Vespera Privacy Policy

Vespera ("the app") is published by Ropolabs ("we", "us"). We built Vespera so you could sit with scripture quietly. The only information we collect is what is needed to deliver that. We never sell your data, never use it to train third-party AI models, never run ads against your personal reflections, and we let you export or delete everything at any time.

When you create a Vespera account we collect: your email address, an optional display name, your selected tradition (e.g. Bible, Quran, Bhagavad Gita), your notification preferences, your timezone, your reflections (the short notes you write at the end of the day), and which verses you save.

We do not access your contacts, photos, microphone, camera, location (beyond timezone), HealthKit, or any other on-device data.

We use the information you provide to operate the app: deliver your daily verse, save and display your reflections back to you across your devices, send push notifications you have opted into (morning verse, evening reflection, festival reminders), and respond to support requests.

We do not sell, rent, or share your personal information with third parties for advertising or marketing purposes. We do not use your reflections — or any other content you create within Vespera — to train AI models, ours or anyone else's.

Your account data and reflections are stored on servers we operate in the United States (Oracle Cloud). Data is encrypted in transit using TLS 1.2 or later. Server disks are encrypted at rest via the cloud provider's standard encryption. Database backups are encrypted and retained on a rolling basis for service-recovery and legal-compliance purposes.

• Sendora Cloud — handles your sign-in and delivers push notifications. Sendora processes only the minimum data needed for these functions.
• Apple App Store / Google Play — when you purchase Vespera+, the payment is processed entirely by Apple or Google. We never receive your payment card number, billing address, or any other payment details. We only receive the anonymous purchase token Apple/Google use to confirm your subscription status.
• Google AdMob — shows banner ads on the free tier of Vespera. AdMob may collect device-level advertising identifiers; you can limit or disable this in your iOS privacy settings. Ads are NEVER shown on Vespera+ and NEVER shown on personal-reflection surfaces (the reflect modal, the Days journal, the saved-verses library).
• Cloudflare — DNS, content delivery, and DDoS protection for vespera.ropolabs.com.
• banidb.com — daily Hukamnama proxy for users who select Sikh as their tradition. We pass through the anonymous Hukamnama JSON; no user identifiers are sent.
• Google Gemini (Vespera+ only)— used to generate the personalised verse framing shown to paying subscribers. We send: the day's verse text, its reference, the chosen tradition, and three numeric state-hints (heaviness, aliveness, closeness) drawn from your latest reflection. We never send the free-text portion of your reflection. The Gemini API is configured with zero-day data retention; Google does not use our prompts for model training. Downgrading from Vespera+ to Free disables this feature.

You have the right to access, export, correct, or delete your personal data at any time. Within Vespera, the Profile → Settings screen contains the account deletion control. Data export is available on request — email [email protected] from your registered email address and we will send your full reflection + saves history as a JSON file within 7 days. In-app data export is planned for a future release.

Account deletion is a soft-delete with a 30-day retention period for legal-compliance reasons; after 30 days your data is purged from production systems. Encrypted backups are retained on a short rolling basis (typically under 60 days) for service-recovery purposes only.

You also have the right to lodge a complaint with your local data protection authority (such as the ICO in the UK, the CNIL in France, or the FTC in the United States) if you believe we have mishandled your data.

Vespera is not directed at children under 13 (or 16 in the EU / UK). We do not knowingly collect personal information from children. If you are a parent or guardian and believe a child has provided us with personal data, please contact us and we will delete it.

If you indicate within Vespera that you are in crisis, the app immediately displays region-appropriate crisis-line resources before returning to any other content. We do not log or store the contents of these interactions beyond what is required to render the feature on your device.

The crisis-safety surfaces in Vespera provide referral information; they do not constitute medical advice or a substitute for professional mental health care.

We may update this Privacy Policy from time to time. Material changes will be announced via an in-app notification at least 14 days before they take effect, so you can review them and decide whether to continue using Vespera. The "Last updated" date at the top of this page reflects the most recent revision.

For privacy questions, data export requests, deletion requests, or complaints, email [email protected]. We respond within 7 days.

Vespera is published by Ropolabs. Our company-wide privacy policy lives at ropolabs.com/privacy.