← Back to Theostack

Privacy Policy

Effective Date: April 1, 2026 · Last Updated: April 1, 2026

Theostack (“Theostack,” “we,” “us,” or “our”) is a product of Lordhill Digital LLC, a Wyoming limited liability company. This Privacy Policy describes how we collect, use, store, and share your information when you use the Theostack platform at app.theostack.com, our marketing site at theostack.com, and any related services (collectively, the “Service”).

By creating an account or using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address and, if you choose to provide one, your display name. We use passwordless authentication (magic link), so we do not collect or store passwords.

1.2 Subscription and Payment Information

When you subscribe to a paid plan, payment is processed by Stripe, Inc. (“Stripe”). We do not store your credit card number, bank account details, or other payment credentials on our servers. Stripe collects and processes this information directly under its own privacy policy. We receive from Stripe a limited set of information associated with your account, including your subscription status, plan type, billing cycle dates, and a Stripe customer identifier.

1.3 Conversation and Research Content

When you use Theostack's AI assistants, we store the text of your conversations (your prompts and the assistant responses) in order to display your conversation history and improve the quality of the Service. If you use the voice research feature, your speech is sent to a third-party AI provider for transcription. We store the resulting transcript, not the raw audio.

1.4 User-Uploaded Documents

If you use the Projects feature, you may upload documents such as sermon notes, study materials, or transcripts. These documents are stored securely and processed to enable search retrieval within your Projects. User-uploaded documents are kept completely separate from our curated theological library. They are never merged into, indexed alongside, or retrievable from the library collections.

1.5 Theological Profile Data (Organizations Only)

If you are part of an organization (Church plan), the organization administrator may configure a theological profile for the organization, which includes positions on confessional standards, spiritual gifts, gender roles, church governance, and eschatology. This profile is used to tailor AI assistant responses and search results for organization members.

1.6 Usage Data

We collect information about how you use the Service, including which assistants you interact with, the number of messages sent, features accessed, pages visited, and general interaction patterns. For organization accounts, aggregate usage data (message counts, last active date, assistants used, storage consumed) is visible to the organization administrator.

1.7 Technical Data

When you access the Service, we automatically collect technical information such as your IP address, browser type, operating system, device type, and referring URL. This data is collected through server logs and, where applicable, analytics tools.

1.8 Email and Communications Data

If you subscribe to our mailing list, submit feedback through the in-app widget, or receive transactional emails from us, we collect your email address and the content of those communications.

2. How We Use Your Information

We use the information described above for the following purposes:

  • Providing the Service. To operate the AI assistants, process your searches against the theological library, manage your account and subscription, and display your conversation history and Projects.
  • AI Processing. To send your prompts to third-party AI providers (see Section 4) for generating responses. Your prompts and assistant responses may be used to retrieve relevant passages from the theological library.
  • Billing. To manage your subscription, process payments through Stripe, and handle plan changes, upgrades, and cancellations.
  • Communication. To send you transactional emails (account verification, subscription confirmations, billing receipts) and, if you opt in, lifecycle and product update emails.
  • Product Improvement. To understand how the Service is used, identify issues, and improve features. This includes analyzing aggregate usage patterns, search retrieval quality, and assistant performance.
  • Support. To respond to feedback, bug reports, and support requests submitted through the in-app feedback widget or email.
  • Security and Compliance. To detect abuse, enforce our Terms of Service, and comply with legal obligations.

We do not sell your personal information. We do not use your data for third-party advertising. We do not train AI models on your conversation content or uploaded documents.

3. Organization Accounts and Data Visibility

If you are a member of an organization (Church plan), the following data visibility rules apply:

  • The organization administrator can see: Your name and email, your aggregate usage statistics (message count, last active date, assistants used, storage consumed), and your contributions to shared organization Projects.
  • The organization administrator cannot see: Your personal conversation content, your personal Project contents, your individual chat history, or any personal data beyond what is listed above.
  • If you are removed from an organization: Your personal content associated with the organization (personal Projects, conversations, uploaded files) is permanently deleted. Contributions you made to shared organization Projects are retained. After removal, you may create a new individual account.

The platform administrator (Lordhill Digital LLC) has access to all data across all accounts and organizations for the purposes of platform operation, support, and compliance.

4. Third-Party Services

We rely on trusted third-party service providers to operate Theostack. Each provider receives only the data necessary to perform its function. We select providers based on their security practices, data handling commitments, and reliability.

The categories of third-party providers we use include:

  • AI Processing Providers. We send your prompts, conversation context, and (when applicable) uploaded document text and voice audio to third-party AI providers in order to generate assistant responses, process search queries, and transcribe speech. Our AI providers process this data under API terms that prohibit them from using your inputs and outputs to train their models. We cannot guarantee that their policies will not change, and we will update this Privacy Policy if a provider's data practices materially change in a way that affects your data.
  • Payment Processing. Subscription payments are processed by Stripe, Inc. (“Stripe”). We do not store your credit card number, bank account details, or other payment credentials. Stripe collects and processes this information directly under its own privacy policy. We receive from Stripe only your subscription status, plan type, billing cycle dates, and a customer identifier.
  • Cloud Infrastructure and Hosting. We use third-party providers for application hosting, database services, authentication, and file storage. These providers store and process your account data, conversations, Projects, and uploaded files on our behalf.
  • Search Infrastructure. We use a specialized search provider to index and retrieve content from the theological library and your uploaded documents. This provider stores processed representations of text and associated metadata to enable search functionality.
  • Email Services. We use third-party email providers to deliver transactional emails (such as login links, subscription confirmations, and billing receipts) and, where you have opted in, lifecycle and product update emails. These providers receive your email address and the content of the emails sent to you.
  • Analytics (if applicable). We may use analytics tools to collect aggregate, anonymized usage data for product improvement. If and when we implement analytics, the tools will not collect personally identifiable information beyond what is described in Section 1.7.

Each of our service providers operates under its own privacy policy and terms. We encourage you to contact us if you have questions about the categories of providers we use.

5. Data Storage and Security

Your data is stored on servers operated by our infrastructure providers in the United States. We use encryption in transit (TLS/HTTPS) for all data transmitted between your browser and our servers, and between our servers and third-party services.

We implement access control policies at the database level to ensure that users can only access their own data, and organization members can only access data within their organization, according to the visibility rules described in Section 3.

While we take reasonable measures to protect your data, no system is perfectly secure. We cannot guarantee absolute security.

6. Data Retention and Deletion

We retain your data for as long as your account is active. If you delete your account:

  • Your account information, conversations, Projects, and uploaded documents will be permanently deleted.
  • Transactional records necessary for legal and financial compliance (such as billing history) may be retained in anonymized or aggregated form.
  • Data that has already been sent to third-party services is subject to their respective retention policies.

If you are removed from an organization, your personal content associated with that organization is deleted as described in Section 3.

You may request deletion of your account and associated data at any time by contacting us at hello@theostack.com.

7. Cookies and Tracking

Theostack uses essential cookies required for authentication and session management. These cookies are strictly necessary for the Service to function and cannot be disabled.

We do not use advertising cookies or third-party tracking pixels.

8. Children's Privacy

Theostack is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will promptly delete it. If you believe a child under 13 has provided us with personal information, please contact us at hello@theostack.com.

9. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal data:

  • Access. You may request a copy of the personal data we hold about you.
  • Correction. You may request that we correct inaccurate personal data.
  • Deletion. You may request deletion of your account and personal data, subject to the retention requirements described in Section 6.
  • Opt-Out of Marketing Emails. You may unsubscribe from lifecycle and marketing emails at any time using the unsubscribe link in those emails. Transactional emails related to your account and subscription are not optional while your account is active.

To exercise any of these rights, contact us at hello@theostack.com. We will respond within 30 days.

9.1 California Residents

If you are a California resident, you have the right under the California Consumer Privacy Act (CCPA) to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collect it, and our business purpose for collecting it. You also have the right to request deletion and to opt out of the sale of personal information. We do not sell personal information.

9.2 European Residents

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal basis for processing your personal data is your consent (which you provide by creating an account and using the Service) and our legitimate interest in operating and improving the Service. You have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability and the right to lodge a complaint with a supervisory authority. Theostack is operated from the United States, and your data is transferred to and stored in the United States.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service prior to the change becoming effective. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Lordhill Digital LLC
Email: hello@theostack.com
Mailing Address: PO Box 450, Glen Rose, TX 76043