for bundled Bible content
Theodia bundles a curated set of Bible translations, commentaries, and lexicons. Each of these has its own license terms:
- KJV — public domain (crown copyright expired).
- OHGB family (OHGB, OHGBi, Tanakhxx) — see
docs/bibles/for the upstream license file bundled with each translation. These are non-commercial-OK datasets; check the specific file before redistributing derivative works. - Commentaries (cHenry, cAIC, etc.) — each commentary has its own license. The app does not modify the text; it serves it as bundled.
If you are a copyright holder and believe bundled content is infringing, contact us at privacy@ecodia.app and we will remove or replace the affected content in the next release.