Last updated: May 19, 2026 · Version 1.6
Ask Brother John is a Bible companion chatbot. The service is available as a website at askbrotherjohn.com. For operator details, see the Contact section below.
| Data Type | When Collected | Stored Where |
|---|---|---|
| Email address | When you create an account | Server database (Hetzner, Germany) |
| Hashed password | When you create an account (bcrypt, irreversible) | Server database |
| Google profile (email, full name, Google account ID) | When you sign in with Google. We retain only these three fields; any other data from the Google sign-in response is discarded at sign-in. | Server database |
| Conversation history | Every message you send and every response | Server database, linked to your user ID |
| Anonymous browser session ID (UUID) | On first visit; issued by the server and stored in a secure browser cookie (“bj-sid”). Strictly necessary for session continuity and for protecting actions that modify your account. | Server-signed cookie + server database |
| Preferences | When you change settings (dark/light mode) or save anonymous Bible-reader position | Your browser (localStorage) |
| Bible reading progress | When you use reading plans, or when signed-in users resume Bible-reader position across devices | Server database |
| Saved explanations / bookmarks | When a signed-in user clicks Save on a Bible passage explanation | Server database, linked to your account |
| IP address + User-Agent | Every request (access logs); also included in the consent_log row created when you accept or decline the consent banner | Server access logs (Hetzner, 14 days) and consent_log (see retention table) |
| Processing Activity | Legal Basis |
|---|---|
| Conversation storage | Your explicit consent (Article 6(1)(a) + Article 9(2)(a)) |
| Saved explanations, reading-plan progress, and signed-in Bible-reader progress | Your explicit consent (Article 6(1)(a) + Article 9(2)(a)) |
| Account creation and management | Performance of contract (Article 6(1)(b)) |
| Security and abuse prevention | Legitimate interest (Article 6(1)(f)) — protecting the service from automated abuse, preserving availability for other users, and investigating misuse |
| Server logging | Legitimate interest (Article 6(1)(f)) — detecting and investigating security incidents and diagnosing service faults |
Conversations with Brother John may reveal your religious beliefs, which are classified as “special category data” under GDPR. The consent banner is non-skippable: until you click Accept, the service does not transmit any message to Mistral AI or store it on our server. By clicking Accept you give explicit consent to the processing of messages that may relate to your faith, beliefs, or spiritual questions.
Saved explanations, reading-plan progress, and signed-in Bible-reader progress can also reveal religious interests. These features are available only after you have accepted the current consent banner. Bible text search and ordinary Bible reading use the public-domain KJV text and do not require consent.
The banner also requires you to confirm you are at least 16 years old before the Accept button is enabled. The server requires the same age affirmation before recording an Accept decision, and the confirmation is also stored in your browser. The same 16+ affirmation is required before first-time account creation, including Google sign-in account creation.
You may withdraw this consent at any time via the “Manage Consent” link in the sidebar, by stopping use of the service, or by deleting your account (if you have one). Withdrawal does not affect the lawfulness of processing already carried out under your consent.
Your messages are processed by Mistral AI (Mistral AI SAS, Paris, France) to generate Brother John's responses.
| Data | Retention Period |
|---|---|
| Account data | Until you delete your account |
| Conversation history (logged-in) | Until you delete it, delete the session, or delete your account |
| Signed-in Bible-reader progress | Until you overwrite it by opening another chapter or delete your account |
| Saved explanations / bookmarks | Until you delete the saved item or delete your account. The current limit is 200 saved explanations per account. |
| Anonymous conversations (no account) | Up to 12 months from your most recent message. After 12 months of inactivity on a given browser session (“bj-sid” cookie), all messages and server-side preferences linked to that session are deleted automatically by a scheduled background job. This matches the 1-year lifetime of the bj-sid cookie itself. If you clear your browser data earlier, a new bj-sid is issued on your next visit; your past messages remain on our server only for the balance of the 12-month window and are then deleted. You may also email us at any time to request earlier deletion — please include the bj-sid cookie value so we can locate your data. |
| Consent records (consent_log) — IP address and User-Agent | 90 days. After that we automatically null these fields; the action (accepted / declined), timestamp, and policy version remain as the consent audit trail for active accounts and browser sessions. |
| Consent records — action / timestamp / policy version | Retained as the consent audit trail while the account or anonymous browser session remains active. If you delete your account, the user identifier is replaced with a non-reversible marker, and records with that deletion marker are removed by the same scheduled job once their original timestamp is older than 90 days. |
| Server access logs | Hetzner / our nginx logrotate — 14 days. Includes IP address and request metadata for security purposes. |
Under the GDPR, you have the following rights:
Ask Brother John uses a single server-signed HTTP cookie and a small number of localStorage items. We do not use third-party analytics, advertising, or cross-site tracking cookies.
| Name | Where | Purpose | Type |
|---|---|---|---|
| bj-sid | HttpOnly Secure cookie (1 year) | Server-issued, HMAC-signed anonymous browser session ID. Used to link your messages to your browser without exposing the ID to JavaScript. | Strictly necessary |
| bj-auth-token | localStorage | JWT that keeps you logged in for 7 days | Strictly necessary (only if you create an account) |
| bj-theme | localStorage | Remembers dark/light mode | Functional (consent required) |
| bj-bible-reader-position | localStorage | Remembers the last Bible chapter opened in this browser so the Resume Reading button can return you there. Removed if you decline or withdraw consent. | Functional (consent required) |
| bj-consent | localStorage | Remembers your consent decision (accepted or declined) | Strictly necessary |
| bj-consent-version | localStorage | Records which version of this policy you consented to, so the banner re-appears when the policy changes materially | Strictly necessary |
| bj-consent-date | localStorage | Records when you accepted. Only stored on Accept; removed on Decline. | Strictly necessary (only when you accept) |
| bj-age-confirmed | localStorage | Records that you affirmed you are at least 16 years old when you accepted the consent banner. Only stored on Accept; removed on Decline. | Strictly necessary (only when you accept) |
| __cf_bm | Cookie, set by Cloudflare | Cloudflare bot-management cookie, classified by Cloudflare as strictly necessary. Set by the edge network on every request; not readable by our application JavaScript. Typical lifetime is 30 minutes. | Strictly necessary |
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Mistral AI | AI response generation | Your messages (text only). Not called before you accept consent. | Mistral's EU-based infrastructure (see trust.mistral.ai/subprocessors) |
| Hetzner Online GmbH | Server hosting (DPA signed; EU-only processing) | All data stored on server | EU (Germany) |
| Cloudflare, Inc. | DNS, CDN, TLS termination, DDoS protection (Data Processing Addendum with Standard Contractual Clauses) | IP address, request metadata, and message body (which Cloudflare may decrypt as a TLS terminator) | Global CDN, US company |
| Google OAuth (Google Identity Services) | Optional sign-in | Email, full name, Google profile ID (sub) | Google servers. Google acts as an independent controller for your underlying Google-account data under its own Privacy Policy; it is not our processor for this data. |
| Google Identity Services JS | Renders the Sign in with Google button. In v1.2 this script is loaded on-demand only when you open the account panel, so Google does not receive your IP merely for visiting the homepage. | IP, browser info — only if you open the account panel | Google CDN |
Cormorant Garamond, our display font, is self-hosted on our own server (no Google Fonts CDN call). html2canvas (for the share-image feature) is also self-hosted. We do not embed any social widgets, analytics scripts, or advertising pixels.
All primary data processing occurs within the European Union:
Transfers to a third country occur through two distinct mechanisms. (a) Cloudflare acts as our data processor under its standard Data Processing Addendum, which incorporates the European Commission's Standard Contractual Clauses as the safeguarding mechanism under GDPR Article 46. (b) Google Sign-In: if you choose to sign in with Google, Google acts as an independent controller for your Google-account data under its own Privacy Policy; we receive only the email, full name, and Google profile ID you consent to share. Where additional safeguards beyond SCCs are required under EU case law, we rely on minimization of transferred content.
Using the service without an account is entirely voluntary — you are not required by law or contract to provide any information. Creating an account is a contract; in that case the email you provide (or your Google profile) is required to perform the contract.
Brother John uses artificial intelligence to generate responses. This is automated content generation, not automated decision-making as defined in GDPR Article 22 — no decisions with legal or similarly significant effects are made about you based on automated processing. The AI generates conversational responses only. We disclose clearly that you are interacting with an AI system (sidebar and per-message badges, this policy, and the Terms of Service); this disclosure aligns with the EU AI Act (Regulation 2024/1689), which becomes applicable from 2 August 2026.
A Data Protection Officer has not been appointed. The service's core activity includes processing of special-category data (religious beliefs), but this processing is not carried out on a large scale within the meaning of GDPR Art. 37(1)(c) and EDPB guidance (WP243 rev.01 factors: number of data subjects, data volume, duration, geographical extent). For all data protection inquiries please contact: [email protected].
This service is not directed at children under 16. Both account creation and the anonymous consent banner require you to affirm that you are at least 16 years old before you can enable religious-data processing. If we become aware that we have collected personal data from a child under 16 without parental consent, we will delete it promptly. National age thresholds under GDPR Art. 8 vary (Czech Republic: 15; Germany: 16; United Kingdom: 13). For clarity and simplicity we apply the strictest common threshold (16+) to everyone. Bible reading does not require consent or age confirmation and remains available to all ages.
You have the right to lodge a complaint with your local supervisory authority:
Czech Republic (the operator's seat) — ÚOOÚ (Úřad pro ochranu osobních údajů)
Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
Website: www.uoou.cz
Email: [email protected]
Other EEA residents may complain to their national data protection authority.
We will notify the Czech DPA (ÚOOÚ) without undue delay, and in any event within 72 hours of becoming aware, of any personal data breach that poses a risk to your rights and freedoms, as required by the GDPR. Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly — via a prominent notice on askbrotherjohn.com and, where an email address is on file, by email.
We may disclose your data if compelled by a valid legal order from a competent court or authority. Where legally permitted, we will notify you in advance. We will resist overbroad requests and requests from non-EU authorities that do not comply with EU law (including GDPR Article 48).
We may update this policy from time to time. Material changes are announced by (a) bumping the “Version” number at the top of this page, (b) bumping a matching version constant on the server so the consent banner reappears for existing users, and (c) posting a notice on the website. Existing consent records stay in the consent_log under the policy version they were given against.
A brief version summary (full archived texts are maintained internally for audit purposes):
For any questions about this privacy policy, your data, or to exercise your rights, please contact us at the email address above.