Security

1. Scope

This Security page applies to the myScripture website, web application, and related services operated under myscripture.app and app.myscripture.app.

2. Encryption in Transit

Traffic between your device and our services is encrypted in transit using HTTPS/TLS. This helps protect data exchanged with the Service from unauthorized interception while it is being transmitted over the internet.

3. Authentication and Account Access

Authentication is handled through Supabase. We currently support:

• email and password login
• Google sign-in
• magic link authentication

We do not intentionally store plaintext passwords ourselves. Authentication credentials are handled through our authentication provider and protected using provider security controls and secure session handling.

4. Storage and Infrastructure

myScripture uses Supabase for authentication, database services, and file storage, including storage of supported uploaded images such as note images, church profile images, and pastor profile images.

Access to production systems and administrative functions is restricted. Administrative access is limited to authorized personnel, such as the operator of myScripture and, where applicable, authorized admin team members.

5. Access Controls and Logging

Access to production systems is restricted and logged. We maintain access-related logs and use monitoring tools to help detect suspicious behavior, operational issues, and unauthorized access attempts.

We review logs and security signals as appropriate to support system integrity and incident awareness.

6. Monitoring and Maintenance

We use logs and uptime monitoring tools to track service health, availability, and suspicious activity. We also apply security patches and dependency updates on a regular basis as part of ongoing maintenance.

We continuously work to improve platform security and may add additional protections over time, including rate limiting and abuse-prevention controls.

7. Backups and Retention

We do not currently maintain separate routine backups ourselves. However, certain data may remain in limited provider-managed retention or backup systems for up to 30 days, as described in our Privacy Policy.

Any such retained data is not intended to remain available through normal user access and is kept only for limited operational, recovery, security, or integrity purposes.

8. Shared Content and User Responsibility

myScripture may allow users to share notes by link. If you choose to share content, anyone with the link may be able to view that content. Users are responsible for deciding what to share and for avoiding the inclusion of confidential, highly sensitive, or unnecessary personal information in shared notes.

Users can also help protect their accounts and content by:

• using a strong, unique password
• protecting access to their email account
• being careful when sharing note links
• signing out on shared or public devices
• contacting us promptly if they believe their account has been compromised

9. Responsible Disclosure

If you believe you have discovered a security vulnerability or security issue affecting myScripture, please report it privately to help@myscripture.app.

We ask that you act responsibly and in good faith by:

• not exploiting the issue beyond what is reasonably necessary to identify it
• not accessing, altering, or deleting data that does not belong to you
• not publicly disclosing the issue before giving us a reasonable opportunity to review and address it

We appreciate responsible reports that help us improve the security of the Service.

10. Limitations

Although we take reasonable steps to protect the Service, no method of transmission, storage, or electronic security is completely secure. For that reason, we cannot guarantee absolute security.

Security practices may change over time as the Service evolves, new threats emerge, and additional protections are implemented.

11. Contact

To report a security concern or ask a security-related question, contact:

help@myscripture.app