Privacy Policy — Words for the Day

Last updated: April 23, 2026

Words for the Day ("the app") is published by Learning Xperience Labs. This policy explains what personal information the app collects, why, and what your rights are. We've tried to write it in plain English. If anything is unclear, email us at gio@learningxperience.tech.

The short version

• The app is free. There are no ads, no in-app purchases, and no affiliate links.
• We do not sell your data. We do not use third-party analytics (no Mixpanel, no Amplitude, no Facebook SDK).
• You can use the app as a guest without creating an account. Most data stays on your device until you sign in.
• If you sign in, we store your progress and any reflections you write on our servers so they follow you across devices.
• You can export or delete your account and data at any time by emailing us.

What we collect

If you use the app as a guest

When you first open the app, we generate a random device identifier (for example, dev_lzk93h_a8xq1m2p). This identifier is stored only on your phone. It lets us attribute community votes and submissions to "this install" without knowing who you are.

We also store the following on your device only:

• Your chosen language (English or Spanish)
• Your selected reading skin (Oscuro, Pergamino, or Acuarela)
• Your onboarding starting world
• Your appearance preference (dark or light shell)
• Your daily reminder time if you enable notifications
• Your guest reading progress (which devotionals you've started)

None of this leaves your device unless you sign in.

If you create an account

When you sign in with Apple, Google, or email, we store the following on our servers:

• Email address (required — provided by the OAuth provider or entered by you)
• Display name (optional)
• Avatar URL (only if supplied by Apple or Google)
• Authentication provider (apple, google, or email) and provider user ID
• Preferred language and notification settings
• Your reading progress: which series you've started, which days you've completed, and the timestamps
• Your reflections — the journal entries you choose to write on completed days. These are private to you and are never shown to other users.
• Your community submissions (feature suggestions and devotional ideas) and your upvotes on other people's submissions

Community submissions are tied to your device identifier, not to your name or email. We display the title, description, and upvote count publicly; we never display the author's email, display name, or any other personal detail alongside a submission.

What we do NOT collect

• Location (no GPS, no IP-based geolocation, no region tracking)
• Precise identifiers (no advertising ID, IDFA, AAID)
• Contacts, photos, microphone, camera, calendar, or health data
• Third-party ad or tracking SDKs (we don't embed any)
• Analytics that profile you (we do not use Mixpanel, Amplitude, Google Analytics, Firebase Analytics, Segment, or similar tools)

OAuth sign-in

We support Apple Sign In and Google Sign In. When you use these, Apple or Google shares only the information you approve — typically an email address (or a relay email if you choose "Hide My Email") and a display name. Review their privacy practices at apple.com/privacy and policies.google.com/privacy.

Who processes your data

The app's backend runs entirely on Cloudflare:

• Cloudflare Workers — serverless functions that handle API requests
• Cloudflare D1 — SQLite database where account data, progress, reflections, and community submissions are stored
• Cloudflare R2 — object storage for devotional images

Cloudflare acts as our data processor. Data is encrypted in transit (TLS) and managed at rest by Cloudflare. We use JWTs (JSON Web Tokens) to authenticate requests from your device.

We also use Anthropic's Claude API to help generate devotional series content (text and image prompts). We do not send your personal data, reflections, or account information to Anthropic. Only topic prompts written by the publisher or surfaced from high-voted community ideas are sent.

Children's privacy

Words for the Day is not targeted at children under 13. Some devotional series are tagged with a kids audience — these are written for parents to read with their children, not for children to create accounts on their own. We do not knowingly collect personal information from anyone under 13. If you believe a child has created an account, email us at gio@learningxperience.tech and we will delete the account.

If we later publish content expressly directed to children, we will comply with the Children's Online Privacy Protection Act (COPPA) and update this policy.

Data retention

• Reflections are kept for as long as you have an account. You can delete any reflection inside the app or delete your account to remove them all.
• Reading progress is kept for as long as you have an account.
• Community submissions are kept indefinitely unless they are reported and removed by moderation, or unless you delete your account (in which case submissions you authored are deleted).
• Refresh tokens expire and are rotated automatically.

When you delete your account, all the above are removed from our active database. Backups age out on a rolling 30-day window.

Your rights

You can, at any time:

• Export your data — email gio@learningxperience.tech and we will send you a JSON export of your account, progress, reflections, and submissions within 30 days.
• Delete your account — email gio@learningxperience.tech. We will confirm and permanently delete your data.
• Correct your data — update your display name or email in the app, or email us for anything else.
• Withdraw from community features — you can stop submitting or voting at any time without losing access to the rest of the app.

Security

• All traffic between the app and our servers is encrypted with TLS 1.2+.
• Passwords (for email accounts) are hashed with bcrypt. We never store them in plain text.
• Sessions use short-lived JWTs and rotating refresh tokens.
• We restrict database access to the backend Workers; no direct public exposure.

No system is perfectly secure. If we ever become aware of a breach affecting your data, we will notify you by email within 72 hours.

Changes to this policy

If we change this policy meaningfully, we will update the "Last updated" date and show an in-app notice on your next launch. Minor clarifications may be made without notice.

Contact

Learning Xperience Labs Email: gio@learningxperience.tech