PRIVACY POLICY

Preamble

This Privacy Policy explains what personal information Big Farmer LLC(“we,” “us,” or “Big Farmer”) collects when you use The 143 Bible, how we use it, who we share it with, and what rights you have over your information.

We collect as little as we can. We don’t sell your data. We’re a small operation, and what we collect is what we need to run the service.

By using The 143 Bible, you agree to this Privacy Policy. If you don’t agree, don’t use the service.

1. What We Collect

Account information. When you create an account, we collect your email address. You may optionally add a username and profile photo.

Purchase information. When you buy a PDF or subscribe, we collect your email address for delivery and receipts. Payment card information is collected and processed entirely by Stripe — we never see, store, or have access to your full payment details.

App usage information. When you use the webapp, we collect your reading progress, daily story streak, personal annotations, and community posts and replies. This data is stored in our database and associated with your account.

Contact form information. When you contact us, we collect your name, email address, and the content of your message.

Newsletter information. When you subscribe to our email list, your email is collected and stored by Beehiiv, our newsletter platform.

Technical information. When you visit the site, our servers automatically log basic technical information: IP address, browser type, device type, pages visited, and timestamps. This is standard web server activity used for security and debugging.

Cookies. We use cookies that are strictly necessary to operate the service — specifically, session cookies from Supabase that keep you signed in. We do not use advertising cookies, tracking pixels, or third-party analytics that profile users across sites.

2. How We Use Your Information

We use your information to:

• Deliver the products and services you’ve purchased
• Send subscription receipts and account notifications
• Respond to support requests
• Operate the community feature (your posts are visible to other community members)
• Power features like reading progress tracking, streak counters, and profile stats
• Send newsletters you’ve opted into (you can unsubscribe anytime)
• Detect and prevent fraud, abuse, and security threats
• Comply with legal obligations

We do not use your data to train machine learning models. We do not sell your data. We do not share your data with advertisers.

3. Who We Share With

We share data only with the third-party services that operate The 143 Bible:

• Stripe (payments) — https://stripe.com/privacy
• Supabase (database, authentication, file storage) — https://supabase.com/privacy
• Beehiiv (newsletter delivery) — https://www.beehiiv.com/privacy
• Resend (transactional email — PDF delivery, account notifications) — https://resend.com/legal/privacy-policy
• Vercel (hosting) — https://vercel.com/legal/privacy-policy
• YouTube (embedded video playback only — applies only when you watch our videos) — https://policies.google.com/privacy

These services have their own privacy policies. We choose them because they meet reasonable security and privacy standards, but we’re not responsible for how they handle your data beyond our reasonable choice.

We may also disclose your information if required by law (subpoena, court order) or if necessary to protect our rights, your safety, or the safety of others.

In the event of a merger, acquisition, or sale of Big Farmer LLC’s assets, user data may transfer to the acquiring party as part of the transaction. We’ll notify you by email if this happens.

4. Data Retention

We retain your data as long as your account is active. When you delete your account:

• Account and profile data is deleted within 30 days
• Community posts and repliesmay be retained in anonymized form (your username replaced with “Deleted User”) to preserve conversation context for other members. You can request full deletion in your account-closure request.
• Purchase records are retained for 7 years for tax and accounting purposes, as required by US law
• Backups may retain copies of deleted data for up to 90 days before being purged

You can request earlier deletion of community content by emailing the1forty3@gmail.com.

5. Security

We protect your data with:

• HTTPS encryption for all data in transit
• Encryption at rest in the Supabase database
• Row-level security policies that restrict data access to the authorized user
• Industry-standard authentication (managed by Supabase)
• Stripe handles all payment card data (PCI-DSS Level 1 certified)

No system is perfectly secure. We don’t promise your data can never be compromised — we promise we take reasonable steps to protect it. If we have a security incident affecting your data, we’ll notify you as required by applicable law.

6. Your Rights

Regardless of where you live, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Delete your account and associated data
• Export your data in a portable format
• Opt out of marketing communications

To exercise any of these rights, email the1forty3@gmail.com. We respond to verified requests within 30 days (45 days under CCPA, where applicable).

We may need to verify your identity before fulfilling a request — usually by asking you to confirm from the email address on your account.

7. California Residents (CCPA / CPRA)

If you’re a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

Right to know.You can request the specific pieces of personal information we’ve collected about you, the categories of sources, the business purpose for collection, and the categories of third parties we share with.

Right to delete.You can request deletion of personal information we’ve collected from you, subject to legal exceptions (e.g., information needed to complete a transaction, comply with legal obligations, or detect security incidents).

Right to correct. You can request correction of inaccurate personal information.

Right to opt out of sale or sharing. We do not sell personal information. We do not share personal information for cross-context behavioral advertising. There is nothing to opt out of, but you have the right to know this and the right to direct us to stop if our practices change.

Right to limit use of sensitive personal information. We do not use sensitive personal information (as defined by CPRA) for purposes beyond what is reasonably necessary to provide the service.

Right to non-discrimination. We will not deny you service, charge you a different price, or provide a different level of service because you exercised any of your CCPA rights.

Authorized agents.You may designate an authorized agent to make requests on your behalf. We may require written authorization signed by you and verification of the agent’s identity before responding.

Categories of personal information collected (CCPA categories):

• Identifiers (email, IP address, username)
• Customer records (name where provided, purchase history)
• Internet activity (pages visited, reading progress)
• Geolocation (general — derived from IP address, not precise location)
• Commercial information (subscription status, purchase history)
• User-generated content (community posts, annotations)

We do not collect biometric information, professional/employment information, education records, or precise geolocation.

Categories of sources: Directly from you, from your interactions with the service, from third-party services you authorize (Stripe, Supabase).

Business purposes for collection: Operating the service, processing transactions, customer support, security, legal compliance.

Categories of third parties we share with: See Section 3 (Who We Share With).

To submit a CCPA request, email the1forty3@gmail.comwith “California Privacy Request” in the subject line.

8. European Economic Area, UK, and Other Regions

If you’re in the EEA, UK, Switzerland, or another region with comprehensive data protection laws (such as GDPR or UK GDPR), Big Farmer LLC acts as the data controller for your personal information.

Lawful basis for processing. We process your personal information under one or more of the following legal bases:

• Contract— to provide the service you’ve signed up for
• Legitimate interests— for operating and securing the service, preventing fraud, and improving our offerings (where these interests don’t override your rights)
• Consent — for optional things like newsletter subscription (you can withdraw consent anytime)
• Legal obligation — for tax records, responding to lawful requests from authorities

Data subject rights. You have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data (“right to be forgotten”)
• Restrict processing
• Object to processing based on legitimate interests
• Receive your data in a portable format
• Withdraw consent (where consent is the basis)
• Lodge a complaint with your local data protection authority

To exercise these rights, email the1forty3@gmail.com.

International transfers. The 143 Bible is operated from the United States. By using the service, your data is transferred to and processed in the US. We rely on adequate safeguards (such as standard contractual clauses with our processors) where required.

No automated decision-making. We do not make decisions about you based solely on automated processing that produces legal or similarly significant effects.

9. Children's Privacy

The 143 Bible is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn we’ve collected information from a child under 13, we’ll delete it promptly.

If you believe a child under 13 has provided us personal information, contact the1forty3@gmail.com.

For users aged 13–17, we recommend parental supervision and consent before subscribing.

10. Do Not Track

Some browsers offer a “Do Not Track” signal. We do not currently respond to DNT signals because there is no industry standard for how to do so. We don’t use third-party tracking, so this is largely moot — but we mention it for transparency.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we’ll update the “Effective Date” at the top and notify users by email at least 14 days before the changes take effect.

Continued use of the service after the effective date means you accept the updated policy.

12. Contact

For questions about this Privacy Policy, to exercise your rights, or to report a privacy concern:

Big Farmer LLC
the1forty3@gmail.com