Privacy Policy

Last updated: February 2026

Controller

The data controller responsible for this App is:

Blocksize One UG (haftungsbeschränkt)
Oberstr. 3
47829 Krefeld, Germany
E-Mail: [email protected]

Father Leo ("the App") is developed and operated by Blocksize One UG (haftungsbeschränkt). Your privacy matters to us. This policy explains what data we collect, how we use it, and your rights under the EU General Data Protection Regulation (GDPR / DSGVO).

Data We Collect

Father Leo is designed with privacy at its core. We collect as little data as possible:

No account required. You do not need to sign up or create an account to use the App. You are identified solely by an anonymous, randomly generated device identifier.
No personal data collected by default. The App does not require your name, email address, or any personally identifiable information. If you choose to set a display name in Settings, it is stored to personalize your experience. (The website waitlist collects email addresses separately — see "Website Newsletter / Waitlist" below.)
No analytics or tracking. We do not use third-party analytics, advertising SDKs, or tracking tools.
Reading data. Your reading progress, bookmarks, journal entries, and preferences are stored on your device and synced privately via your personal iCloud account.
Chat and voice data. When you use the chat or voice-call features, your messages and voice audio are processed by third-party services (see "Third-Party Services" below). We store conversation metadata and usage counters on our servers to enforce usage limits and improve the service. We do not store the content of your voice calls.

Legal Basis for Processing (Art. 6 GDPR)

The processing of data is based on the following legal bases:

Contract performance (Art. 6(1)(b) GDPR) — Processing necessary to provide the App's functionality, including chat, voice calls, iCloud sync, and subscription management.
Legitimate interest (Art. 6(1)(f) GDPR) — Processing necessary for the operation of the App Store subscription system, usage tracking for fair-use limits, and abuse prevention.

Data Retention

Server-side data (anonymous usage counters, conversation metadata, subscription status) is linked only to a random device identifier and is retained for as long as you use the App. If you request deletion of your server-side data, we will process your request within 30 days. Conversation metadata older than 12 months is automatically deleted. Newsletter email addresses are retained as described in the "Website Newsletter / Waitlist" section below.

iCloud Sync

If you have iCloud enabled on your device, the App uses Apple's CloudKit to sync your reading progress, preferences, and journal entries across your devices. This data is stored in your personal iCloud account and is governed by Apple's Privacy Policy. We do not have access to your iCloud data.

Subscriptions

Premium subscriptions are managed entirely through Apple's App Store. We do not process, store, or have access to your payment information. Subscription management and billing are handled by Apple under their terms.

Your Rights Under GDPR

As a user in the European Union, you have the following rights regarding your personal data:

Right of access (Art. 15 GDPR) — You may request confirmation of whether we process personal data concerning you, and if so, access to that data.
Right to rectification (Art. 16 GDPR) — You may request correction of inaccurate personal data.
Right to erasure (Art. 17 GDPR) — You may request deletion of your personal data ("right to be forgotten").
Right to restriction (Art. 18 GDPR) — You may request restriction of processing under certain conditions.
Right to data portability (Art. 20 GDPR) — You may request to receive your data in a structured, commonly used format.
Right to object (Art. 21 GDPR) — You may object to processing based on legitimate interests at any time.
Right to withdraw consent (Art. 7(3) GDPR) — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

Most of your data is stored locally on your device and in your personal iCloud account, which you control entirely. Server-side data (anonymous usage counters, conversation metadata) is linked only to a random device identifier, not to your personal identity. You can delete all local app data at any time by deleting the App from your device. To request deletion of server-side data, contact us at [email protected].

Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for our company is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44, 40102 Düsseldorf
www.ldi.nrw.de

Children's Privacy

The App does not knowingly collect personal data from children under 16 (the age of digital consent under GDPR). No personally identifiable information is required to use the App.

Third-Party Services

To provide the App's features, we use the following third-party service providers acting as data processors on our behalf:

Anthropic (Claude) — powers the chat feature ("Talk to Father Leo"). Your chat messages and any attached Bible passages are sent to Anthropic's API for processing. Anthropic does not use your data for model training. Data is processed in the United States.
ElevenLabs — powers the voice-call feature. Your voice audio is streamed to ElevenLabs for real-time speech-to-text and text-to-speech processing. Voice audio is not stored after the call ends. Data is processed in the United States.
Cloudflare — hosts our backend infrastructure (API, database). Your anonymous device identifier, usage counters, conversation metadata, and subscription status are stored on Cloudflare's servers. Data is processed in the European Union and United States.
Apple — provides iCloud sync (CloudKit) for your reading data and StoreKit for in-app subscriptions. Apple processes your payment information and iCloud data under their own privacy policy.

No data is shared with third parties for advertising or marketing purposes.

Website Newsletter / Waitlist

If you sign up for our launch waitlist on fatherleo.app, we collect the following data:

Email address — to send you a confirmation email and, once confirmed, a notification when Father Leo launches on the App Store.
Optional feedback message — if you choose to share feedback through the waitlist form.
IP address (hashed) — stored as a one-way SHA-256 hash for rate-limiting and abuse prevention. The original IP address is not stored.

Your email and feedback are processed by the following service providers acting as data processors on our behalf:

Resend — email delivery (confirmation emails and launch notification).
Google Workspace (Gmail) — email communication when you contact us or when feedback is forwarded internally.

No data is shared with third parties for marketing purposes.

Legal basis: Consent (Art. 6(1)(a) GDPR) — by submitting the form and confirming your email (double opt-in), you consent to receiving the launch notification. You may withdraw consent at any time by contacting us at [email protected], and we will delete your data.

Retention: Your email is retained until (a) you request deletion, (b) the launch notification has been sent, or (c) 12 months after sign-up — whichever comes first.

Cookies and Website

This website (fatherleo.app) does not use cookies, tracking pixels, or any form of visitor analytics. No personal data is collected when you browse this website (excluding the newsletter sign-up described above).

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

Contact

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at [email protected].