Privacy Policy

This policy applies to Zoe’s websites, SMS experience, church admin features, and support operations where this policy is posted or linked.

• Private by default: one-to-one message content is private by default.
• Church visibility is aggregated: church dashboards are intended for trend-level analytics, not member-level private transcripts.
• Restricted human access: internal access to sensitive data is role-based, time-bounded when possible, and logged.
• AI-sharing controls: optional data-sharing for AI improvement is opt-in by default unless you explicitly enable it.
• User control: users can request export and deletion rights as described below.

Information you provide may include phone number, optional name, church affiliation, conversation content, support requests, and privacy requests.

Information generated through use may include outbound messages, delivery events, onboarding responses, memory/context records, and consent or audit records for privacy-sensitive operations.

Account, billing, and security information may include subscription status, payment-provider identifiers, authentication events, and request metadata for abuse prevention and reliability.

• Operate Zoe’s conversational SMS experience
• Provide daily devotional touchpoints and follow-ups
• Personalize responses using prior context and configured memory settings
• Run safety workflows, including crisis escalation pathways
• Support church-level analytics in aggregate form
• Process billing, prevent fraud, and maintain service reliability
• Comply with legal obligations and enforce our Terms

To provide responses, relevant context may be processed by contracted AI providers.

Our objective is to send only data needed for service functionality, configure provider controls to limit secondary use where available, and keep optional AI-improvement sharing disabled by default unless you opt in.

If your church offers Zoe, your account may be associated with that church.

Church leaders may view aggregate trends, while dashboards are not intended to expose private one-to-one conversation transcripts by default.

Any exception workflow should require explicit consent and audit logging.

We may share information with service providers that host, transmit, process, secure, and support Zoe.

We may disclose information for legal reasons when required by law or lawful process.

We may disclose limited information for safety reasons to help prevent imminent harm where legally permitted.

In a business transfer, data may transfer subject to applicable confidentiality and legal safeguards.

We do not sell personal information for money.

Depending on product availability and role, controls may include memory mode, AI-improvement opt-in/opt-out, human support access, and retention profile settings.

When material consent states change, Zoe maintains consent event records for accountability.

We retain data for as long as reasonably necessary to provide the service, maintain safety/security logs, satisfy legal/accounting obligations, and enforce agreements.

Retention windows vary by data category. Backup deletion may follow delayed overwrite cycles and may not be immediate.

We use layered technical and organizational safeguards, including encryption in transit, role-based access controls, least-privilege principles, authentication protections, and monitoring of sensitive access paths.

No internet service can be guaranteed to be 100% secure.

Zoe may detect crisis language and trigger safety-oriented workflows.

Where feasible, Zoe follows a consent-first approach, with narrow exceptions for urgent life-safety scenarios.

Subject to applicable law, you may request access, correction, export, and deletion of personal data, as well as changes to optional consent settings.

Residents of certain U.S. states may have additional rights, including rights to know, delete, correct, and opt out of certain processing categories. Zoe processes verified requests as required by applicable law.

Zoe is not intended for children under 13. If we learn that personal information from a child under 13 was collected without required authorization, we will take steps to delete it as required by law.

Data may be processed in the United States and other countries where Zoe or its processors operate. Where required, appropriate safeguards are applied.

We may update this policy from time to time. Material changes will be reflected by an updated effective date and, where appropriate, additional notice.

For privacy questions or requests: privacy@zoe.live