top of page

REFUGE

Privacy Policy


(United States)

 

Updated: April 17, 2026

 

---

 

Refuge Technologies LLC ("Company," "we," "us," or "our") operates the Refuge application and website (the “Site”) at refugeapp.ai (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

 

We take your privacy seriously. Given the deeply personal nature of the conversations you may have with Refuge, we have attempted to design our systems and policies in an effort to protect your data with high standards of care.

 

By using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

 

1. Information We Collect

 

1a. Information You Provide Directly

 

Account Information: When you create an account, we collect your email address, display name, and password (if using email authentication). If you sign in with Google or Apple, we receive your name and email address from those providers. We do not receive or store your Google or Apple password.

 

Conversation Content: When you use the Service, we collect and store the messages you send to and receive from the AI companion. This includes all text content within your conversations and guided journeys.  Your conversations may contain highly sensitive information (such as mental health–related content, health information, or other personal details). Please be mindful about what you choose to share.

 

Payment Information: When you subscribe to a paid plan, your payment information (credit card number, billing address) is collected and processed directly by our payment processor, Stripe, Inc. We do not store your full credit card number on our servers. We receive and store only a truncated card number (last 4 digits), card type, and billing status from Stripe.

 

Communications: If you contact us via email at support@refugeapp.ai, we collect the content of your message, your email address, and any other information you choose to provide.

 

1b. Information Collected Automatically

 

Usage Data: We collect information about how you interact with the Service, including timestamps of your sessions, number of messages sent, features used, and pages visited on our website.

 

Device Information: We may collect information about the device you use to access the Service, including device type, operating system, browser type, and general location (city/region level, derived from IP address). We do not collect precise GPS location data.

 

Cookies: We use essential cookies to maintain your authentication session and remember your preferences. We do not use advertising cookies, tracking cookies, or third-party analytics cookies that follow you across other websites. See Section 7 for more details.

 

1c. Information We Do NOT Collect

 

We do not knowingly collect or store biometric data, precise geolocation data, contacts from your phone or device, data from other apps on your device, or any information from individuals under the age of 18. We do not use any form of facial recognition technology. We do not record audio or video.

 

2. How We Use Your Information

 

We use the information we collect for the following purposes:

 

Providing the Service: To operate and maintain the Service, process your conversations through our AI system, store your conversation history, manage your account, and deliver guided journeys.

 

Billing and Payments: To process subscription payments, manage your billing cycle, enforce usage limits based on your subscription tier, and send transaction-related communications.

 

Service Improvement: To understand how users interact with the Service in aggregate (not by reading individual conversations), identify and fix technical issues, and improve the overall user experience.

 

Security: To detect, prevent, and address fraud, abuse, security incidents, and technical issues.

 

Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

 

Communications: To respond to your inquiries and send you essential service-related notifications (such as billing confirmations, security alerts, and Terms updates). We will not send you marketing emails without your explicit opt-in consent.

 

We generally analyze usage in the aggregate and do not routinely read individual conversations. Limited human access to specific conversations may occur for security, abuse prevention, or when you contact support about an issue.

 

3. How We Protect Your Data

 

We implement robust technical and organizational measures to protect your personal information:

 

Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security) 1.2 or higher.

 

Encryption at Rest: Your conversation data is stored in encrypted databases hosted by third-party providers (currently hosted by Supabase), which use industry-standard encryption and access controls.

 

Access Controls: Access to user data is strictly limited to essential personnel and systems required to operate the Service. We configure our applicable third-party providers so that they employ role-based access controls and audit logging.

 

Third-Party Security: We configure our infrastructure providers (currently Supabase for database, Railway for application hosting, Stripe for payments) so that they maintain industry-standard encryption and access controls.

 

No AI Training on Your Data: Your conversations are never used by us to train, fine-tune, or improve our AI models. We configure our AI provider(s) so that they do not retain or use your data to train their models. It is our intent and goal that your conversations exist solely to serve you. If we ever materially change our practices to train AI models on user data, we will update this policy and seek additional consent where required.

 

While we implement commercially reasonable safeguards, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law.

 

4. Data Sharing and Disclosure

 

We do not sell, rent, or trade your personal information to third parties. We do not ‘sell’ or ‘share’ your personal information as those terms are defined under the CCPA/CPRA.

 

We do not use your data for advertising purposes. We do not share your data with advertisers, data brokers, or marketing companies.

 

We may share limited information with the following categories of service providers, primarily, but not exclusively, to operate the Service:

 

  • AI Processing: Your messages are transmitted to API for real-time AI response generation. The AI processes these messages under their API terms, which currently prohibit them from using API data to train their models and provide that message are not stored by the AI after processing.

  • Database and Hosting (Supabase, Railway): Your account information and conversation data are stored on servers operated by Supabase (database) and Railway (application hosting). These providers act as data processors on our behalf under contractual obligations to protect your data.

  • Payment Processing (Stripe): Your payment information is processed by Stripe in accordance with their privacy policy and PCI-DSS compliance standards. We do not have access to your full payment card details.

  • Other Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we disclose Personal Data to vendors and service providers, including providers of hosting services, customer service vendors, cloud services, AI processing services, content delivery services, support and safety services, email communication software, web analytics services, payment and transaction processors, search and shopping providers, marketing service providers, and information technology providers. We also work with service providers who help us with age and identity verification. Based on our instructions, these parties will access, process, or store Personal Data only in the course of performing their duties to us.

  • Business Transfers: If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively, a “Transaction”), your Personal Data may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.

  • Government Authorities or Other Third Parties: We may share your Personal Data, including information about your interaction with our Services, with government authorities, industry peers, or other third parties in compliance with the law (i) if required to do so to comply with a legal obligation, or in the good faith belief that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law; (iv) to detect or prevent fraud or other illegal activity; (v) to protect the safety, security, and integrity of our products, employees, users, or the public, or (vi) to protect against legal liability.

  • Affiliates: We disclose Personal Data to our affiliates, meaning an entity that controls, is controlled by, or is under common control with Company. Our affiliates may use this Personal Data in a manner consistent with this policy.

  • Business Account Administrators: When you join a Company business account, the administrators of that account may access and control your Company account, including being able to access your Content. In addition, if you create an account using an email address belonging to your employer or another organization, we may share the fact that you have an account and certain account information, such as your email address, with your employer or organization to, for example, enable you to be added to their business account.

  • Other Users and Third Parties You Interact or Share Information With: Certain Services allow you to interact or share information with other users or third parties. For example, you can share content like conversations⁠, videos⁠ and characters⁠, or share information with third-party search⁠es. Information you share with third-party partners is governed by their own terms and privacy policies, and you should make sure you understand those terms and policies before sharing information with them.

  • We also aggregate or de-identify Personal Data so that it no longer identifies you and share it with third parties for the purposes described above, such as to help improve our Services.

 

We may also disclose your information if required by law, such as in response to a valid subpoena, court order, or government request; if necessary to protect the safety, rights, or property of Refuge Technologies LLC, our users, or the public; or in connection with a merger, acquisition, or sale of assets, in which case you will be notified of any change in ownership or control of your personal information.

 

5. Your Rights and Choices

 

Depending on your jurisdiction, you may have the following rights regarding your personal information:

 

Access: You may request a copy of the personal information we hold about you.

 

Correction: You may request that we correct inaccurate or incomplete personal information.

 

Deletion: You may request that we delete your personal information. You can delete individual conversations at any time within the Service. You may also request complete account deletion by contacting us at support@refugeapp.ai. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

 

Data Portability: You may request a machine-readable copy of your data.

 

Opt-Out of Marketing: You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us. Note that we may still send you transactional and service-related communications.

 

To exercise any of these rights, please contact us at support@refugeapp.ai. We will respond to your request within 30 days.

 

6. Data Retention

 

We retain your personal information for as long as your account is active or as needed to provide you with the Service or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain Personal Data depends on the type of data, how we use it, and in many cases your settings. Specifically:

 

Account Information: Retained for the duration of your account plus 30 days after deletion.

 

Conversation Data: Retained for the duration of your account. You may delete individual conversations at any time. All conversation data is deleted within 30 days of account deletion.

 

Billing Records: Retained for 7 years after the last transaction, as required for tax and accounting compliance.

 

Server Logs: Automatically purged after 90 days.

 

Information we retain for longer for legitimate security, safety, or legal reasons: In some cases, we need to retain Personal Data for longer even after you delete it, for example because we are legally required to, to address fraud and abuse, for security reasons, or for financial record-keeping purposes. For instance:

  • If specific Content, or your account, is banned because of violations of our usage policies⁠, we may retain that data for to protect our services from fraud, abuse, or other violations of our policies;

  • If we are legally required to retain your data (for instance, we receive a lawful subpoena) then we may retain it for the duration of the relevant legal or regulatory obligation;

  • When we are a party to a financial transaction (for instance, when we process your payment for a Company account), we may retain payment and transaction related information to meet our accounting, dispute resolution, and regulatory compliance purposes;

  • When you ask us to delete your Personal Data, we retain the audit record of the erasure request to be able to verify that we have complied with the request.

  • In determining these retention periods, we consider a number of factors, such as:

  • Our purpose for processing the Personal Data (such as whether we need to retain it to provide our Services);

  • The amount, nature, and sensitivity of the information;

  • The potential risk of harm from unauthorized use or disclosure;

  • Any legal requirements that we are subject to.

 

Notwithstanding the foregoing, (i) copies in backups may persist for longer but are isolated from active processing and deleted on a regular cycle; and (ii) data may be retained beyond standard periods where necessary to comply with legal obligations or to resolve disputes.

 

7. Cookies and Tracking Technologies

 

We use only essential cookies necessary for the operation of the Service. These include authentication session cookies (to keep you logged in) and preference cookies (to remember your settings).

 

We do not use advertising or tracking cookies. We do not use pixel tags, web beacons, or similar technologies that track you across other websites. We do not participate in cross-site tracking or behavioral advertising networks.

 

You can configure your browser to refuse cookies, but this may prevent you from using certain features of the Service (such as staying logged in).

 

If we introduce additional cookies or similar technologies in the future for analytics or other purposes, we will update this policy and, where required, obtain your consent.

 

8. Data controls

Our Services provide you with a number of controls over your Personal Data and how it is used and retained. You can always change these settings in your account. These include the following controls:

  • You can easily choose whether your Content can be used to improve and train our models⁠.

  • You can decide whether we will remember details between chats to make Content more personalized and relevant.

  • You can export your history and data in your account’s data controls.

  • You can delete or archive chats, or delete your account entirely.

  • Depending on applicable law, you may be able to choose which cookies are used when you use our Services.

  • You can unsubscribe from marketing communications you receive from us by using the choices provided in those communications.

 

6. Your rights

Depending on where you live, you may have certain statutory rights in relation to your Personal Data. For example, you may have the right to:

  • Access your Personal Data and information relating to how it is processed.

  • Rectify or update your Personal Data

  • Delete your Personal Data from our records.

  • Restrict how we process your Personal Data.

  • Transfer your Personal Data to a third party (right to data portability).

  • Withdraw your consent—where we rely on consent as the legal basis for processing. 

  • Lodge a complaint with your local data protection authority.

You can exercise some of these rights through your Company account using the tools described in the Data controls ⁠section, or you can submit your request through [insert link]. You can contact our data protection officer at [insert e-mail address].

 

A note about accuracy: Services like Company’s generate responses by reading a user’s request and, in response, predicting the words most likely to appear next. In some cases, the words most likely to appear next may not be the most factually accurate. For this reason, you should not rely on the factual accuracy of output from our models. If you notice that the Service’s output contains factually inaccurate information about you and you would like to request a correction or removal of the information, you can submit these requests through email (support@refugeapp.ai), and we will consider your request based on applicable law and the technical capabilities of our models.

 

Company processes your Personal Data for the purposes described in this policy on servers located in various jurisdictions, including processing and storing your Personal Data in our facilities and servers in the United States, or in countries or territories where our affiliates and partners or our vendors and service providers are located. While data protection law varies by country, we apply the protections described in this policy to your Personal Data regardless of where it is processed, and only transfer that data pursuant to legally valid transfer mechanisms.

 

8. Third-Party Links

 

The Service may contain links to third-party websites or services (such as social media profiles). We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

 

9. Children's Privacy

 

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take prompt steps to delete such information. If you believe a child under 18 has provided us with personal information, please contact us at support@refugeapp.ai.

 

10. Security

 

We implement commercially reasonable technical, administrative, and organizational measures designed to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. Therefore, you should take special care in deciding what information you provide to the Service. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third-party websites.

 

11. U.S. State Disclosures; International Disclosures.

 

The Service is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States, where data protection laws may differ from those in your jurisdiction.

 

Depending on where you live and subject to applicable exceptions, you may have the following privacy rights in relation to your Personal Data:

  • The right to know information about our processing of your Personal Data, including the right to access your Personal Data, often in a portable format;

  • The right to request deletion of your Personal Data;

  • The right to correct your Personal Data; and

  • The right to be free from retaliation relating to the exercise of any of your privacy rights.

 

We don’t “sell” Personal Data or “share” Personal Data for cross-contextual behavioral advertising, and we do not process Personal Data for “targeted advertising” purposes (as those terms are defined under state privacy laws). We also don’t process sensitive Personal Data for the purposes of inferring characteristics about a consumer.

 

Exercising Your Rights.  You can exercise privacy rights described in this section by submitting a request through [insert link here].

 

Verification.  In order to protect your Personal Data from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete Personal Data. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Data for verification. If we cannot verify your identity, we will not be able to honor your request.

 

Authorized Agents.  Depending upon where you reside, you may also submit a rights request through an authorized agent. If you do so, the agent must present authority to act on your behalf, such as signed written permission, and you may also be required to independently verify your identity with us. Authorized agent requests can be submitted to support@refugeapp.ai.

 

Appeals.  Depending on where you live, you may have the right to appeal a decision we make relating to requests to exercise your rights. To appeal a decision, please send your request to support@refugeapp.ai.

 

If you are a resident of the European Economic Area (EEA), United Kingdom, the service is primarily intended for users in the U.S. and may not be fully optimized for EU data protection law, while still attempting to honor rights where applicable.

 

11. California Privacy Rights (CCPA/CPRA)

 

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

 

Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected personal information, the business or commercial purpose for collecting personal information, and the categories of third parties with whom we share personal information.

 

Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.

 

Right to Opt-Out of Sale: We do not sell your personal information. We have not sold personal information in the preceding 12 months.

 

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

 

To exercise your California privacy rights, contact us at support@refugeapp.ai. We will verify your identity before fulfilling your request.

 

12. Changes to This Privacy Policy

 

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 30 days before the changes take effect. We encourage you to review this Privacy Policy periodically.  For processing changes that require consent (e.g., new categories of sensitive data, new ad uses), the Company will seek explicit consent from affected users where required by law, rather than rely solely on notice.

 

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the updated terms.

 

13. Contact Information

 

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

 

Refuge Technologies LLC

Email: support@refugeapp.ai

Website: refugeapp.ai

 

For data protection inquiries or to exercise your privacy rights, please email support@refugeapp.ai with the subject line "Privacy Request."

 

---

 

© 2026 Refuge Technologies LLC · All Rights Reserved.

Refuge

A truth-driven Christian guidance app for deep reflection, grounded in traditional values.

PRODUCT

The Experience

Getting Started

User Manual

Subscribe

FAQ

Blog

COMPANY

Founder

Our Pillars

LEGAL

Terms & Conditions

Privacy Policy

  • Instagram
  • Facebook
  • Twitter

© 2026 Refuge Technologies LLC · All Rights Reserved.

"God is our refuge and strength, a very present help in trouble." — Psalm 46:1

Refuge is a tool for Christian-guided spiritual reflection and biblical dialogue. Refuge is not a substitute for discipleship, professional counseling, therapy, or medical treatment.

bottom of page