Privacy Policy

Bayit ("Bayit," "we," "our," or "us") is operated by Asaf Niv, an independent developer. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over your data. It applies to the Bayit iOS app and to bayitapp.com ("the Service").

We've written this in plain English. If anything is unclear, email us at privacy@bayitapp.com— a real person reads every message.

1. Information we collect

1.1 Account and profile

On first launch, Bayit creates an anonymous account assigned a random identifier. If you choose to Sign in with Apple, we receive a private, Apple-mediated identifier and (if you grant it) your first name. We store your first name and your onboarding responses — gratitude, challenge, faith goal, nusach preference, pronouns (optional), and timezone — so the app can address you and personalize the experience.

1.2 Conversations and memory

When you chat with Bayit, your messages and Bayit's replies are stored in our database so the assistant can remember context across sessions. We extract structured memory entries (e.g., "user mentioned they're working on patience with their children") so Bayit can return to your context gracefully over time. You can review and delete memory entries in Settings.

1.3 Reading and activity

We store your reading position (book, chapter, verse), daily plan completions, streak data, highlights, notes, and Read-tab preferences — so the app feels personal across devices.

1.4 Subscriptions and purchases

Payments are processed by Apple's App Store; we never see your payment-card details. We receive your subscription status, plan identifier, and renewal/cancellation events from RevenueCat, our subscription-management partner.

1.5 Device and diagnostic information

We collect crash reports, error logs, performance traces, and basic anonymous usage analytics (which screens you opened, which features you used) to fix bugs and improve the product. This includes device model, iOS version, locale, and approximate region inferred from IP address.

1.6 Location

We do not track your location. To show Shabbos candle-lighting and havdalah times, we use only your device's timezone — never your precise coordinates. If a future feature requests location access, you'll see the standard iOS permission prompt and can refuse.

1.7 What we do NOT collect

• Photos, contacts, microphone, or camera data.
• Browsing history outside the app or on other websites.
• Advertising identifiers (IDFA). We do not advertise in-app.
• Health, biometric, or financial data.

2. How we use your information

We use the information we collect to:

• Provide and operate the Service (deliver chat, track your streak, etc.).
• Personalize content based on your onboarding and prior conversations.
• Authenticate you and prevent fraud or abuse.
• Send transactional notifications (daily reminder, Shabbos hooks) when you've opted in.
• Diagnose crashes, debug, and improve product quality.
• Comply with legal obligations and enforce our Terms of Service.

2.1 AI training

We do not use your conversations to train AI models. Your messages are sent to Anthropic (which provides the underlying AI model) solely to generate Bayit's reply. We use Anthropic's commercial API; under our agreement, Anthropic does not retain your prompts or completions for model training. We do not sell your data to AI model providers or anyone else.

3. Legal basis for processing (EEA / UK users)

If you are in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases (GDPR Art. 6):

• Performance of a contract — to provide the Service you've signed up for.
• Legitimate interests — to improve the product, ensure security, prevent abuse, and conduct analytics. We balance these against your rights and have determined the impact is minimal.
• Consent — for optional features such as push notifications and (where required) analytics cookies. You can withdraw consent at any time.
• Legal obligation — to comply with applicable laws.

4. Who we share information with

We do not sell your personal data. We share it only with the following categories of recipients, each contractually bound to protect it:

• Apple Inc. — authentication (Sign in with Apple) and App Store purchases. Subject to Apple's Privacy Policy.
• Supabase, Inc. — database hosting and authentication infrastructure (United States). Subject to Supabase's Privacy Policy.
• Anthropic, PBC — provides the AI model behind Bayit's chat (United States). Conversations are transmitted to generate replies only; Anthropic does not retain content for training. Subject to Anthropic's Privacy Policy.
• Sefaria, Inc. — public Tanakh and commentary text library (United States). Bayit fetches public source text; we do not transmit personal data to Sefaria.
• Hebcal.com — public Jewish-calendar API. No personal data transmitted; only your timezone identifier.
• Functional Software, Inc. (Sentry) — crash and error reporting (United States).
• PostHog Inc. — anonymous product analytics (United States).
• RevenueCat, Inc. — subscription management (United States).
• Vercel, Inc. — website hosting (United States).

We may also disclose personal data: (a) if compelled by law, subpoena, or court order; (b) to protect the rights, property, or safety of Bayit, our users, or the public; or (c) in connection with a merger, acquisition, or sale of assets — in which case the acquirer assumes the obligations of this policy.

5. International data transfers

Most of our service providers are located in the United States. If you are outside the U.S., your personal data will be transferred to and processed in countries that may have different data protection laws than your country. Where required (e.g., EEA → U.S.), transfers rely on Standard Contractual Clauses adopted by the European Commission, or other lawful transfer mechanisms.

6. Data retention

We keep your personal data only as long as we need it to provide the Service or to comply with legal obligations:

• Profile, conversations, memory, reading data — retained while your account is active. Deleted within 30 days of you requesting account deletion (plus up to a further 30 days in encrypted backups before those expire).
• Crash reports and analytics — anonymized after 90 days; aggregated data may be kept indefinitely.
• Subscription / purchase records — kept for the period required by applicable tax, accounting, and consumer law (typically 6–7 years).

7. Your rights

7.1 Everyone

• Access — request a copy of all data we hold about you.
• Deletion — open Bayit → Settings → Delete Account to permanently delete your profile, conversations, memory, and reading history. See our Account Deletion page for details.
• Correction — most profile fields are editable in Settings. For anything else, email us.
• Portability — request your data in a machine-readable format.

7.2 EEA / UK users (GDPR)

In addition to the above, you have the right to:

• Restrict or object to processing.
• Withdraw consent at any time (where consent is the legal basis).
• Lodge a complaint with your supervisory authority. A list of EEA DPAs is available at edpb.europa.eu. UK residents may contact the ICO at ico.org.uk.

7.3 California residents (CCPA / CPRA)

California residents have the right to know what categories of personal information we collect, to request access or deletion, to correct inaccuracies, and to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CCPA. California residents may also designate an authorized agent. We do not discriminate against users for exercising these rights.

To exercise any of these rights, email privacy@bayitapp.com. We will respond within 30 days (45 days for CCPA requests, extendable as permitted by law). We may need to verify your identity before acting.

8. Children's privacy

Bayit is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly. For EEA users, our minimum age for individual consent is 16 (or the applicable age in your member state); users below that age require parental consent. Parents who believe their child has provided us with personal information may contact privacy@bayitapp.com.

9. Security

We use industry-standard measures to protect your data:

• TLS 1.2+ encryption for all data in transit.
• Encryption at rest in our database (Supabase Postgres).
• Row-level security policies so users can only access their own rows.
• No password storage on our end — authentication is delegated to Apple (Sign in with Apple).
• Principle of least privilege for administrative access.

No security measure is perfect. If we discover a personal-data breach that is likely to result in a risk to your rights, we will notify the relevant supervisory authority within 72 hours and, where required, notify affected users without undue delay.

10. Cookies and similar technologies

The Bayit iOS app does not use cookies. The website (bayitapp.com) uses a minimal number of cookies and local-storage items for functionality and anonymous analytics. See our Cookie Policy for the full list.

11. Do Not Track

Our website honors the "Global Privacy Control" (GPC) signal as a request to opt out of "sale" or "sharing" under the CCPA. We do not sell or share data regardless of GPC, but we recognize the signal and surface it in our analytics opt-out logic.

12. Changes to this policy

We may update this Privacy Policy from time to time. We'll update the "Last updated" date at the top, and for material changes we will notify you in-app and/or by email (where we have one). Your continued use of the Service after a change indicates acceptance of the updated policy.

13. Contact us

Asaf Niv — Independent Developer
Email: privacy@bayitapp.com
General contact: hello@bayitapp.com

We are based in Israel. For EEA users, we do not currently maintain an EU representative; please direct all data-protection queries to the email above and we will respond promptly.